Skip to main content
SpringerLink
Log in

CloudDPI: Cloud-Based Privacy-Preserving Deep Packet Inspection via Reversible Sketch

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10581))

Included in the following conference series:

Abstract

Hardware-based middleboxes are ubiquitous in computer networks, which usually incur high deployment and management expenses. A recently arsing trend aims to address those problems by outsourcing the functions of traditional hardware-based middleboxes to high volume servers in a cloud. This technology is promising but still faces a few challenges. First, the widely adopted data encryption techniques contradict with payload inspection needs of some middleboxes such as DPI and IDS devices. Second, the inspection rules of middleboxes may be commercial properties, thus the middlebox providers want to keep their rules confidential under third-party cloud environments, and this creates hindrances for the cloud to perform outsourced middlebox functions. Third, performance of the outsourced middlebox is an inevitable issue that needs deliberate consideration. In this paper, we propose a cloud-based DPI middlebox implementation which performs payload inspection over encrypted traffic while preserving the privacy of both communication data and inspection rules. Our design employs a modified reversible sketch structure which is used for efficient error-free membership testing, and we utilize unkeyed one-way hash functions instead of complex cryptographic protocols to achieve the privacy preservation requirements. CloudDPI supports a wide range of real-world inspection rules, we conduct evaluations on ClamAV rule set and the experiment results demonstrate the effectiveness of our proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Network functions virtualization, an introduction, benefits, enablers, challenges and call for action. N Operators - SDN and OpenFlow SDN and OpenFlow World Congress (2012)

    Google Scholar 

  2. Sherry, J., Hasan, S., Scott, C., Krishnamurthy, A., Ratnasamy, S., Sekar, V.: Making middleboxes someone else’s problem: network processing as a cloud service. ACM SIGCOMM Comput. Commun. Rev. 42(4), 13–24 (2012)

    Article  Google Scholar 

  3. Wikipedia: Wannacry ransomware attack — wikipedia, the free encyclopedia (2017). [Online; Accessed 19 June 2017]

    Google Scholar 

  4. Sherry, J., Lan, C., Popa, R.A., Ratnasamy, S.: Blindbox: deep packet inspection over encrypted traffic. ACM SIGCOMM Comput. Commun. Rev. 45, 213–226 (2015). ACM

    Article  Google Scholar 

  5. Yao, A.C.C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science, pp. 162–167. IEEE (1986)

    Google Scholar 

  6. Lindell, Y., Pinkas, B.: A proof of security of yaos protocol for two-party computation. J. Cryptology 22(2), 161–188 (2009)

    Article  MATH  MathSciNet  Google Scholar 

  7. Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_36

    Chapter  Google Scholar 

  8. Asharov, G., Lindell, Y., Schneider, T., Zohner, M.: More efficient oblivious transfer and extensions for faster secure computation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 535–548. ACM (2013)

    Google Scholar 

  9. Yuan, X., Wang, X., Lin, J., Wang, C.: Privacy-preserving deep packet inspection in outsourced middleboxes. In: IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications, pp. 1–9. IEEE (2016)

    Google Scholar 

  10. Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_40

    Chapter  Google Scholar 

  11. Bruce, S.: Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York (1996)

    MATH  Google Scholar 

  12. Schweller, R., Li, Z., Chen, Y., Gao, Y., Gupta, A., Zhang, Y., Dinda, P.A., Kao, M.Y., Memik, G.: Reversible sketches: enabling monitoring and analysis over high-speed data streams. IEEE/ACM Trans. Networking (ToN) 15(5), 1059–1072 (2007)

    Article  Google Scholar 

  13. Sun, H., Wang, X., Buyya, R., Su, J.: Cloudeyes: Cloud-based malware detection with reversible sketch for resource-constrained internet of things (IoT) devices. Softw. Pract. Exp. 47, 421–441 (2016)

    Article  Google Scholar 

  14. Shi, J., Zhang, Y., Zhong, S.: Privacy-preserving network functionality outsourcing (2015). arXiv preprint: arXiv:1502.00389

  15. Cheon, J.H., Han, K., Lee, C., Ryu, H., Stehlé, D.: Cryptanalysis of the multilinear map over the integers. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 3–12. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46800-5_1

    Google Scholar 

  16. Melis, L., Asghar, H.J., De Cristofaro, E., Kaafar, M.A.: Private processing of outsourced network functions: feasibility and constructions. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 39–44. ACM (2016)

    Google Scholar 

  17. Boneh, D., Di Crescenzo, G., Ostrovsky, R., Persiano, G.: Public key encryption with keyword search. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 506–522. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_30

    Chapter  Google Scholar 

  18. Huang, L.S., Rice, A., Ellingsen, E., Jackson, C.: Analyzing forged SSL certificates in the wild. In: 2014 IEEE symposium on Security and Privacy (SP), pp. 83–97. IEEE (2014)

    Google Scholar 

  19. Lan, C., Sherry, J., Popa, R.A., Ratnasamy, S., Liu, Z.: Embark: securely outsourcing middleboxes to the cloud. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2016), pp. 255–273. USENIX Association (2016)

    Google Scholar 

  20. Wikipedia: Clam antivirus — wikipedia, the free encyclopedia (2017). [Online; Accessed 20 June 2017]

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, Hunan, 410073, China

    Jie Li, Jinshu Su, Xiaofeng Wang, Hao Sun & Shuhui Chen

  2. National Key Laboratory for Parallel and Distributed Processing, National University of Defense Technology, Changsha, Hunan, 410073, China

    Jinshu Su

Authors
  1. Jie Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinshu Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaofeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hao Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Shuhui Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jinshu Su .

Editor information

Editors and Affiliations

  1. Deakin University , Geelong, China

    Sheng Wen

  2. Fujian Normal University, Fuzhou Shi, China

    Wei Wu

  3. University of Salerno, Fisciano, Italy

    Aniello Castiglione

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Li, J., Su, J., Wang, X., Sun, H., Chen, S. (2017). CloudDPI: Cloud-Based Privacy-Preserving Deep Packet Inspection via Reversible Sketch. In: Wen, S., Wu, W., Castiglione, A. (eds) Cyberspace Safety and Security. CSS 2017. Lecture Notes in Computer Science(), vol 10581. Springer, Cham. https://doi.org/10.1007/978-3-319-69471-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69471-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69470-2

  • Online ISBN: 978-3-319-69471-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation