Middleboxes are very useful in increasing security and improving the performance of the network. It detects any intrusion in the network traffic and prevents it from entering the enterprise network, while also able to manipulate the traffic to improve the performance of the network. Since deploying the middlebox in-house can be difficult, citing the high cost and inflexibility, outsourcing the middlebox becomes the most efficient solution. Outsourcing the middlebox brings many advantages inenterprises and homes, where it can improve the network security and the performance without needing to maintain it. However, as the middlebox provider has access to all the network traffic in the middlebox, some privacy and security concerns are raised, since the provider can use it for malicious intents. Because of that, we propose Wildmatch, a system that enables encryption to protect the traffic data, while still lets the outsourced middlebox to filter it. Wildmatch uses AES encryption and tree data structure to protect the data inside the traffic, while also leverages wildcard matching to improve the performance of the filtering process.

Middleboxes are very useful in increasing security and improving the performance of the network. It detects any intrusion in the network traffic and prevents it from entering the enterprise network, while also able to manipulate the traffic to improve the performance of the network. Since deploying the middlebox in-house can be difficult, citing the high cost and inflexibility, outsourcing the middlebox becomes the most efficient solution. Outsourcing the middlebox brings many advantages inenterprises and homes, where it can improve the network security and the performance without needing to maintain it. However, as the middlebox provider has access to all the network traffic in the middlebox, some privacy and security concerns are raised, since the provider can use it for malicious intents. Because of that, we propose Wildmatch, a system that enables encryption to protect the traffic data, while still lets the outsourced middlebox to filter it. Wildmatch uses AES encryption and tree data structure to protect the data inside the traffic, while also leverages wildcard matching to improve the performance of the filtering process.

[1] R. A. Popa, F. H. Li, and N. Zeldovich, “An idealsecurity protocol for order-preserving encoding,”
Proceedings of the 2013 IEEE Symposium on Security and Privacy, 2013.
[2] C. Lan, J. Sherry, R. A. Popa, and S. Ratnasamy, “Blindbox: Deep packet inspection over encrypted
traffic,” Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication,
2015.
[3] P. Mell and T. Grance, “The nist definition of cloud computing,” NIST Special Publication 800-145,
2011.
[4] M. Redford, “An efficient cloud network intrusion detection system,” Computing and Convergence
Technology (ICCCT), pp. 577–583, 2012.
[5] R. Mittal and K. Soni, “Analysis of cloud computing architectures.,” Int. J. Adv. Res. Comput. Commun. Eng. 2, pp. 2087–2091, 2013.
[6] P. R. Palos-Sanchez, F. J. Arenas-Marquez, and M. Aguayo-Camacho, “Cloud computing (saas) adoption as a strategic technology: Results of an empirical study,” Mobule Informatiom Systems 2017,
2017.
[7] M. HAMDAQA and L. TAHVILDARI, “Cloud computing uncovered: A research landscape,” Elsevier Press., 2012.
[8] S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, and A. Ghalsasi, “Cloud computing –the business
perspective,” Decision Support Systems. 51, p. 176–189, 2011.
[9] P. Ghosh, A. K. Mandal, and R. Kumar, “Full virtualization by re-imaging cloud hardware,” Information Systems Design and Intelligent Applications, pp. 91–99, 2015.
[10] V. Sekar, S. Ratnasamy, M. K. Reiter, N. Egi, and G. Shi, “The middlebox manifesto: Enabling innovation in middlebox deployment,” Proceedings of the 10th ACM Workshop on Hot Topics in Networks,
2011.
[11] J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar., “Making middleboxes
someone else’s problem: Network processing as a cloud service,” Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer
Communication, 2012.
[12] C. Lan, J. Sherry, R. A. Popa, and S. Ratnasamy, “Embark: Securely outsourcing middleboxes to the
cloud,” USENIX Symposium on Networked Systems Design and Implementation, 2016.
[13] P. Clearinghouse, “Chronology of data breaches.”
[14] Verizon, “2015 data breach investigations report.”
[15] C. W. . X. Y. . Y. C. . K. Ren, “Toward secure outsourced middlebox services: Practices, challenges,
and beyond,” IEEE Network, pp. 166–171, 2018.
[16] R. A. Popa, F. H. Li, and N. Zeldovich, “Cryptdb: Protecting confidentiality with encrypted query
processing,” Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 463–477, 2011.
[17] D. Naylor, K. Schomp, M. Varvello, I. Leontiadis, J. Blackburn, D. R. López, K. Papagiannaki, P. R.
Rodriguez, and P. Steenkiste, “Multi-context tls (mctls): Enabling secure in-network functionality in
tls,” Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication,
SIGCOMM ’15, pp. 199–212, 2015.
[18] X. Yuan, X. Wang, J. Lin, and C. Wang, “Privacy-preserving deep packet inspection in outsourced
middleboxes,” IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer
Communications, 2016.
[19] R. Pang and V. Paxson, “A high-level programming environment for packet trace anonymization and
transformation,” SIGCOMM 2003, 2003.
[20] R. Pang, M. Allman, V. Paxson, and J. Lee, “The devil and packet trace anonymization,” SIGCOMM
2003, 2003.
[21] Runa, “Security vulnerability found in cyberoam dpi devices (cve-2012-3372),” Tor Project Blog,
2012.
[22] A. Kingsley-Hughes, “Gogo in-flight wi-fi serving spoofed ssl certificates,” ZDNet, 2015.
[23] D. Boneh, A. Sahai, and B. Waters, “Fully collusion resistant traitor tracing with short ciphertexts and
private keys,” Proceedings of the 24th Annual International Conference on The Theory and Applications of Cryptographic Techniques, 2006.
[24] N. Vallina-Rodriguez, S. Sundaresan, C. Kreibich, N. Weaver, and V. Paxson, “Beyond the radio:
Illuminating the higher layers of mobile networks,” Proc. ACM MobiSys, 2015.
[25] A. Rao, J. Sherry, A. Legout, W. Dabbout, A. Krishnamurthy, and D. Choffnes, “Meddle: Middleboxes
for increased transparency and control of mobile traffic,” Proc. CoNEXT Student Workshop, 2012.
[26] A. Boldyreva, N. Chenette, Y. Lee, and A. O’Neill, “Order-preserving symmetric encryption,” Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Cryptology Conference, 2009.
[27] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Order preserving encryption for numeric data,” Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD ’
04, 2004.
[28] O. Pandey and Y. Rouselakis, “Property preserving symmetric encryption,” EUROCRYPT, 2012.
[29] A. C.-C. Yao, “How to generate and exchange secrets,” 27th Annual Symposium on Foundations of
Computer Science (sfcs 1986), 1986.
[30] E. Threats, “Open rulesets.”