Network function outsourcing system based on prefix-preserving encryption

Lingbo WEI; Xiaobing FENG; Chi ZHANG; Hualong SHENG; Nenghai YU

doi:10.11959/j.issn.1000-436x.2018057

您当前的位置：

首页 >

文章列表页 >

Network function outsourcing system based on prefix-preserving encryption

Papers | 更新时间：2024-06-05

- Network function outsourcing system based on prefix-preserving encryption
- Journal on Communications Vol. 39, Issue 4, Pages: 159-166(2018)
- 作者机构：
  
  1. 中国科学技术大学信息科学技术学院中国科学院电磁空间信息重点实验室，安徽合肥 230026
  2. 中国科学院信息工程研究所信息安全国家重点实验室，北京 100093
- 作者简介：
- 基金信息：
  
  The National Key Research and Development Program of China(2017YFB0802200);The National Natural Science Foundation of China(61702474)
- DOI：10.11959/j.issn.1000-436x.2018057
  CLC： TP393
- Online First：2018-04，
  
  Published：25 April 2018
- 稿件说明：
移动端阅览
Lingbo WEI, Xiaobing FENG, Chi ZHANG, et al. Network function outsourcing system based on prefix-preserving encryption[J]. Journal on Communications, 2018, 39(4): 159-166.
DOI：

Lingbo WEI, Xiaobing FENG, Chi ZHANG, et al. Network function outsourcing system based on prefix-preserving encryption[J]. Journal on Communications, 2018, 39(4): 159-166. DOI： 10.11959/j.issn.1000-436x.2018057.

摘要

基于硬件中间盒实现的网络功能成本高且可扩展性差等问题，越来越多的企业用户将网络功能的实现外包给云服务商。现有的网络功能外包方案要求用户对云服商公开通信流量和网络功能策略，暴露了用户内网的私密信息。基于轻量级的前缀保持加密方案，提出一种保护隐私的网络功能外包系统。与现有同类方案相比，该系统不仅为企业用户同时实现了通信流量与网络功能策略的隐私保护，而且具有更高的吞吐量和更低的时延。

Abstract

Due to the problem of high cost and limited scalability of dedicated hardware middleboxes

it is popular for enterprises to outsource middleboxes as software processes to the cloud service provider.In the current network function outsourcing schemes

the cloud service provider requires the enterprise’s communication traffic and network strategy which poses a serious threat to the enterprise’s piracy.Based on prefix-preserving encryption

a privacy preserving network function outsourcing system was proposed.Compared with other similar schemes

the system not only realizes the privacy protection of communication traffic

but also has higher throughput and lower delay.

关键词

Keywords

references

于强 , 霍红卫 . 一组提高存储效率的深度包检测算法 [J ] . 软件学报 , 2011 , 22 ( 1 ): 149 - 163 .

YU Q , HUO H W . Algorithms improving the storage efficiency of deep packet inspection [J ] . Journal of Software , 2011 , 22 ( 1 ): 149 - 163 .

袁泉 , 汤红波 , 黄开枝 , 等 . 基于Q-learning算法的vEPC虚拟网络功能部署方法 [J ] . 通信学报 , 2017 , 38 ( 8 ): 172 - 182 .

YUAN Q , TANG H B , HUANG K Z , et al . Deployment method for vEPC virtualized network function via Q-learning [J ] . Journal on Communications , 2017 , 38 ( 8 ): 172 - 182 .

XU J , FAN J , AMMAR M H , et al . Prefix-preserving IP address anonymization:measurement-based security evaluation and a new cryptography-based scheme [C ] // 10th IEEE International Conference on Network Protocols . 2002 : 280 - 289 .

SHERRY J , HASAN S , SCOTT C , et al . Making middleboxes someone else's problem:network processing as a cloud service [J ] . ACM SIGCOMM Computer Communication Review , 2012 , 42 ( 4 ): 13 - 24 .

GIBB G , ZENG H , MCKEOWN N . Outsourcing network functionality [C ] // The First Workshop on Hot Topics in Software Defined Networks . 2012 : 73 - 78 .

KHAKPOUR A R , LIU A X . First step toward cloud-based fire-walling [C ] // 2012 IEEE 31st Sym-posium on Reliable Distributed Systems (SRDS) . 2012 : 41 - 50 .

KUREK T , NIEMIEC M , LASON A . Taking back control of privacy:a novel framework for preserving cloud-based firewall policy confidentiality [J ] . International Journal of Information Security , 2016 , 15 ( 3 ): 235 - 250 .

SHI J , ZHANG Y , ZHONG S . Privacy-preserving network functionality outsourcing [J ] . arXiv preprint,arXiv:1502.00389 , 2015 .

CORON J S , LEPOINT T , TIBOUCHI M . Practical multilinear maps over the integers [M ] // Advances in Cryptology–CRYPTO . 2013 : 476 - 493 .

CHEON J H , HAN K , LEE C , et al . Cryptanalysis of the multilinear map over the integers [M ] // Advances in Cryptology–EUROCRYPT , 2015 : 3 - 12 .

MELIS L , ASGHAR H J , DE CRISTOFARO E , et al . Private processing of outsourced network functions:feasibility and constructions [C ] // The 2016 ACM International Workshop on Security in Software Defined Networks ＆ Network Function Virtualization . 2016 : 39 - 44 .

SHERRY J , LAN C , POPA R A , et al . Blindbox:deep packet inspection over encrypted traffic [J ] . ACM SIGCOMM Computer Communication Review , 2015 , 45 ( 4 ): 213 - 226 .

LAN C , SHERRY J , POPA R A , et al . Embark:securely outsourcing middle-boxes to the cloud [C ] // 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16) . 2016 : 255 - 273 .

ASGHAR H J , MELIS L , SOLDANI C , et al . SplitBox:toward efficient private network function virtualization [C ] // The Workshop on Hot Topics in Middleboxes and Network Function Virtualization . 2016 : 7 - 13 .

MATT B . Introduction to computer security [M ] . Pearson Education India , 2006 .

WANG C , CHOW S S M , WANG Q , et al . Privacy-preserving public auditing for secure cloud storage [J ] . IEEE transactions on computers , 2013 , 62 ( 2 ): 362 - 375 .

DAEMEN J , RIJMEN V . The design of Rijndael:AES-the advanced encryption standard [M ] . Springer Science ＆ Business Media , 2013 .

Views

1774

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Survey of privacy preserving data queries in cloud computing

Overview of the data security and privacy-preserving of mobile cloud services

Cryptographic service optimization scheduling algorithm for collaborative jobs in cloud environment

M-RSF: a multilevel feedback queue task scheduling mechanism for Unikernel

Scheduling framework based on reinforcement learning in online-offline colocated cloud environment

Related Author

Ren-yi XIAO

Rui-xuan LI

Xin-hua DONG

Xi-wu GU

Wan-wan ZHOU

Cong WANG

CAO Xiaogang

LI Fenghua

Related Institution

The National Natural Science Foundation of China

School of Computer Science and Technology, Huazhong University of Science and Technology

Institute of Information Engineering, Chinese Academy of Sciences

School of Cyber Security, University of Chinese Academy of Sciences

Key Laboratory of Cyberspace Security Defense

AI问答

⁰