Private Real-Time Processing of Outsourced Functions

February 22nd, 2016

Due to the proliferation of cloud computing many services that were traditionally accessible through secure centralized locations are being outsourced to the cloud. An outsourced service is in general tied to a set of rules or guidelines, which govern how the service is to process requests and output results. Often such rules as well as the results of the service are sensitive, and the entity outsourcing the service wishes to keep the rules and the processed data hidden from not only third parties but also the cloud itself.

Our research is to come up with solutions for outsourcing of services (functions) that rely on a set of rules (policies) such that the function, its output and the policies are hidden from the cloud. Moreover, the solution should guarantee timely processing of the outsourced function (real-time).

At present, our research is on private processing of network functions. We are also looking at other avenues where functions need to be outsourced.

Private Processing of Outsourced Network Functions

Like other services, network functions, such as firewalls and NAT, can be outsourced via technologies such as network function virtualization (NFV).


Our research attempts to find a private solution where the policies governing the network function, such as firewall rules, remain hidden from the cloud while being efficient in terms of network throughput. Our solution comes in two flavors

  • A somewhat less efficient solution based on Boneh-Goh-Nissm’s (BGN) partially homomorphic cryptosystem.
  • A better solution based on public key encryption with key word search (PEKS).

We are currently investigating other techniques to solve this problem.

Recent Publications

  • Luca Melis, Hassan Jameel Asghar, Emiliano De Cristofaro & Mohamed Ali Kaafar 2016, Private Processing of Outsourced Network Functions: Feasibility and Constructions. To appear in ACM International Workshop on. Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2016)