PRI: Privacy Preserving Inspection of Encrypted Network Traffic

Traffic inspection is a fundamental building block of many security solutions today. For example, to prevent the leakage or exfiltration of confidential insider information, as well as to block malicious traffic from entering the network, most enterprises today operate intrusion detection and prevention systems that inspect traffic. However, the state-of-the-art inspection systems do not reflect well the interests of the different involved autonomous roles. For example, employees in an enterprise, or a company outsourcing its network management to a specialized third party, may require that their traffic remains confidential, even from the system administrator. Moreover, the rules used by the intrusion detection system, or more generally the configuration of an online or offline anomaly detection engine, may be provided by a third party, e.g., a security research firm, and can hence constitute a critical business asset which should be kept confidential. Today, it is often believed that accounting for these additional requirements is impossible, as they contradict efficiency and effectiveness. We in this paper explore a novel approach, called Privacy Preserving Inspection (PRI), which provides a solution to this problem, by preserving privacy of traffic inspection and confidentiality of inspection rules and configurations, and e.g., also supports the flexible installation of additional Data Leak Prevention (DLP) rules specific to the company.

[1]  Rita M. Barrios A Multi-Leveled Approach to Intrusion Detection and the Insider Threat , 2013 .

[2]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[3]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[4]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[5]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[6]  Sylvia Ratnasamy,et al.  BlindBox: Deep Packet Inspection over Encrypted Traffic , 2015, SIGCOMM.

[7]  Matthew Green,et al.  Keys under doormats , 2015, Commun. ACM.

[8]  Walid Dabbous,et al.  Meddle: middleboxes for increased transparency and control of mobile traffic , 2012, CoNEXT Student '12.

[9]  Adam Meyerson,et al.  On the complexity of optimal K-anonymity , 2004, PODS.

[10]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[11]  Collin Jackson,et al.  Analyzing Forged SSL Certificates in the Wild , 2014, 2014 IEEE Symposium on Security and Privacy.

[12]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[14]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[15]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[16]  George J Silowash,et al.  Detecting and Preventing Data Exfiltration Through Encrypted Web Sessions via Traffic Inspection , 2013 .

[17]  Martin Thomson,et al.  Hypertext Transfer Protocol Version 2 (HTTP/2) , 2015, RFC.

[18]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[19]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[20]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[21]  Narseo Vallina-Rodriguez,et al.  Beyond the Radio: Illuminating the Higher Layers of Mobile Networks , 2015, MobiSys.

[22]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[23]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.