Private processing of outsourced network functions: feasibility and constructions

Luca Melis, Hassan Jameel Asghar, Emiliano De Cristofaro, Mohamed Ali Kaafar

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

24 Citations (Scopus)


Aiming to reduce the cost and complexity of maintaining networking infrastructures, organizations are increasingly outsourcing their network functions (e.g., firewalls, traffic shapers and intrusion detection systems) to the cloud, and a number of industrial players have started to offer network function virtualization (NFV)-based solutions. Alas, outsourcing network functions in its current setting implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. More specifically, we present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We include a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.

Original languageEnglish
Title of host publicationProceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Number of pages6
ISBN (Electronic)9781450340786
Publication statusPublished - 11 Mar 2016
Externally publishedYes
Event6th ACM Conference on Data and Application Security and Privacy : ACM CODASPY 2016 - New Orleans, United States
Duration: 9 Mar 201611 Mar 2016


Conference6th ACM Conference on Data and Application Security and Privacy
Abbreviated titleACM CODASPY 2016
Country/TerritoryUnited States
CityNew Orleans
Internet address


  • homomorphic encryption
  • NFV privacy
  • PEKS


Dive into the research topics of 'Private processing of outsourced network functions: feasibility and constructions'. Together they form a unique fingerprint.

Cite this