Many network middleboxes perform deep packet inspection, a set of useful tasks which examine packet payloads. These tasks include intrusion detection (IDS), exfiltration detection, and parental filtering. However, a long-standing issue is that once packets are sent over https, the middleboxes can no longer accomplish their tasks because the payloads are encrypted. Hence, one is faced with choosing at most one of two desirable properties: the functionality of the middleboxes and the privacy of encryption. We propose BlindBox, a novel system that for the first time enables both properties together. The approach of BlindBox is to perform the deep-packet inspection {\em directly on the encrypted traffic}. We demonstrate how BlindBox enables applications such as IDS, exfiltration detection and parental filtering; BlindBox supports real rulesets from both open source (Snort) DPI systems as well as rulesets from industrial DPI systems. While BlindBox's performance is not yet ready for real deployment, BlindBox is nearly practical and improves performance by more than $10^6$ times as compared to a direct application of cryptography.
↧