Abstract
Recently proposed proposals, such as BlindBox (SIGCOMM 2015), PrivDPI (CCS 2019) and Pine (ESORICS 2020), enable privacy-preserving deep packet inspection (DPI) on the encrypted traffic. Despite that they protect traffic privacy and/or rule privacy against enterprises and the third-party middleboxes, they might not be really satisfactory, due to the leakage of the matching pattern. The matching pattern refers to the matched token-rule pairs during the process of inspection, which can be learnt by the middleboxes, leading to the privacy leakage concerns. Our work aims to hide the matching pattern, thereby enhancing the privacy on top of the mentioned proposals. Specifically, we propose a general framework for matching pattern hiding in DPI and construct a concrete scheme by resorting to the DDH-based private set intersection cardinality technique under the proposed framework. Besides, we implement the constructed scheme, and conduct extensive evaluations which demonstrate the practical performance of the scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anderson, B., Paul, S., McGrew, D.: Deciphering malware’s use of TLS (without decryption). J. Comput. Virol. Hack. Tech. 14(3), 195–211 (2018)
Bhargavan, K., Boureanu, I., Delignat-Lavaud, A., Fouque, P.A., Onete, C.: A formal treatment of accountable proxying over TLS. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 799–816. IEEE (2018)
Boneh, D., Kushilevitz, E., Ostrovsky, R., Skeith, W.E.: Public key encryption that allows PIR queries. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 50–67. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_4
de Carnavalet, X.d.C., Mannan, M.: Killed by proxy: analyzing client-end TLS interception software. In: Network and Distributed System Security Symposium (2016)
De Caro, A., Iovino, V.: jPBC: Java pairing based cryptography. In: 2011 IEEE symposium on computers and communications (ISCC), pp. 850–855. IEEE (2011)
De Cristofaro, E., Gasti, P., Tsudik, G.: Fast and private computation of cardinality of set intersection and union. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 218–231. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_17
Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: LightBox: full-stack protected stateful middlebox at lightning speed. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2351–2367 (2019)
Durumeric, Z., et al.: The security impact of https interception. In: NDSS (2017)
Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM (JACM) 43(3), 431–473 (1996)
Google: Https encryption on the web (2021). https://transparencyreport.google.com/https/overview?hl=en. Accessed 13 June 2021
Han, J., Kim, S., Ha, J., Han, D.: SGX-box: enabling visibility on encrypted traffic using a secure middlebox module. In: Proceedings of the First Asia-Pacific Workshop on Networking, pp. 99–105 (2017)
Huang, L.S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged SSL certificates in the wild. In: 2014 IEEE Symposium on Security and Privacy, pp. 83–97. IEEE (2014)
Ion, M., et al.: On deploying secure computing: private intersection-sum-with-cardinality. In: 2020 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 370–389. IEEE (2020)
Islam, M.S., Kuzu, M., Kantarcioglu, M.: Access pattern disclosure on searchable encryption: ramification, attack and mitigation. In: Ndss, vol. 20, p. 12. Citeseer (2012)
Kanizo, Y., Rottenstreich, O., Segall, I., Yallouz, J.: Designing optimal middlebox recovery schemes with performance guarantees. IEEE J. Sel. Areas Commun. 36(10), 2373–2383 (2018)
Lai, S., et al.: Practical encrypted network traffic pattern matching for secure middleboxes. IEEE Trans. Dependable Secure Comput. (2021)
Lan, C., Sherry, J., Popa, R.A., Ratnasamy, S., Liu, Z.: Embark: securely outsourcing middleboxes to the cloud. In: 13th \(\{\)USENIX\(\}\) Symposium on Networked Systems Design and Implementation (\(\{\)NSDI\(\}\) 16), pp. 255–273 (2016)
Naylor, D., et al.: The cost of the “s” in https. In: Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pp. 133–140 (2014)
Naylor, D., Li, R., Gkantsidis, C., Karagiannis, T., Steenkiste, P.: And then there were more: secure communication for more than two parties. In: Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies, pp. 88–100 (2017)
Naylor, D., et al.: Multi-context TLS (mcTLS) enabling secure in-network functionality in TLS. ACM SIGCOMM Comput. Commun. Rev. 45(4), 199–212 (2015)
Ning, J., et al.: Pine: enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_1
Ning, J., Poh, G.S., Loh, J.C., Chia, J., Chang, E.C.: PrivDPI: privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1657–1670 (2019)
Ren, H., Li, H., Liu, D., Xu, G., Cheng, N., Shen, X.S.: Privacy-preserving efficient verifiable deep packet inspection for cloud-assisted middlebox. IEEE Trans. Cloud Comput. (2020)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: BlindBox: deep packet inspection over encrypted traffic. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication, pp. 213–226 (2015)
Sherry, J., Ratnasamy, S., At, J.S.: A survey of enterprise middlebox deployments (2012)
Silowash, G.J., Lewellen, T., L Costa, D., Lewellen, T.B.: Detecting and preventing data exfiltration through encrypted web sessions via traffic inspection (2013)
Snort. https://www.snort.org/. Accessed 13 June 2021
Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: Proceeding 2000 IEEE Symposium on Security and Privacy, S&P 2000, pp. 44–55. IEEE (2000)
Acknowledgement
We are grateful to Prof. Jian Weng for the guidance and advice, and the anonymous reviewers for their insightful comments. This research was supported in part by the Key-Area Research and Development Program of Guangdong Province (Grant Nos. 2020B0101360001, 2020B0101090004), the National Natural Science Foundation of China (Grant Nos. 61902067, 62072215), the GuangDong Basic and Applied Basic Research Foundation (2020A1515111175), and the Foundation for Young Innovative Talents in Ordinary Universities of Guangdong (2018KQNCX255).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Wen, J., Liu, JN., Wu, A., Weng, J. (2021). A General Framework for Matching Pattern Hiding in Deep Packet Inspection. In: Kim, H. (eds) Information Security Applications. WISA 2021. Lecture Notes in Computer Science(), vol 13009. Springer, Cham. https://doi.org/10.1007/978-3-030-89432-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-89432-0_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89431-3
Online ISBN: 978-3-030-89432-0
eBook Packages: Computer ScienceComputer Science (R0)