Pine: Enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment

Author

Jianting NING, Fujian Normal University
Xinyi HUANG, Fujian Normal University
Geong Sen POH, NUS-Singtel Cyber Security Lab
Shengmin XU, Fujian Normal University
Jia-Chng LOH, NUS-Singtel Cyber Security Lab
Jain WENG, Jinan University - China
Robert H. DENG, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

9-2020

Abstract

Transport Layer Security Inspection (TLSI) enables enterprises to decrypt, inspect and then re-encrypt users’ traffic before it is routed to the destination. This breaks the end-to-end security guarantee of the TLS specification and implementation. It also raises privacy concerns since users’ traffic is now known by the enterprises, and third-party middlebox providers providing the inspection services may additionally learn the inspection or attack rules, policies of the enterprises. Two recent works, BlindBox (SIGCOMM 2015) and PrivDPI (CCS 2019) propose privacy-preserving approaches that inspect encrypted traffic directly to address the privacy concern of users’ traffic. However, BlindBox incurs high preprocessing overhead during TLS connection establishment, and while PrivDPI reduces the overhead substantially, it is still notable compared to that of TLSI. Furthermore, the underlying assumption in both approaches is that the middlebox knows the rule sets. Nevertheless, with the services increasingly migrating to third-party cloud-based setting, rule privacy should be preserved. Also, both approaches are static in nature in the sense that addition of any rules requires significant amount of preprocessing and re-instantiation of the protocols. In this paper we propose Pine, a new Privacy-preserving inspection of encrypted traffic protocol that (1) simplifies the preprocessing step of PrivDPI thus further reduces the computation time and communication overhead of establishing the TLS connection between a user and a server; (2) supports rule hiding; and (3) enables dynamic rule addition without the need to re-execute the protocol from scratch. We demonstrate the superior performance of Pine when compared to PrivDPI through extensive experimentations. In particular, for a connection from a client to a server with 5,000 tokens and 6,000 rules, Pine is approximately 27% faster and saves approximately 92.3% communication cost.

Keywords

Network privacy, Traffic inspection, Encrypted traffic

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computer Security ESORICS 2020: Proceedings of the 25th Symposium, Guildford, United Kingdom, September 14-18

Volume

12308

First Page

3

Last Page

22

ISBN

9783030589509

Identifier

10.1007/978-3-030-58951-6_1

Publisher

Springer

City or Country

Cham

Embargo Period

5-10-2021

Citation

NING, Jianting; HUANG, Xinyi; POH, Geong Sen; XU, Shengmin; LOH, Jia-Chng; WENG, Jain; and DENG, Robert H.. Pine: Enabling privacy-preserving deep packet inspection on TLS with rule-hiding and fast connection establishment. (2020). Computer Security ESORICS 2020: Proceedings of the 25th Symposium, Guildford, United Kingdom, September 14-18. 12308, 3-22.
Available at: https://ink.library.smu.edu.sg/sis_research/5925

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/978-3-030-58951-6_1