Oblivious network intrusion detection systems.
Saved in:
| Title: | Oblivious network intrusion detection systems. |
|---|---|
| Authors: | Sayed MA; Systems and Computer Engineering, Carleton University, 1125 Colonel By Dr, Ottawa, K1S 5B6, ON, Canada. mahmoud.sayed3@carleton.ca., Taha M; Systems and Computer Engineering, Carleton University, 1125 Colonel By Dr, Ottawa, K1S 5B6, ON, Canada. mostafa.taha@carleton.ca. |
| Source: | Scientific reports [Sci Rep] 2023 Dec 15; Vol. 13 (1), pp. 22308. Date of Electronic Publication: 2023 Dec 15. |
| Publication Type: | Journal Article |
| Language: | English |
| Journal Info: | Publisher: Nature Publishing Group Country of Publication: England NLM ID: 101563288 Publication Model: Electronic Cited Medium: Internet ISSN: 2045-2322 (Electronic) Linking ISSN: 20452322 NLM ISO Abbreviation: Sci Rep Subsets: PubMed not MEDLINE; MEDLINE |
| Imprint Name(s): | Original Publication: London : Nature Publishing Group, copyright 2011- |
| Abstract: | A main function of network intrusion detection systems (NIDSs) is to monitor network traffic and match it against rules. Oblivious NIDSs (O-NIDS) perform the same tasks of NIDSs but they use encrypted rules and produce encrypted results without being able to decrypt the rules or the results. Current implementations of O-NIDS suffer from slow searching speeds and/or lack of generality. In this paper, we present a generic approach to implement a privacy-preserving O-NIDS based on hybrid binary gates. We also present two resource-flexible algorithm bundles built upon the hybrid binary gates to perform the NIDS's essential tasks of direct matching and range matching as a proof of concept. Our approach utilizes a Homomorphic Encryption (HE) layer in an abstract fashion, which makes it implementable by many HE schemes compared to the state-of-the-art where the underlying HE scheme is a core part of the approach. This feature allowed the use of already-existing HE libraries that utilize parallelization techniques in GPUs for faster performance. We achieved a rule encryption time as low as 0.012% of the state of the art with only 0.047% of its encrypted rule size. Also, we achieved a rule-matching speed that is almost 20,000 times faster than the state of the art. (© 2023. The Author(s).) |
| References: | Bace, R. G. et al. Intrusion detection systems. In US Department of Commerce, Technology Administration, National Institute of.., (2001). Google Cloud Inrusion Detection System. Google. https://cloud.google.com/intrusion-detection-system (2022). Vhorne: What is azure firewall? https://docs.microsoft.com/en-us/azure/firewall/overview (2022). Gentry, C. Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing 169–178 (2009). Chillotti, I., Gama, N., Georgieva, M. & Izabachène, M. Tfhe: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020). (PMID: 10.1007/s00145-019-09319-x) Microsoft SEAL (release 3.6). https://github.com/Microsoft/SEAL . Microsoft Research, Redmond, WA (2020). PALISADE Lattice Cryptography Library (release 1.9.2). https://palisade-crypto.org/ (2020). Vernamlab: Vernamlab/cufhe: CUDA-accelerated fully homomorphic encryption library. https://github.com/vernamlab/cuFHE (2022). Evans, D. et al. A pragmatic introduction to secure multi-party computation. Found. Trends Privacy Secur. 2(2–3), 70–246 (2018). (PMID: 10.1561/3300000019) Yao, A. C.-C. How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986) 162–167 (IEEE, 1986). Micali, S., Goldreich, O. & Wigderson, A. How to play any mental game. In Proceedings of the Nineteenth ACM Symp. on Theory of Computing, STOC 218–229 (ACM, 1987). Goldreich, O. Cryptography and cryptographic protocols. Distribut. Comput. 16(2), 177–199 (2003). (PMID: 10.1007/s00446-002-0077-1) Naor, M., Pinkas, B. & Sumner, R. Privacy preserving auctions and mechanism design. In Proceedings of the 1st ACM Conference on Electronic Commerce 129–139 (1999). Zahur, S., Rosulek, M. & Evans, D. Two halves make a whole. In Annual International Conference on the Theory and Applications of Cryptographic Techniques 220–250 (Springer, 2015). Beaver, D., Micali, S. & Rogaway, P. The round complexity of secure protocols. In Proceedings of the Twenty-second Annual ACM Symposium on Theory of Computing 503–513 (1990). Rabin, M. How to exchange secrets with oblivious transfer. IACR Cryptol. ePrint Arch. 2005, 187 (2005). Even, S., Goldreich, O. & Lempel, A. A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985). (PMID: 10.1145/3812.3818) Goldreich, O., Micali, S. & Wigderson, A. How to play any mental game, or a completeness theorem for protocols with an honest majority. In 19th Annual ACM Symposium on Theory of Computing 218–229 (1987). Goldreich, O. Foundations of Cryptography Vol. 2 (Cambridge University Press, 2004). (PMID: 10.1017/CBO9780511721656) Ben-Or, M., Goldwasser, S. & Wigderson, A. Completeness theorems for non-cryptographic fault-tolerant distributed computation. In Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing 1–10 (1988). Shamir, A. How to share a secret. Commun. ACM 22(11), 612–613 (1979). (PMID: 10.1145/359168.359176) Kolesnikov, V. Gate evaluation secret sharing and secure one-round two-party computation. In International Conference on the Theory and Application of Cryptology and Information Security 136–155 (Springer, 2005). Kolensikov, V. Secure Two-party Computation and Communication, Ph.D. dissertation, University of Toronto (2006). Freedman, M. J., Nissim, K. & Pinkas, B. Efficient private matching and set intersection. In International Conference on the Theory and Applications of Cryptographic Techniques 1–19 (Springer, 2004). Kissner, L. & Song, D. Privacy-preserving set operations. In Annual International Cryptology Conference 241–257 (Springer, 2005). Brakerski, Z., Vaikuntanathan, V., Wee, H. & Wichs, D. Obfuscating conjunctions under entropic ring lwe. In Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science 147–156 (2016). Brakerski, Z. & Rothblum, G. N. Obfuscating conjunctions. J. Cryptol. 30(1), 289–320 (2017). (PMID: 10.1007/s00145-015-9221-5) Bartusek, J., Lepoint, T., Ma, F. & Zhandry, M. New techniques for obfuscating conjunctions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques 636–666 (Springer, 2019). Bishop, A. et al. A simple obfuscation scheme for pattern-matching with wildcards. In Annual International Cryptology Conference 731–752 (Springer, 2018). Galbraith, S. D. & Zobernig, L. Obfuscating finite automata. In International Conference on Selected Areas in Cryptography 90–114 (Springer, 2020). Niksefat, S., Sadeghiyan, B., Mohassel, P. & Sadeghian, S. Zids: A privacy-preserving intrusion detection system using secure two-party computation protocols. Comput. J. 57(4), 494–509 (2014). (PMID: 10.1093/comjnl/bxt019) Niksefat, S., Kaghazgaran, P. & Sadeghiyan, B. Privacy issues in intrusion detection systems: A taxonomy, survey and future directions. Comput. Sci. Rev. 25, 69–78 (2017). (PMID: 10.1016/j.cosrev.2017.07.001) Sgaglione, L. et al. Privacy preserving intrusion detection via homomorphic encryption. In 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE) 321–326 (IEEE, 2019). Genise, N., Gentry, C., Halevi, S., Li, B. & Micciancio, D. Homomorphic encryption for finite automata. In International Conference on the Theory and Application of Cryptology and Information Security 473–502 (Springer, 2019). Boudko, S. & Abie, H. Adaptive cybersecurity framework for healthcare internet of things. In 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT) 1–6 (IEEE, 2019). Godquin, T., Barbier, M., Gaber, C., Grimault, J.-L. & Le Bars, J.-M. Applied graph theory to security: A qualitative placement of security solutions within iot networks. J. Inf. Secur. Appl. 55, 102640 (2020). Nespoli, P., Díaz-López, D. & Mármol, F. G. Cyberprotection in iot environments: A dynamic rule-based solution to defend smart devices. J. Inf. Secur. Appl. 60, 102878 (2021). Ducas, L. & Micciancio, D. Fhew: bootstrapping homomorphic encryption in less than a second. In Annual International Conference on the Theory and Applications of Cryptographic Techniques 617–640 (Springer, 2015). Morris, M. et al. Digital Design With an Introduction to the Verilog HDL (Pearson, 2013). Julian, V. Releases. OISF/Suricata. https://github.com/OISF/suricata/releases (2022). Xu, C., Chen, S., Su, J., Yiu, S.-M. & Hui, L. C. A survey on regular expression matching for deep packet inspection: Applications, algorithms, and hardware platforms. IEEE Commun. Surv. Tutor. 18(4), 2991–3029 (2016). (PMID: 10.1109/COMST.2016.2566669) Chakraborty, S. Formal languages and automata theory-regular expressions and finite automata. In Computer Engineering and Networks Laboratory Swiss Federal Institute of Technology (ETH) Zurich (2003). Paverd, A., Martin, A. & Brown, I. Modelling and Automatically Analysing Privacy Properties for Honest-but-curious Adversaries (Tech, Rep, 2014). Chaturvedi, B., Chakraborty, A., Chatterjee, A. & Mukhopadhyay, D. A practical full key recovery attack on tfhe and fhew by inducing decryption errors. Cryptol. Arch. 2022, 141 (2022). Regev, O. On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 1–40 (2009). (PMID: 10.1145/1568318.1568324) Albrecht, M. & Bard, G. Lattice Estimator (2021, accessed 22 Aug 2023). https://github.com/malb/lattice-estimator . Albrecht, M. R., Player, R. & Scott, S. On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015). (PMID: 10.1515/jmc-2015-0016) Blum, A., Kalai, A. & Wasserman, H. Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM (JACM) 50(4), 506–519 (2003). (PMID: 10.1145/792538.792543) Babai, L. On lovász’lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986). (PMID: 10.1007/BF02579403) Chillotti, I., Gama, N., Georgieva, M. & Izabachène, M. TFHE: Fast Fully Homomorphic Encryption Library, v1.1. https://tfhe.github.io/tfhe/ (2020). Dai, W. & Sunar, B. cuhe: A homomorphic encryption accelerator library. In International Conference on Cryptography and Information Security in the Balkans 169–186 (Springer, 2015). Cheon, J. H., Kim, A., Kim, M., & Song, Y. Homomorphic encryption for arithmetic of approximate numbers. In International Conference on the Theory and Application of Cryptology and Information Security 409–437 (Springer, 2017). Biasse, J.-F. & Ruiz, L. Fhew with efficient multibit bootstrapping. In International Conference on Cryptology and Information Security in Latin America 119–135 (Springer, 2015). GGHLM Encrypted NFA Proof Of Concept (2022, accessed 15 Jul 2022). https://www.dropbox.com/s/10g2nocx3pmyu4t/henfa0.1.zip . |
| Grant Information: | IT26196 MITACS Accelerate, Canada; IT27551 MITACS Accelerate, CANADA; NSERC Discovery Grant awarded to Mostafa Taha Natural Sciences and Engineering Research Council of Canada |
| Entry Date(s): | Date Created: 20231215 Latest Revision: 20231218 |
| Update Code: | 20250114 |
| PubMed Central ID: | PMC10724248 |
| DOI: | 10.1038/s41598-023-48475-w |
| PMID: | 38102146 |
| Database: | MEDLINE |
Full Text 
Full Text Finder 
Nájsť tento článok vo Web of Science Be the first to leave a comment!