BlindBox: Deep Packet Inspection over Encrypted Traffic

BlindBox: Deep Packet Inspection over Encrypted Traffic

BlindBox: Deep Packet Inspection over Encrypted Traffic 2015 SIGCOMM 15 August Justine Sherry UC Berkeley ,Chang Lan UC Berkeley , Raluca Ada Popa UC Berkeley ,Sylvia Ratnasamy UC Berkeley ,ETH Zurich UC Berkeley Outline Introduction

Overview Protocol I Protocol II Protocol III System Implementation Evaluation Conclusion Introduction

Introduction Network Intrusion Detection/Prevention (IDS/IPS) systems Snort Bro All DPI System are working on plaintext data With HTTPS, man-in-the-middle attack on SSL and decrypt the traffic at the middlebox Insecure BlindBox

the first system that simultaneously provides both of these properties. the functionality of middleboxes the privacy of encryption. Challenges Networks operate at very high rates requiring cryptographic operation s in micro or nano seconds Some middleboxes support for rich operations Fully homomorphic Functional encryption

BlindBox Perform the deep-packet inspection directly on the encrypted traffic Enables applications IDS

Exfiltration detection Parental filtering Supports real rulesets from both open-source and industrial DPI systems. It is practical for settings with long-lived HTTPS connections Core encryption scheme is 3-6 orders of magnitude faster than existin g relevant cryptographic schemes. Privacy Model from BlindBox Two privacy classes

Exact match privacy Probable cause privacy Protect the data with strong randomized encryption schemes Basic idea : AES Overview Simple transmit process Rule generator

Rule list End-User E(Attack) Attack E(Data) Data Middle Box Data E(Data)

Compare Detect Attack End-User BlindBoxs Requirements Key used in encrypting token and rule cannot be revealed to middlebo x Obfuscated rule encryption used in rule encryption

The middlebox cannot read the users traffic except the portions of the traffic which are considered suspicious based on th e attack rules. Rule cannot be revealed to sender Threat Model The original attacker considered by IDS At least one of the endpoint should be honest(not malicious)

Parental filter Commercial exfiltration detection devices The attacker at the middlebox Honest but curious Wish to hide content form MB but allowing MB to do DPI Architecture System architecture

Sender Encrypt with SSL Tokenize then Encrypt Used in tokenzie the traffic to be keywords Rule generator Provide rule to middlebox Provide KEY to sender and receiver to perform AES Middlebox

Block or Alert if encrypted tokens match encrypted rules Receiver Decrypt with SSL Validate tokens Protocol I : BASIC DETECTION Sender

SSL Raw Data () () Receiver

Middle Box () Compare Raw Data Validate Rule List

() Challenge 1 ) Encrypt rule 2) Tokenization 3) Prevent same cipher-text () # Rule List is in Middle box

How to Encrypt rule? Yaos Garbled Circuits Two parties can collaborate to correctly the output of a function without eith er party needing to reveal their inputs to the function. Rule Key Oblivious Transfer (OT) B can obtain without learning

AES and A does not learn b. Cipher-text Oblivious Transfer A B

has S = {} want select i = 0 q = 11, g = 7 1) Select C from that C = 4) Check 5) Select = 2, = 3, that 0<= < q-1 6) Cal.

7) Cal. C=9 = 2, = 10 2) Select , that 0 < < q-1, so = 3 3) Set = 5, = 2 = 21, = 29

8) Since can easily calculate = A 1) Yao's garbled circuit B

Garbling 4 garbled value OT 2 ) As input wire is W0, so if A want to send 0bit then it would send Result

3) Bs input wire is W1, but it didnt have key, so it will do OT to A. Ex B want input 0. 4) Getting W1 key and calculating garbled value, then check output pair. 5) Send output result to A Yao's garbled circuit Middle box encrypts rules without learning end-users key. End-user dont know the rule table.

Rule Key AES Cipher-text Sender

SSL Raw Data () () Receiver Middle Box

() Compare Raw Data Validate Rule List ()

Challenge 1 ) Encrypt rule 2) Tokenization 3) Prevent same cipher-text () # Rule List is in Middle box Tokenization

Examlple : Login.php?user=alice Window-based Overhead : window size X Base size=3 Delimiter-base Delimiter-based Punctuation, spacing, special symbols

Ignore redundant tokens [Log][ogi][gin][in.][n.p][.ph][php] [Login][php][?user=][user=alice] Sender SSL

Raw Data () () Receiver Middle Box ()

Compare Raw Data Validate Rule List () Challenge

1 ) Encrypt rule 2) Tokenization 3) Prevent same cipher-text () # Rule List is in Middle box The DPIEnc Encryption Scheme Consider simple deterministic encryption Weak when attacker use frequency analysis

Consider hash function NOT invertible and pseudorandom Weakness : existing hash functions are too slow Ex : SHA-1 Solution :Use AES to implement H AES must be keyed with a value that MB does not know when there is no match to an attack rule :

The DPIEnc Encryption Scheme (Con td) -------- > BlindBox Detect Protocol Precompute the values Enck (salt, r) for every rule r and for every possi ble salt Recall : MB can compute Enck (salt, r) based only on salt and its knowledge of AESk(r), and MB does not need to know key k

Arrange each enck(salt, r) in a search tree For each encrypted token t in the traffic stream, MB simply looks up th e search tree and checks if an equal value exists Weakness : MB HAVE TO prepare all posible salts for each rule r BlindBox Detect Protocol : Proposed scheme To maintain the desired security, every encryption of a token t must contain a diffe rent salt

Sender no logner send salt Only send salt0 initially Keep a counter table to map each token encrypted and its times Instead, Sender send Reset Send new salt0 to prevent counter table be too big BlindBox Detect Protocol (contd) MB creates a table mapping each keyword r to a counter

MB also creates each If match, MB increments ee, and delete old nodes in search tree nodes then inserts new into the tr Validate Tokens

The validate tokens procedure runs at the receiver The result is a set of encrypted tokens and it checks that these are the same as the encrypted tokens forwarded by MB Protocol II : LIMITED IDS Protocol II A rule can contain Multiple keywords to be matched in traffic

Absolute and relative offset information within the packet A rule is matched if all keywords are found within a flow Privacy model Same as protocol I Security gaurantee Same as protocol I Protocol III :

FULL IDS WITH PROBABLE CAUSE PRIVACY Protocol III Privacy model : Probable cause privacy Need to decrypt the traffic flow if match any rules Use Key which encrypt SSL to used in script and regular expression Now IDS like SNORT and Bro is detected with script and regular expression

Secucity Same as protocol I and protocol II System Implementation System implementation BlindBox library One normal SSL One to transmit the searchable encrypted tokens One to listen if a middlebox on path requests garbled circuits

The middlebox Half of threads perform detection over data stream Half of threads perform obfuscated rule encryption exchanges with clients Evaluation : Functionality Evaluation Can BlindBox implement t

he functionality required f or each target system? Table 1 Does BlindBox fail to detec t any attacks/policy violati ons that these standard im plementations would dete ct?

Different tokenization Window-based No miss with every byte a token Delimiter-based Experiment to test if this tokenization miss some possible attack Detected 97.1% of the attack keywords and 99% of the attack rules th at would have been detected with Snort.

(an attack rule may consist of multiple keywords) Evaluation : Performance Evaluation Some result over experiments Used in protocol II As a result, BlindBox is 3 to 6 orders of magnitude faster than relevant imple mentations using existing cryptography

The primary overhead of BlindBox is setting up a connection, due to the obf uscated rule encryption BlindBox is not yet practical for systems with thousands of rules and short-liv ed connections that need to run setup frequently Strawmen A searchable encryption scheme Does not enable obfuscated rule encryption or probable cause decryption Can implement encryption and detection as in Protocols I and II

Generic functional encryption (FE) Used in create reusable garble circuit and obfuscated rule encrytion Nests fully homomorphic encryption twice Too slow Client Performance : How long does it take to e ncrypt a token? Client Performance :

How long does the initial h andshake take with the mi ddle- box? Client Performance : What is the computational overhead of BlindBox encr yption, and how does this overhead impact page loa d times?

Client Performance : What is the bandwidth ove rhead of transmitting encr ypted tokens for a typical web page? Key to enhance the performance Minimizing bandwidth over- head is key to client performance Less data transmitted means less cost, faster transfer times, and faster detection times

The bandwidth overhead in BlindBox depends on the number of tokens produc ed The number of encrypted tokens varies widely depending on three parameters of the page being loaded what fraction of bytes are text/code which must be tokenized how dense the text/code is in number of delimiters whether or not the web server and client support compression Middlebox Performance :

What throughput can Blind Box sustain and how does this compare to standard I DS? We measured a throughput of 166Mbps when using BlindBox When running Snort over the same traffic, we measured a throughput of 85Mbps BlindBox preformed detection twice as fast as SNORT

Middlebox Performance : How does BlindBox compa re in detection time agains t other strawmen approac hes? Conclusion Conclusion BlindBox, a system that resolves the tension between security and DPI middl

ebox functionality in networks BlindBox is the first system to enable Deep Packet Inspection over encrypted traffic without requiring decryption of the underlying traffic BlindBox supports lots of real DPI application BlindBox detection scheme is faster than other standard DPI These standard DPI is performed on plaintext data

Recently Viewed Presentations

  • DASA-CE Training COST MANAGEMENT 101 Mission #2: CM

    DASA-CE Training COST MANAGEMENT 101 Mission #2: CM

    CM 101 Training. Section 1: Cost Management Overview. What are costs and why is managing costs important? ... Defining the various cost objects (which replace APCs/JONOs) within a Cost Model, e.g. organizations, products, services, jobs, etc. Understanding decision points of...
  • Point de dpart The verbs savoir and connatre

    Point de dpart The verbs savoir and connatre

    Title: PowerPoint Presentation Last modified by: Ibti Hadri Created Date: 6/8/2006 3:36:16 PM Document presentation format: On-screen Show (4:3) Other titles
  • Ample Definition: plenty; more than enough Parts of

    Ample Definition: plenty; more than enough Parts of

    Synonym: Antonym: Parts of Speech: Definition: Unlike her husband, who often rambled on about random things, Lee kept stories concise and to the point. short and to the point; saying a lot in a few words. Adjective. Short and sweet.
  • Trade Policy History, Trade Law and Trade Institutions

    Trade Policy History, Trade Law and Trade Institutions

    Recent Trade Issues US Use of Trade Policy Exceptions . Sect 301 - US export harm and IPR violations against China. 10% tariffs in place on ~$200 billion
  • Regression Discontinuity Designs in R

    Regression Discontinuity Designs in R

    Leveraging the Power of Regression Discontinuity Designs for Program Evaluation: An Institutional Simulation Using R. Gabe Avakian Orona, M.P.H. CAIR 2016. November 17, 2016
  • &quot;The Most Dangerous Game&quot; by Richard Connell

    "The Most Dangerous Game" by Richard Connell

    Whitney tells Rainsford about the evil reputation of the island. The island is called Ship-Trap Island, and sailors fear it. Zaroff tells Rainsford that he has found a new, more dangerous animal to hunt. Zaroff knows that Rainsford is a...
  • There Are Dogs Abandoned… - Acle Academy

    There Are Dogs Abandoned… - Acle Academy

    Author: CA 2015 ICT Account Created Date: 03/25/2015 03:24:58 Title: PowerPoint Presentation Last modified by: CA 2015 ICT Account Company: Churchill Community College
  • An Inside Look at Windows Internet Explorer Security

    An Inside Look at Windows Internet Explorer Security

    Syndicated content and ad business model enables sites and business . Growth in ecommerce depends on consumer trust. Trust may be undermined by less than transparent collection of data and inadequate protection of privacy. Unknown accountability -1st party & 3rd...