Private processing of outsourced network functions: feasibility and constructions

Luca Melis; Hassan Jameel Asghar; Emiliano De Cristofaro; Mohamed Ali Kaafar

doi:10.1145/2876019.2876021

Private processing of outsourced network functions

feasibility and constructions

Luca Melis, Hassan Jameel Asghar, Emiliano De Cristofaro, Mohamed Ali Kaafar

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

18 Citations (Scopus)

Abstract

Aiming to reduce the cost and complexity of maintaining networking infrastructures, organizations are increasingly outsourcing their network functions (e.g., firewalls, traffic shapers and intrusion detection systems) to the cloud, and a number of industrial players have started to offer network function virtualization (NFV)-based solutions. Alas, outsourcing network functions in its current setting implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. More specifically, we present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We include a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.

Original language	English
Title of host publication	Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization
Place of Publication	New York
Publisher	Association for Computing Machinery, Inc
Pages	39-44
Number of pages	6
ISBN (Electronic)	9781450340786
DOIs	https://doi.org/10.1145/2876019.2876021
Publication status	Published - 11 Mar 2016
Externally published	Yes
Event	6th ACM Conference on Data and Application Security and Privacy : ACM CODASPY 2016 - New Orleans, United States Duration: 9 Mar 2016 → 11 Mar 2016 https://sites.google.com/site/codaspy20162/

Conference

Conference	6th ACM Conference on Data and Application Security and Privacy
Abbreviated title	ACM CODASPY 2016
Country	United States
City	New Orleans
Period	9/03/16 → 11/03/16
Internet address	https://sites.google.com/site/codaspy20162/

Keywords

homomorphic encryption
NFV privacy
PEKS

Access to Document

10.1145/2876019.2876021

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Private processing of outsourced network functions: feasibility and constructions'. Together they form a unique fingerprint.

Cite this

Melis, L., Asghar, H. J., De Cristofaro, E., & Kaafar, M. A. (2016). Private processing of outsourced network functions: feasibility and constructions. In Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization (pp. 39-44). New York: Association for Computing Machinery, Inc. https://doi.org/10.1145/2876019.2876021

Melis, Luca ; Asghar, Hassan Jameel ; De Cristofaro, Emiliano ; Kaafar, Mohamed Ali. / Private processing of outsourced network functions : feasibility and constructions. Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization. New York : Association for Computing Machinery, Inc, 2016. pp. 39-44

@inproceedings{fa3f874463134b209f1384337c61a7e0,

title = "Private processing of outsourced network functions: feasibility and constructions",

abstract = "Aiming to reduce the cost and complexity of maintaining networking infrastructures, organizations are increasingly outsourcing their network functions (e.g., firewalls, traffic shapers and intrusion detection systems) to the cloud, and a number of industrial players have started to offer network function virtualization (NFV)-based solutions. Alas, outsourcing network functions in its current setting implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. More specifically, we present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We include a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.",

keywords = "homomorphic encryption, NFV privacy, PEKS",

author = "Luca Melis and Asghar, {Hassan Jameel} and {De Cristofaro}, Emiliano and Kaafar, {Mohamed Ali}",

year = "2016",

month = "3",

day = "11",

doi = "10.1145/2876019.2876021",

language = "English",

pages = "39--44",

booktitle = "Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization",

publisher = "Association for Computing Machinery, Inc",

}

Melis, L, Asghar, HJ, De Cristofaro, E & Kaafar, MA 2016, Private processing of outsourced network functions: feasibility and constructions. in Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization. Association for Computing Machinery, Inc, New York, pp. 39-44, 6th ACM Conference on Data and Application Security and Privacy , New Orleans, United States, 9/03/16. https://doi.org/10.1145/2876019.2876021

Private processing of outsourced network functions : feasibility and constructions. / Melis, Luca; Asghar, Hassan Jameel; De Cristofaro, Emiliano; Kaafar, Mohamed Ali.

Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization. New York : Association for Computing Machinery, Inc, 2016. p. 39-44.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution

TY - GEN

T1 - Private processing of outsourced network functions

T2 - feasibility and constructions

AU - Melis, Luca

AU - Asghar, Hassan Jameel

AU - De Cristofaro, Emiliano

AU - Kaafar, Mohamed Ali

PY - 2016/3/11

Y1 - 2016/3/11

N2 - Aiming to reduce the cost and complexity of maintaining networking infrastructures, organizations are increasingly outsourcing their network functions (e.g., firewalls, traffic shapers and intrusion detection systems) to the cloud, and a number of industrial players have started to offer network function virtualization (NFV)-based solutions. Alas, outsourcing network functions in its current setting implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. More specifically, we present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We include a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.

AB - Aiming to reduce the cost and complexity of maintaining networking infrastructures, organizations are increasingly outsourcing their network functions (e.g., firewalls, traffic shapers and intrusion detection systems) to the cloud, and a number of industrial players have started to offer network function virtualization (NFV)-based solutions. Alas, outsourcing network functions in its current setting implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this paper, we investigate the use of cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information. More specifically, we present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using partial homomorphic encryption and public-key encryption with keyword search. We include a proof-of-concept implementation of our constructions and show that network functions can be privately processed by an untrusted cloud provider in a few milliseconds.

KW - homomorphic encryption

KW - NFV privacy

KW - PEKS

UR - http://www.scopus.com/inward/record.url?scp=84966539938&partnerID=8YFLogxK

U2 - 10.1145/2876019.2876021

DO - 10.1145/2876019.2876021

M3 - Conference proceeding contribution

SP - 39

EP - 44

BT - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization

PB - Association for Computing Machinery, Inc

CY - New York

ER -