Enabling Secure and Dynamic Deep Packet Inspection in Outsourced Middleboxes

Outsourced middlebox services have been a natural trend in modern enterprise networks to handle advanced traffic processing such as deep packet inspection, traffic classification, and load balancing. However, traffic redirection to outsourced middleboxes raises new security and privacy concerns, as this service model gives cloud providers full access to all the enterprise's traffic flows and proprietary middlebox rules. To ease these concerns, recent efforts are made to design secure middlebox services that can directly function over encrypted traffic and middlebox rules. But security concerns from dynamic network functions like stateful deep packet inspection and firewall rule updates are still not yet fully addressed. In this paper, we first propose a practical system architecture for outsourced middleboxes to perform dynamic deep packet inspection with forward and backward privacy. That is, newly added rules cannot be linked to previous inspection results, and deleted rules remain inaccessible to the server. Several recent papers have shown that it is a strong property that makes adaptive attacks less effective. Furthermore, we provide a generic solution that handles stateful inspection while still ensuring the state privacy protection. Rigorous analysis and prototype evaluations demonstrate the security, efficiency, and effectiveness of the design.