Deep packet filtering (DPF) has been demonstrated as an essential technique for effective fine-grained access controls, but it is commonly recognized that the technique may invade the individual privacy of the users. Secure computation can address the tradeoff between privacy and DPF functionality, but the current solutions limit the scalability of the network due to the intensive computation overheads and large connection setup delay, especially for the latest network paradigm, network function virtualisation (NFV) and software-defined network (SDN). In this paper, therefore, we propose a privacy-preserving deep packet filtering protocol, named DPF-ET, that can efficiently perform filtering function over encrypted traffic while diminishing the communication overhead and setup delay for the controller in SDN. DPF-ET guarantees the data privacy for users and remains rule privacy for the network owner. The implementation results on an experimental HP SDN/NFV platform demonstrate that the proposed DPF-ET outperforms the current approaches by reducing 250 times in the communications overhead and 32 times in the setup delay.
展开▼
机译:深度数据包过滤(DPF)已被证明是有效的细粒度访问控制的必要技术,但通常认为该技术可能会侵犯用户的个人隐私。安全计算可以解决隐私和DPF功能之间的折衷问题,但是由于密集的计算开销和较大的连接建立延迟,当前的解决方案限制了网络的可扩展性,尤其是对于最新的网络范例,网络功能虚拟化(NFV)和软件-定义的网络(SDN)。因此,在本文中,我们提出了一种保护隐私的深度数据包过滤协议DPF-ET,该协议可以有效地对加密流量执行过滤功能,同时减少SDN中控制器的通信开销和设置延迟。 DPF-ET为用户保证数据隐私,并为网络所有者保留规则隐私。在实验性的HP SDN / NFV平台上的实施结果表明,通过减少250倍的通信开销和32倍的设置延迟,提出的DPF-ET优于目前的方法。
展开▼
