| With the continuous development of Internet technology and communication tech-nology,the network has been integrated into all aspects of people's lives and brings great convenience to people's liveS?But at the same time,a variety of network attack-s emerge one after another and cyberspace security is greatly threatened.Therefore,we need a variety of network defense technology to resist network attacks.Firewall technology is one of the key technologies to resist network attacks and ensure network security.The firewall can monitor and check the incoming and outgoing network traffic,prevent the attacker's malicious packet into the intranet,and kill the malicious packet into the intranet.But the deployment and management of the firewall will bring a lot of overhead,which will increase the company's operating costs.In order to reduce the company's overhead,the company began to outsource the firewall function to the cloud service provider.However,firewall outsourcing will reveal the company's firewall s-trategy,the existing firewall function outsourcing scheme does not protect the privacy of firewall policy.These problems have become obstacles to the adoption of firewall outsourcing technology.This article aims to solve the privacy protection problem of firewall policy in fire-wall function outsourcing.Specific research includes the following aspects:1.Proposed a dual cloud based system architecture for the firewall function out-sourcing.In view of the existing problems in the architecture of firewall function out-sourcing system,we propose a system architecture based on two independent cloud platforms.The two cloud platforms in the system architecture are independent of each other and follow the protocol to jointly provide firewall outsourcing services.2.Based on the above-mentioned double cloud outsourcing system architecture,we proposed a privacy-preserving firewall outsourcing scheme using Paillier partial homomorphic encryption.In this scheme,we combine Paillier partial homomorphic encryption and cryptographic obfuscator to design a cryptographic obfuscator.Then we use this cryptographic obfuscator to obfuscate the firewall rules to ensure the privacy of the firewall policy that is outsourced.3.Based on the traffic redirection outsourcing system architecture,we proposed a privacy-preserving firewall outsourcing scheme using prefix-preserving encryption.This scheme uses the prefix-preserving encryption algorithm to encrypt the firewall policy to ensure privacy of outsourced firewall policies.4.The simulation results of the above two schemes are realized by using the Click modular router,and the feasibility of the proposed scheme is verified.At the same time,we test the delay and throughput of the two schemes,and verify the performance of the two schemes. |
PDF Full Text Request