Application Research For Privacy-Preserving Encrypted Traffic Inspection

To ensure the security of Internet communications,deep packet inspection(DPI)is deployed in network middleboxes to detect the payload of data packet transmitted between endpoints,in order to resist anomalies and suspicious behaviors in network traffic effectively.However,with the rapid development of big data technology,the privacy leakage events occur from time to time.To ensure the confidentiality of the data,it has become an irreversible trend to use secure transport protocol to realize data sharing.This brings challenges to the application of deep packet detection which is mainly based on plaintext detection.In this thesis,two efficient privacy-preserving encrypted traffic inspection schemes are proposed for different application scenarios by leveraging symmetric searchable encryption techniques to improve the feasibility and reduce the time cost and communication overhead.In other words,the goal of this thesis is to achieve efficient DPI for the legitimacy of encrypted traffic without breaking its confidentiality.The main contributions of this thesis are described as follows:1.A privacy-preserving encrypted traffic inspection is proposed for Io T(Internet of things)security by using symmetric cryptographic techniques.From one side,the operation commands of the upper layer applications in Io T is required to transmit securely though the platform layer server to the terminal device at the perception layer;the terminal device as a client,on the other hand,wishes to share data with a server securely by using TLS(Transport Layer Security)protocols.To realize efficient privacypreserving encrypted traffic inspection in Io T,the proposed scheme utilizes only lightweight cryptographic operations(i.e.,symmetric encryption,hash functions and pseudorandom functions)to construct randomized tokens and obfuscated rules for detection.Moreover,a dispute resolution mechanism is designed to address the possible disputes arising from data inconsistencies between client and server.The corresponding security proof and experimental evaluation are presented to demonstrate the security and performance of the proposed scheme,respectively.Specifically,the rigorous security analysis demonstrates that the proposed scheme achieves stronger security and privacy preservation compared with existing schemes,and the sufficient results of experiments indicate that the proposed scheme has a better performance in both time and communication overhead compared with existing works.2.A privacy-preserving encrypted smart contract inspection in blockchain-based data trading platform is proposed.To ensure the legitimacy and privacy of the encrypted smart contract before it is stored in the blockchain and deployed to the node with computing power,it is necessary to conduct security detection.The scheme uses pseudorandom function,hash function,symmetric searchable encryption to construct data for matching detection.Moreover,based on secret sharing technology,the content options and actions of detection rules are hidden,and a lightweight data structure called obfuscated map is presented.Without exposing the payload,the detection node can use the randomized token and obfuscated map to perform matching detection.The security syntax of the scheme is defined,and a detailed security proof is given from two aspects:correctness and L-secure against adaptive attacks,where L denotes the leakage function.Finally,extensive experiments are conducted to evaluate the performance of the proposed scheme.Multiple results demonstrate that proposed scheme has strong feasibility in blockchain-based data trading platform.