Privacy-Preserving Content-Based Similarity Detection Over in-the-Cloud Middleboxes

Abstract

It is increasingly popular for cloud providers to offer middlebox service that supports content-based similarity detection for enterprises. However, redirecting network traffic to the cloud for such service raises security concerns. While trusted execution environments such as Intel SGX have emerged as a pragmatic solution for designing secure in-the-cloud middleboxes, it remains challenging to practically support content-based similarity detection. In this paper, we design a secure in-the-cloud middlebox system that can detect content-based similar flows in encrypted traffic dynamically. To cope with the constrained enclave memory, we adopt the caching technique and devise a compact index to increase the cache hit rate for effective similarity detection inside the enclave. We also present a parallel algorithm for performance speedup, with an efficient enclave thread management mechanism. Extensive evaluations demonstrate that the overhead of our system compared to native processing (without SGX) is limited to 2.1 <formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex>$\times$</tex></formula> . Meanwhile, our tailored design can achieve up to <formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex>$14.4\times$</tex></formula> better computational efficiency compared to simply moving the target functionality to the SGX enclave via existing popular library operating systems like Graphene-SGX and Occlum. Our secure system can achieve a normalized similarity detection precision of about 90%.