Private Real-Time Processing of Outsourced Functions

Overview

Due to the proliferation of cloud computing many services that were traditionally accessible through secure centralised locations are being outsourced to the cloud. An outsourced service is in general tied to a set of rules or guidelines, which govern how the service is to process requests and output results. Often such rules as well as the results of the service are sensitive, and the entity outsourcing the service wishes to keep the rules and the processed data hidden from not only third parties but also the cloud itself.

Our research is to come up with solutions for outsourcing of services (functions) that rely on a set of rules (policies) such that the function, its output and the policies are hidden from the cloud. Moreover, the solution should guarantee timely processing of the outsourced function (real-time).

At present, our research is on private processing of network functions. We are also looking at other avenues where functions need to be outsourced.

Private Processing of Outsourced Network Functions

Like other services, network functions, such as firewalls and NAT, can be outsourced via technologies such as network function virtualization (NFV).

priv-processing1

Our research attempts to find a private solution where the policies governing the network function, such as firewall rules, remain hidden from the cloud while being efficient in terms of network throughput. Our solution comes in two flavours

  • A somewhat less efficient solution based on Boneh-Goh-Nissm’s (BGN) partially homomorphic cryptosystem.
  • A better solution based on public key encryption with key word search (PEKS).

SplitBox

Due to the heavy involvement of public-key algorithms, the above approach did not result in a fast enough system. Based on the lessons learned, we developed a new system relying on private-key operations as well as using a more distributed approach. We call the resulting system, SplitBox.

pnfv2-overview-copy

People

  • Hassan Jameel Asghar, Data61-CSIRO.
  • Guillaume Jourjon, Data61-CSIRO.
  • Craig Russell, Data61-CSIRO.
  • Dali Kaafar, Data61-CSIRO.
  • Emiliano De Cristofaro, UCL.

News

 

Publications

  • Hassan Jameel Asghar, Luca Melis, Cyril Soldani, Emiliano De Cristofaro, Mohamed Ali Kaafar, Laurent Mathy 2016, SplitBox: Toward Efficient Private Network Function Virtualization, ACM SIGCOMM HotMiddleBox 2016.
  • Luca Melis, Hassan Jameel Asghar, Emiliano De Cristofaro & Mohamed Ali Kaafar 2016, Private Processing of Outsourced Network Functions: Feasibility and Constructions. To appear in ACM International Workshop on. Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2016)