Skip to main content
Springer Nature Link
Log in

Towards Efficient Privacy-Preserving Deep Packet Inspection

  • Conference paper
  • First Online:
Computer Security – ESORICS 2023 (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14345))

Included in the following conference series:

  • 915 Accesses

Abstract

Secure Keyword-based Deep Packet Inspection (KDPI) allows a middlebox and a network sender (or receiver) to collaborate in fighting spams, viruses, and intrusions without fully trusting each other on the secret keyword list and encrypted traffic. Existing KDPI proposals have a heavy-weighted initialization phase, but also require dramatic changes to existing encryption methods used to the original network traffic during the inspection phase. In this work, we propose novel KDPI schemes CE-DPI and MT-DPI, which offer highly competitive performance in initialization and guarantee keyword integrity against malicious middlebox. Moreover, our methods work readily with AES-based encryption schemes that are already widely deployed and well-supported by AES-NI. We show that our KDPI schemes can be integrated with TLS, adding marginal overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: International Workshop on Hardware and Architectural Support for Security and Privacy (2013)

    Google Scholar 

  2. Anderson, B., McGrew, D.: Identifying encrypted malware traffic with contextual flow data. In: ACM Workshop on Artificial Intelligence and Security (2016)

    Google Scholar 

  3. Anderson, B., Paul, S., McGrew, D.: Deciphering malware’s use of TLS (without decryption). J. Comput. Virol. Hacking Tech. (2018)

    Google Scholar 

  4. Asghar, H.J., Melis, L., Soldani, C., De Cristofaro, E., Kaafar, M.A., Mathy, L.: SplitBox: toward efficient private network function virtualization. In: Workshop on Hot Topics in Middleboxes and Network Function Virtualization (2016)

    Google Scholar 

  5. Beaver, D.: Efficient multiparty protocols using circuit randomization. In: Annual International Cryptology Conference (1992)

    Google Scholar 

  6. Blake, A., David, M.: Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: ACM International Conference on Knowledge Discovery and Data Mining (2017)

    Google Scholar 

  7. Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_18

    Chapter  Google Scholar 

  8. Bouscatié, É., Castagnos, G., Sanders, O.: Public key encryption with flexible pattern matching. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 342–370. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_12

    Chapter  Google Scholar 

  9. Bujlow, T., Carela-Español, V., Barlet-Ros, P.: Independent comparison of popular DPI tools for traffic classification. Comput. Netw. (2015)

    Google Scholar 

  10. Canard, S., Diop, A., Kheir, N., Paindavoine, M., Sabt, M.: BlindiDS: market-compliant and privacy-friendly intrusion detection system over encrypted traffic. In: AsiaCCS (2017)

    Google Scholar 

  11. de Carné de Carnavalet, X., Mannan, M.: Killed by proxy: analyzing client-end TLS interception software. In: Network and Distributed System Security Symposium (2016)

    Google Scholar 

  12. de Carné de Carnavalet, X., van Oorschot, P.C.: A survey and analysis of TLS interception mechanisms and motivations. arXiv e-prints (2020)

    Google Scholar 

  13. cURL: cURL: command line tool and library for transferring data with URLs (1998). https://curl.se/

  14. Deri, L., Martinelli, M., Bujlow, T., Cardigliano, A.: NDPI: open-source high-speed deep packet inspection. In: International Wireless Communications and Mobile Computing Conference (2014)

    Google Scholar 

  15. Desmoulins, N., Fouque, P.A., Onete, C., Sanders, O.: Pattern matching on encrypted streams. In: International Conference on the Theory and Application of Cryptology and Information Security (2018)

    Google Scholar 

  16. Dierks, T.: The TLS protocol version 1.2 (2008)

    Google Scholar 

  17. Durumeric, Z., et al.: The security impact of HTTPS interception. In: Network and Distributed Systems Symposium (2017)

    Google Scholar 

  18. Evans, D., Kolesnikov, V., Rosulek, M., et al.: A Pragmatic Introduction to Secure Multi-Party Computation. Now Publishers Inc. (2018)

    Google Scholar 

  19. Fan, J., Guan, C., Ren, K., Cui, Y., Qiao, C.: SPABox: safeguarding privacy during deep packet inspection at a middlebox. IEEE/ACM Trans. Network. (2017)

    Google Scholar 

  20. Felt, A., Barnes, R., King, A., Palmer, C., Bentzel, C., Tabriz, P.: Measuring HTTPS adoption on the web. In: USENIX Security (2017)

    Google Scholar 

  21. Goltzsche, D., et al.: EndBox: scalable middlebox functions using client-side trusted execution. In: IEEE/IFIP International Conference on Dependable Systems and Networks (2018)

    Google Scholar 

  22. Google: HTTPS encryption on the web. https://transparencyreport.google.com/https/overview. Accessed 27 June 2021

  23. Grubbs, P., Arun, A., Zhang, Y., Bonneau, J., Walfish, M.: Zero-Knowledge middleboxes. In: USENIX Security (2022)

    Google Scholar 

  24. Han, J., Kim, S., Cho, D., Choi, B., Ha, J., Han, D.: A secure middlebox framework for enabling visibility over multiple encryption protocols. IEEE/ACM Trans. Network. (2020)

    Google Scholar 

  25. Han, J., Kim, S., Ha, J., Han, D.: SGX-Box: enabling visibility on encrypted traffic using a secure middlebox module. In: Asia-Pacific Workshop on Networking (2017)

    Google Scholar 

  26. Hedenskog, P.: Simulate slow network connections on Linux and MAC OS X (2021). https://github.com/sitespeedio/throttle

  27. Hofemeier, G., Chesebrough, R.: Introduction to intel AES-NI and intel secure key instructions. Intel, White Paper (2012)

    Google Scholar 

  28. Jarmoc, J.: SSL/TLS interception proxies and transitive trust. In: Black Hat Europe (2012)

    Google Scholar 

  29. Khalife, J., Hajjar, A., Díaz-Verdejo, J.: Performance of openDPI in identifying sampled network traffic. J. Netw. (2013)

    Google Scholar 

  30. Kim, J., Camtepe, S., Baek, J., Susilo, W., Pieprzyk, J., Nepal, S.: P2DPI: practical and privacy-preserving deep packet inspection. In: AsiaCCS (2021)

    Google Scholar 

  31. Kim, J., Camtepe, S., Baek, J., Susilo, W., Pieprzyk, J., Nepal, S.: P2DPI: practical and privacy-preserving deep packet inspection. IACR Cryptol. ePrint Arch. (2021)

    Google Scholar 

  32. Lai, S., et al.: Practical encrypted network traffic pattern matching for secure middleboxes. IEEE Trans. Dependable Secure Comput. (2021)

    Google Scholar 

  33. Lan, C., Sherry, J., Popa, R.A., Ratnasamy, S., Liu, Z.: Embark: securely outsourcing middleboxes to the cloud. In: NSDI (2016)

    Google Scholar 

  34. Lee, H., et al.: maTLS: how to make TLS middlebox-aware? In: NDSS (2019)

    Google Scholar 

  35. Lee, J., Lee, H., Jeong, J., Kim, D., Kwon, T.: Analyzing spatial differences in the TLS security of delegated web services. In: AsiaCCS (2021)

    Google Scholar 

  36. Li, H., Ren, H., Liu, D., Shen, X.S.: Privacy-enhanced deep packet inspection at outsourced middlebox. In: International Conference on Wireless Communications and Signal Processing (2018)

    Google Scholar 

  37. Li, J., Li, N.: OACerts: oblivious attribute certificates. In: The Conference on Applied Cryptography and Network Security (2005)

    Google Scholar 

  38. Li, J., Chen, R., Su, J., Huang, X., Wang, X.: ME-TLS: middlebox-enhanced TLS for internet-of-things devices. IEEE Internet Things J. (2019)

    Google Scholar 

  39. Lindell, Y., Pinkas, B.: A proof of security of Yao’s protocol for two-party computation. J. Cryptol. (2009)

    Google Scholar 

  40. Marquis-Boire, M., et al.: Planet blue coat: mapping global censorship and surveillance tools (2013)

    Google Scholar 

  41. McGrew, D., Wing, D., Nir, Y., Gladstone, P.: TLS proxy server extension. https://tools.ietf.org/html/draft-mcgrew-tls-proxy-server-01

  42. Moriarty, K., Morton, A.: Effects of pervasive encryption on operators. Technical report, RFC (2018)

    Google Scholar 

  43. Naylor, D., et al.: The cost of the “s” in HTTPS. In: ACM International Conference on Emerging Networking Experiments and Technologies (2014)

    Google Scholar 

  44. Naylor, D., Li, R., Gkantsidis, C., Karagiannis, T., Steenkiste, P.: And then there were more: secure communication for more than two parties. In: The International Conference on Emerging Networking EXperiments and Technologies (2017)

    Google Scholar 

  45. Naylor, D., et al.: Multi-context TLS (mcTLS): enabling secure in-network functionality in TLS. In: ACM SIGCOMM Computer Communication Review (2015)

    Google Scholar 

  46. Nginx: Nginx (2022). https://www.nginx.com/

  47. Ning, J., et al.: Pine: enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_1

    Chapter  Google Scholar 

  48. Ning, J., Poh, G., Loh, J.C., Chia, J., Chang, E.C.: PrivDPI: privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: ACM Conference on Computer and Communications Security (2019)

    Google Scholar 

  49. Nir, Y.: A method for sharing record protocol keys with a middlebox in TLS (2012). https://tools.ietf.org/id/draft-nir-tls-keyshare-02.html

  50. O’Neill, M., Ruoti, S., Seamons, K., Zappala, D.: TLS proxies: friend or foe? In: The Internet Measurement Conference (2016)

    Google Scholar 

  51. Pedersen, T.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Annual International Cryptology Conference (1991)

    Google Scholar 

  52. Poddar, R., Lan, C., Popa, R.A., Ratnasamy, S.: SafeBricks: shielding network functions in the cloud. In: USENIX Security (2018)

    Google Scholar 

  53. Ren, H., Li, H., Liu, D., Xu, G., Cheng, N., Shen, X.S.: Privacy-preserving efficient verifiable deep packet inspection for cloud-assisted middlebox. IEEE Trans. Cloud Comput. (2020)

    Google Scholar 

  54. Reports, V.: Deep packet inspection market size to reach USD 16620 million by 2026 at a CAGR of 25.0 percent valuates reports (2021). https://tinyurl.com/438yktzs

  55. Rescorla, E.: The TLS protocol version 1.3 (2018)

    Google Scholar 

  56. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: BlindBox: deep packet inspection over encrypted traffic. In: The ACM Conference on Special Interest Group on Data Communication (2015)

    Google Scholar 

  57. Silowash, G.J., Lewellen, T., Costa, D.L., Lewellen, T.B.: Detecting and preventing data exfiltration through encrypted web sessions via traffic inspection (2013)

    Google Scholar 

  58. Singh, R., Dunna, A., Gill, P.: Characterizing the deployment and performance of multi-CDNs. In: Internet Measurement Conference (2018)

    Google Scholar 

  59. Soghoian, C., Stamm, S.: Certified lies: detecting and defeating government interception attacks against SSL. In: ACM Symposium on Operating Systems Principles (2010)

    Google Scholar 

  60. Waked, L., Mannan, M., Youssef, A.: To intercept or not to intercept: analyzing TLS interception in network appliances. In: AsiaCCS (2018)

    Google Scholar 

  61. Winternitz, R.: A secure one-way hash function built from des. In: IEEE Symposium on Security and Privacy (1984)

    Google Scholar 

  62. Yamada, A., Miyake, Y., Takemori, K., Studer, A., Perrig, A.: Intrusion detection for encrypted web accesses. In: International Conference on Advanced Information Networking and Applications Workshops (2007)

    Google Scholar 

  63. Yang, K., Weng, C., Lan, X., Zhang, J., Wang, X.: Ferret: fast extension for correlated OT with small communication. In: the ACM Conference on Computer and Communications Security (2020)

    Google Scholar 

  64. Yao, A.C.C.: How to generate and exchange secrets. In: Annual Symposium on Foundations of Computer Science (1986)

    Google Scholar 

  65. Yuan, X., Wang, X., Lin, J., Wang, C.: Privacy-preserving deep packet inspection in outsourced middleboxes. In: IEEE INFOCOM (2016)

    Google Scholar 

Download references

Acknowledgement

This work was supported by the KENTECH Research Grant(KRG202200048A).

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, 47907, USA

    Weicheng Wang, Elisa Bertino & Ninghui Li

  2. KENTECH, Naju-si, Jeonnam, 58330, Republic of Korea

    Hyunwoo Lee

  3. Indiana University, Bloomington, IN, 47405, USA

    Yan Huang

Authors
  1. Weicheng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyunwoo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yan Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ninghui Li .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Gene Tsudik

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. Delft University of Technology, Delft, The Netherlands

    Georgios Smaragdakis

A Integration with TLS

A Integration with TLS

Since the TLS protocol is the most widely used security protocol in practice, we integrate MT-DPI into TLS. We extend the TLS protocol following the extension mechanism described in [16]. In the TLS protocol, two endpoints exchange their supporting extensions with corresponding extension messages during the first round-trip of the TLS handshake protocol. Our TLS extension is based on TLS 1.3 [55] where the extension messages from the TLS server are encrypted.

TLS Extension for the DPI Protocols. As TLS is a two-party protocol, it is challenging to introduce MB in the TLS session. To address such a challenge, our TLS extension should provide 1) a way to make an agreement between S and R to use a particular MB and 2) a way to negotiate parameters for MT-DPI with MB. To this end, we make S and R execute the two different TLS extensions – one with each other and the other with MB– and use the TLS extension messages to negotiate necessary parameters, resulting in two TLS sessions per each entity. We design the TLS handshake for the latter session to be executed within the TLS handshake for the former session; thus, we refer to the former TLS extension as the master TLS extension and the latter as the slave TLS extension. We also consider how to bind two resulting TLS sessions while designing the two extensions.

Master TLS Extension. The main objective of the master TLS extension protocol is to agree on what MB to use in DPI and share secrets between S and R. Although both S and R can be either of a TLS client or a TLS server in the master TLS extension, we refer to a TLS server as S and a TLS client as R for ease of presentation. During the master handshake, R includes its list of preferred MBs in its extension message. Then, S selects which MB to be used, and responds with the name of the MB and the DPI key in its extension message. We also let S send a nonce to bind the master and the slave. Note that the extension message from the TLS server is encrypted in TLS 1.3; thus, the DPI key and the nonce are secret. If there is no DPI key usable with MB, S should perform the initialization protocol with MB before sending its extension message. Then, S and R respectively execute the slave TLS extension protocol with MB.

Slave TLS Extension. The slave TLS extension protocol aims to authenticate MB, negotiate parameters for MT-DPI between endpoints and MB, and bind master and slave sessions. In the slave TLS extension protocol, S and R are the TLS clients and MB is the TLS server. S and R can authenticate MB with the name negotiated in the master extension and the certificate provided by MB according to the TLS handshake protocol. With the extension messages, S and R respectively exchange parameters with MB, such as the token size or the initial counter value, to be used for the token computation and the token inspection. All the parameters are finally decided by MB and the values are sent to S and R via the MB ’s extension message.

Binding the Master and the Slave Extensions. To bind the master and the slave sessions, the endpoint can include the nonce from the master TLS extension in its extension message of the slave TLS extension. However, the extension message from the TLS client is not encrypted; thus, the nonce should not be sent as it is. If only the nonce is sent by one party (say, S), a network adversary can know the nonce and argue to be the other endpoint (say, R) to MB. To address this issue, we leverage the random values exchanged between the TLS server and the TLS client in the master TLS protocol. Before the extension messages, in the first round-trip of the TLS protocol, the endpoints exchange two random values in the plaintext – a server random and a client random, generated by the TLS server and the TLS client. We let S and R send a hash of the nonce and its random value of the master TLS extension to MB respectively in the slave TLS extension. Then, MB forwards the hash from S (or R) to R (or S). Then, R (or S) verifies the hash and aborts the connections with S (or R) and MB if the hash is not verified. Otherwise, S begins with sending the actual data to R in the master TLS session while performing the DPI protocol with MB in the slave TLS session.

Implementation. To show feasibility of the TLS extensions with the DPI protocols, we implement the master and the slave TLS extensions in the OpenSSL-1.1.1l library, which we will release at the public repository. We also design our implementation so that it does not require any revision to the off-the-shelf applications. That is, all the applications can use our protocol immediately by replacing their OpenSSL shared object with our shared object. We show that the protocol is immediately deployable in our testbed where cURL [13] is used as a TLS client and open-source web servers (Nginx [46] and Apache [13]) are used as TLS servers in the master TLS extension.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wang, W., Lee, H., Huang, Y., Bertino, E., Li, N. (2024). Towards Efficient Privacy-Preserving Deep Packet Inspection. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14345. Springer, Cham. https://doi.org/10.1007/978-3-031-51476-0_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51476-0_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51475-3

  • Online ISBN: 978-3-031-51476-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics