2020年8月12日,在网络空间安全国际学术成果分享会 (下) 上 ,来自福建师范大学数学与信息学院的宁建廷教授,以《 PrivDPI:Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules》为题, 分享了他们发表在CCS 2019上的研究成果 。
演讲主题:PrivDPI: Privacy-Preserving Encrypted Traffic Inspection with Reusable Obfuscated Rules
(ACM CCS 2019)
内容摘要:
Network middleboxes perform deep packet inspection (DPI) to detect anomalies and suspicious activities in network traffic. However, increasingly these traffic are encrypted and middleboxes can no longer make sense of them. A recent proposal by Sherry et al. (SIGCOMM 2015), named BlindBox, enables the middlebox to perform inspection in a privacy-preserving manner. BlindBox deploys garbled circuit to generate encrypted rules for the purpose of inspecting the encrypted traffic directly. However, the setup latency (which could be 97s on a ruleset of 3,000 as reported) and overhead size incurred by garbled circuit are high. Since communication can only be commenced after the encrypted rules being generated, such delay is intolerable in many real-time applications. In this work, we present PrivDPI, which reduces the setup delay while retaining similar privacy guarantee. Compared to BlindBox, for a ruleset of 3,000, our encrypted rule generation is 288x faster and requires 290,227x smaller overhead for the first session, and is even 1,036x faster and requires 3424,505x smaller overhead over 20 consecutive sessions. The performance gain is based on a new technique for generating encrypted rules as well as the idea of reusing intermediate results generated in previous sessions across subsequent sessions. This is in contrast to Blindbox which performs encrypted rule generation from scratch for every session. Nevertheless, PrivDPI is 6x slower in generating the encrypted traffic tokens, yet in our implementation, the token encryption rate of PrivDPI is more than 17,271 per second which is sufficient for many real-time applications. Moreover, the intermediate values generated in each session can be reused across subsequent sessions for repeated tokens, which could further speedup token encryption. Overall, our experiment shows that PrivDPI is practical and especially suitable for connections with short flows.
嘉宾简介:
宁建廷 福建师范大学
宁建廷,博士,福建师范大学数学与信息学院教授,ACM会员。2016年12月获上海交通大学博士学位,先后在新加坡国立大学、新加坡管理大学从事博士后研究,主要从事公钥密码、网络安全等方面的研究,研究工作以第一作者身份发表于ACM CCS、IEEE TIFS、IEEE TDSC、ESORICS等学术会议和期刊。主持国家自然科学基金面上项目1项,参与新加坡与中国多项科研项目,包括新加坡政府、新加坡国立大学、新加坡电信三方联合项目、国家自然科学基金A3前瞻计划项目与重点项目等,多次向新加坡国防部、新加坡电信等机构提供研究报告;担任ESORICS等学术会议程序委员会委员。