Middlebox-Based Packet-Level Redundancy Elimination Over Encrypted Network Traffic

To eliminate redundant transfers over WAN links and improve network efficiency, middleboxes have been deployed at ingress/egress. These middleboxes can operate on individual packets and are application layer protocol transparent. They can identify and remove duplicated byte strings on the fly. However, with the increasing use of HTTPS, current redundancy elimination (RE) solution can no longer work without violating end-to-end privacy. In this paper, we present RE over encrypted traffic (REET), the first middlebox-based system that supports both intra-user and inter-user packet-level RE directly over encrypted traffic. REET realizes this by using a novel protocol with limited overhead and protects end users from honest-but-curious middleboxes. We implement REET and show its performance for both end users and middleboxes using several hundred gigabytes of network traffic traces collected from a large U.S. university.

• Publication year

  2018

• Venue

  IEEE/ACM Transactions on Networking

• Publication date

  2018-08-01

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TNET.2018.2846791
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Toward Encrypted Cloud Media Center With Secure Deduplication

  2017cited by this paper
• SPABox: Safeguarding Privacy During Deep Packet Inspection at a MiddleBox

  2017cited by this paper
• Generalized pattern matching string search on encrypted data in cloud systems

  2015cited by this paper
• BlindBox: Deep Packet Inspection over Encrypted Traffic

  2015cited by this paper
• Secure Deduplication of Encrypted Data without Additional Independent Servers

  2015cited by this paper
• DupLESS: Server-Aided Encryption for Deduplicated Storage

  2013cited by this paper
• Message-Locked Encryption and Secure Deduplication

  2013cited by this paper
• Dynamic searchable symmetric encryption

  2012cited by this paper
• The power of prediction: cloud bandwidth and cost reduction

  2011cited by this paper
• EndRE: An End-System Redundancy Elimination Service for Enterprises

  2010influential reference
• SmartRE: an architecture for coordinated network-wide redundancy elimination

  2009cited by this paper
• Redundancy in network traffic: findings and implications

  2009influential reference
• Packet caches on routers: the implications of universal redundant traffic elimination

  2008cited by this paper
• Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles

  2008cited by this paper
• Deterministic and Efficiently Searchable Encryption

  2007cited by this paper
• Authenticated encryption in SSH: provably fixing the SSH binary packet protocol

  2002cited by this paper
• Reclaiming space from duplicate files in a serverless distributed file system

  2002cited by this paper
• Practical techniques for searches on encrypted data

  2000cited by this paper
• The click modular router

  2000cited by this paper
• A protocol-independent technique for eliminating redundant network traffic

  2000influential reference
• Summary cache: a scalable wide-area web cache sharing protocol

  2000cited by this paper
• On the scale and performance of cooperative Web proxy caching

  1999cited by this paper
• How to share a secret

  1979cited by this paper

• A Novel Self-Supervised Framework Based on Masked Autoencoder for Traffic Classification

  2024cites this paper
• On Designing Secure Cross-user Redundancy Elimination for WAN Optimization

  2022cites this paper
• Building In-the-Cloud Network Functions: Security and Privacy Challenges

  2021cites this paper
• Yugala: Blockchain Based Encrypted Cloud Storage for IoT Data

  2019cites this paper