Presentation is loading. Please wait.

Presentation is loading. Please wait.

BlindBox: Deep Packet Inspection Over Encrypted Traffic

Published byStephany Bond Modified over 9 years ago

Similar presentations

Presentation on theme: "BlindBox: Deep Packet Inspection Over Encrypted Traffic"— Presentation transcript:

1 BlindBox: Deep Packet Inspection Over Encrypted Traffic
Raluca Ada Popa Joint work with: Justine Sherry, Chang Lan, Sylvia Ratnasamy UC Berkeley SIGCOMM 2015

2 Deep Packet Inspection (DPI)
Intrusion detection/prevention Exfiltration In-network devices which inspect packet payloads to enforce policies. Parental filtering

3 Example: Intrusion prevention
ATTACK HACKS 183237 rules rule generator rules ATTACK Alice Bob middlebox Detect!

4 Observation: a lot of traffic today is sent over https

5 Problem: middleboxes cannot inspect traffic over https
ATTACK Alice Bob middlebox ???

6 State-of-the-art: man in the middle attack on SSL
[Huang et al.’14] I am Google fake certificate SECRET Alice middlebox No privacy! and a lot of other security issues [Jarmoc’12]

7 Can we achieve both privacy and payload inspection?

8 Yes: BlindBox The first system to enable DPI middleboxes to inspect traffic without seeing the traffic

9 inspect encrypted traffic
Approach inspect encrypted traffic without decrypting it! SECRET Alice Bob middlebox

10 Technical setup

11 Model rule generator rules Alice Bob middlebox (MB)

12 Threat model generates rules correctly
one endpoint can misbehave but at least one endpoint behaves correctly; rule generator rules endpoints cannot learn rules Alice Bob middlebox (MB) runs detection functionality correctly but curious to see traffic content (honest but curious/passive)

13 Goals Strong privacy guarantee Practical Wide range of functionality
well-studied security guarantees Strong privacy guarantee Practical Wide range of functionality network rates are incredibly fast! (microsec) regexp, scripts

14 fully homomorphic or functional encryption?
Strawmen: fully homomorphic or functional encryption? [Gentry’09, BSW’11] Does not fit our threat model Alice Bob middlebox Prohibitive performance: IDS detection over a single packet requires over 1 day* * based on our experiments using [Katz, Sahai,Waters’08]

15 BlindBox’s design

16 System overview BBhttps: enhance https SSL remains unchanged. BBhttps
encrypt SSL traffic SSL decrypt message message BlindBox encrypt BlindBox verify encrypted tokens SSL remains unchanged. run detection on encrypted tokens split in tokens encrypt each token

17 How do we inspect encrypted traffic efficiently?

18 Step1: searchable encryption
packet inspection scheme security fast O(log(#rules) * #bytes/packet) deterministic schemes weak no satisfying scheme for our setting randomized schemes [SongWagnerPerrig’00] slow O(#rules * #bytes/packet) high desired fast high our new searchable encryption scheme & detection algorithm

19 slow O(#rules * #tokens)
Our new search scheme AESK(rule) Alice K middlebox example message AES BBhttps Fast encryption: only AES! AESK(token) salt, AES (salt) (salt) ?= AES tokens example xample ample m mple me AESK(rule) But detection is slow O(#rules * #tokens)

20 Desired: Avoid combining a salt with each rule Build index on rules

21 Fast detection protocol
Alice middlebox Use a salt schedule: Rule index: precompute tree with salt=1 EncK(1, rule1), EncK(1, rule2), … tokens A B encrypted tokens EncK(1, A) EncK(1, B) EncK(2, A) EncK(3, A) EncK(2, rule2) rare operation! For each token, one tree lookup! O(log #rules * # tokens)

22 But how does the middlebox obtain ?
AESK(rule) Alice Bob K middlebox AESK(rule)

23 Step 2: BlindBox’s setup phase
Alice K middlebox have rule want AESK(rule) Alice sends to MB garbled circuits [Yao’86] for MB runs oblivious transfer [Rabin’81] with Alice to obtain encoding for rule MB evaluates garbled circuit and obtains AESK() AESK(rule)

24 Security guarantee “Principle of least privilege”: the middlebox learns only byte positions where a rule matches (well-studied guarantee in the searchable encryption literature) byte stream ATTACK HACKS BLACKLIST match!

25 Need support for regular expressions!
So far… complete system for equality matching exfiltration parental filtering intrusion prevention (IPS) Need support for regular expressions!

26 How to support regular expressions?

27 Rules with regular expressions in IPS
Snort rule example: { content: “malicious string”, pcre: “/\r\nHost\x3As+[^\r\n]*?[bcdfghjklmnpqrstvwxyz]{5,}[^\r\n]*?\x2Ebiz Hi”, […] } Rule first matches string by equality Must be highly selective string

28 New privacy model: probable cause privacy
Privacy may be lost only if there is a probable cause If a malicious string matches a packet, middlebox can decrypt the packet, but not otherwise.

29 New encryption scheme for probable cause
Enc’K(token) Alice K middlebox AESK(rule) If token = rule, middlebox obtains K

30 Middlebox can run regexp
Rule {content: “malicious string”, pcre: “/\r\nHost\…”, […] } Step 1: match content string on encrypted traffic obtain K decrypt packet Step 2: run regexp on unencrypted traffic

31 More details in our paper!
Optimizations to reduce bandwidth overhead Details on garbled circuits + oblivious transfer Support for malicious middlebox Rule generation, regular expressions, probable cause decryption…

32 Implementation Endpoints: BBhttps - C library
Middlebox: Click framework

33 Evaluation functionality performance

34 Functionality Evaluation
Dataset Without probable cause With probable cause Document watermarking 100% Parental filtering Snort community (HTTP) 67% Snort Emerging Threats (HTTP) 42% StoneSoft (McAffee) IDS 40% LastLine IDS 29% IDS

35 Performance highlights
Three main performance figures: Detection Time: competitive with existing IDSes! 186Mbps with BlindBox (comparable to Snort) Transmission Time: practical overhead Page load completion time increases by x Setup Time: not yet competitive 1 min for 3000 rules fine for long-lived connections (cloud-enterprise)

36 Outsourcing middleboxes to the cloud
Upcoming work: MBArk Outsourcing middleboxes to the cloud Support header-based computations over encrypted data: firewall, NAT, IP forwarder, load balancer, VPN, IDS, exfiltration

37 Conclusion BlindBox is the first system to enable DPI middleboxes to process traffic without seeing it practical for a class of applications Thanks!

Download ppt "BlindBox: Deep Packet Inspection Over Encrypted Traffic"

Similar presentations

Revisiting the efficiency of malicious two party computation David Woodruff MIT.

Revisiting the efficiency of malicious two party computation David Woodruff MIT.
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks or: How to Provide Security Monitoring as a Service in Clouds? Seungwon.
Henry C. H. Chen and Patrick P. C. Lee

Henry C. H. Chen and Patrick P. C. Lee
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Secrecy Preserving Signatures Filtering Packets without Learning the Filtering Rules.

Secrecy Preserving Signatures Filtering Packets without Learning the Filtering Rules.
Traffic Shaping Why traffic shaping? Isochronous shaping

Traffic Shaping Why traffic shaping? Isochronous shaping
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Attacking Session Management Juliette Lessing

Attacking Session Management Juliette Lessing
 The IP address and port combination at which the NetScaler appliance receives client requests for the associated web application.  A public endpoint.

 The IP address and port combination at which the NetScaler appliance receives client requests for the associated web application.  A public endpoint.
Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.

Yan Huang, Jonathan Katz, David Evans University of Maryland, University of Virginia Efficient Secure Two-Party Computation Using Symmetric Cut-and-Choose.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,

Efficient Multi-match Packet Classification with TCAM Fang Yu Randy H. Katz EECS Department, UC Berkeley {fyu,
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Similar presentations

Ads by Google