Abstract
With the increasing network traffic volume in the big data era, enterprises have paid significant attentions on outsourcing middlebox services to the public cloud. While offering appealing benefits, including network resource scalability and management cost reduction, it also raises severe privacy and security issues, such as the exposure of packet payload and middlebox rules. Since the traffic is redirected to cloud server, the exposure of packet payload and middlebox rule becomes inevitable. Simply encrypting the traffic can mitigate this problem at the cost of sacrificing data utility, which poses great challenges on deep packet inspection. In this paper, an efficient and secure Deep Packet Inspection (DPI) scheme is proposed based on non-collusion two cloud servers to enable data utility, while protecting the packet payload and middlebox rules. We leverage encrypted Matryoshka filter and T-set to process DPI. Since both the middlebox rule and packet payload are encrypted, cloud server cannot breach the confidentiality of them. We also build a secure hash chain to prevent the leakage of token order information. Extensive experiments demonstrate that proposed scheme performances better in terms of packet processing, rule preparation and rule matching.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
