Abstract
In this work, we introduce the system boundary security vs. privacy dilemma, where border devices (e.g., firewall devices) require unencrypted data inspection to prevent data exfiltration or unauthorized data accesses, but unencrypted data inspection violates data privacy. To shortcut this problem, we present Oblivious Inspection, a novel approach based on garbled circuits to perform a stateful application-aware inspection of encrypted network traffic in a privacy-preserving way. We also showcase an inspection algorithm for Fast Healthcare Interoperability Resources (FHIR) standard compliant packets along with its performance results. The results point out the importance of the inspection function being aligned with the underlying garbled circuit protocol. In this line, mandatory encryption algorithms for TLS 1.3 have been analysed observing that packets encrypted using Chacha20 can be filtered up to 17 and 25 times faster compared with AES128-GCM and AES256-GCM, respectively. All together, this approach penalizes performance to align system security and data privacy, but it could be appropriate for those scenarios where this performance degradation can be justified by the sensibility of the involved data such as healthcare scenarios.
Highlights
Data leakage and exfiltration are one of the top security concerns in modern information systems. e consequences of data exfiltration are huge for companies; information is the most valuable resource a company has
In order to show the interest of the proposed method, an application scenario where clinical information is involved has been proposed and a proof of concept has been implemented to test the inspection of packets compliant with the Fast Healthcare Interoperability Resources (FHIR) standard
Decryption performance has been analysed for the three mandatory Authenticated Encryption with Associated Data (AEAD) defined in the Transport Layer Secure (TLS) 1.3 standard (AES128-GCM, AES256-GCM, and Chacha20)
Summary
Data leakage and exfiltration are one of the top security concerns in modern information systems. e consequences of data exfiltration are huge for companies; information is the most valuable resource a company has. The use of end-to-end data encryption between communicating peers (providing confidentiality, integrity, and authenticity to data) limits the information that the firewall can use to decide whether a packet is legitimate or not. In these cases, the application data are encrypted so that firewall can just inspect the network information (e.g., IP addresses and ports) that is transmitted. Some existent approaches such as SSL inspection propose to use a man-in-the-middle-like controlled (by the system administrator) attack [4] allowing the firewall to decrypt the whole packet and inspect its content This approach presents several drawbacks, being the most important that the data privacy is compromised making it unacceptable for several scenarios. In order to show the interest of the proposed method, an application scenario where clinical information is involved has been proposed and a proof of concept has been implemented to test the inspection of packets compliant with the Fast Healthcare Interoperability Resources (FHIR) standard
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
