Encrypted Packet Inspection Based On Oblivious Transfer

With the continuous development of Internet technology,the number and types of data transmitted in the network are on a rapid rise.Under such circumstances,it has become particularly important to monitor and review the data in the network to improve the quality of network services,strengthen supervision and guarantee network security.Traditional man-in-the-middle based encrypted data detection algorithms use received data packets.Decrypt the data,detect the data,and then encrypt the data to achieve the way.This detection method not only causes privacy leakage,but also the act of decrypting data packets violates the original design intention of encrypted transmission protocols.Therefore,how to design an algorithm that can achieve packet detection while protecting the privacy of both communicating parties becomes a problem worthy of research.BlindBox achieves the detection of encrypted data while protecting the privacy of encrypted data.However,BlindBox faces huge traffic overhead due to the use of garbled circuit as a tool for multi-party security computing.This is an unbearable overhead for a congested network.Another work called PrivDPI greatly reduces the bandwidth overhead by introducing reusable detection rules,but increases the computational overhead.The computing cost of privdpi is 6 times that of BlindBox.Both schemes slice the original data into token sequences,encrypt them,and send them to reviewers in the network,a process that causes leakage of the relative location of the token.To solve the above problems,this paper proposes an encrypted data detection algorithm OTEPI.The OTEPI algorithm proposed in this paper reduces the communication bandwidth overhead as much as possible without increasing the computational overhead.Oblivious Transfer(OT)is used to achieve encryption of detection rules,and the bandwidth consumption of OTEPI is much smaller than that of BlindBox.In order to protect the privacy of data,the scheme uses hash algorithm and XOR operation to encrypt the token sequence,and uses shuffle algorithm to further confuse the opposite position of the encrypted tokens.By this way,we can prevent attack from semi-honest servers.This paper introduces natural language processing(NLP)techniques to pre-process the data to be detected,which reduces the token number of the encryption process.Based on OTEPI algorithm,this paper also designs OPTEI?Full algorithm which supports complete detection and decryption.OPTEI?Full can decrypt the data when suspicious data is detected to detect suspicious scripts.This paper not only makes a theoretical analysis of the scheme,but also uses several groups of comparative experiments to evaluate the performance of the algorithm.Online public data sets and locally generated random data are used to compare with the existing BlindBox algorithm and PrivDPI algorithm.The performance of OTEPI algorithm proposed in this paper is 1.7 times that of BlindBox and 7.2 times that of PrivDPI.For repeated data,the performance of OTEPI algorithm in processing encrypted data is 3.2 times that of BlindBox and 3.5 times that of PrivDPI.The traffic overhead of OTEPI algorithm is between Blindbox and Privd DPI.