A Secure Middlebox Framework for Enabling Visibility Over Multiple Encryption Protocols

Han, Juhyeng; Kim, Seong–Min; Cho, Daeyang; Choi, Byron; Ha, Jaehyeong; Han, Dongsu

doi:10.1109/tnet.2020.3016785

Cited by 18 publications

(21 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Very recently, a new proposal was suggested in [25]. The proposed framework and the implemented EVE platform have been built to manage a secure and practical middlebox that handles encrypted traffic.…”

Section: Related Workmentioning

confidence: 99%

Towards practical intrusion detection system over encrypted traffic*

Canard

2021

IET Information Security

View full text Add to dashboard Cite

Privacy and data confidentiality are today at the heart of many discussions. But such data protection should not be done at the detriment of other security aspects. In the context of network traffic, intrusion detection system becomes totally blind when the traffic is encrypted, making clients again vulnerable to known attacks. To reconcile security and privacy, BlindBox and BlindIDS are proposed to perform Deep Packet Inspection over an encrypted traffic, based on two different cryptographic techniques. But, on one side, even if BlindBox is quite efficient to detect an anomalous encrypted traffic, it necessitates a very high setup time for clients and servers and does not protect the know‐how of Security Editors (SEs) working on detection rules. On the other side, BlindIDS does protect SE's market and does not introduce any latency during setup time, but is definitely not enough efficient for a practical use. Herein, it is shown that the design of a fully efficient and market‐compliant intrusion detection system over an encrypted traffic is possible. The system is based on only symmetric cryptography, and permits to encrypt a packet of 1500 bytes in about 6 μs and to test such packets with 3000 rules in less than 2 μs.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards practical intrusion detection system over encrypted traffic*

Canard

2021

IET Information Security

View full text Add to dashboard Cite

show abstract

“…However, as a natural consequence of this classification, there are many studies in which techniques in different categories are used together. The categorization of studies numbered [36][37][38][39] and [40] can be given as an example of this case. The studies numbered [39] and [40] performed filter-based pattern matching by using the TH technique are examined in the categories of both DPI techniques and techniques for performing DPI on encrypted traffic.…”

Section: Dpi Techniquesmentioning

confidence: 99%

Modern ağ trafiği analizi için derin paket incelemesi hakkında kapsamlı bir çalışma: sorunlar ve zorluklar

Çelebi

ÖZBİLEN

Yavanoğlu

2022

NÖHÜ Müh. Bilim. Derg.

View full text Add to dashboard Cite

Deep Packet Inspection (DPI) provides full visibility into network traffic by performing detailed analysis on both packet header and packet payload. Accordingly, DPI has critical importance as it can be used in applications i.e network security or government surveillance. In this paper, we provide an extensive survey on DPI. Different from the previous studies, we try to efficiently integrate DPI techniques into network analysis mechanisms by identifying performance-limiting parameters in the analysis of modern network traffic. Analysis of the network traffic model with complex behaviors is carried out with powerful hybrid systems by combining more than one technique. Therefore, DPI methods are studied together with other techniques used in the analysis of network traffic. Security applications of DPI on Internet of Things (IoT) and Software-Defined Networking (SDN) architectures are discussed and Intrusion Detection Systems (IDS) mechanisms, in which the DPI is applied as a component of the hybrid system, are examined. In addition, methods that perform inspection of encrypted network traffic are emphasized and these methods are evaluated from the point of security, performance and functionality. Future research issues are also discussed taking into account the implementation challenges for all DPI processes.

show abstract

“…PRI [14], SGXBox [15], and TrustedClick [16] establish a secure channel between a single endpoint and the middlebox, share the session key through the secure channel with the other endpoint, and, thus, ensure the end-to-end policy. EVE [23] provides programmer-friendly Rust APIs, which makes it flexible to set the client's own strategies. These approaches follow the privacy-preserving manner and simplify the workloads to modify TLS.…”

Section: E Generic Network Functionsmentioning

confidence: 99%