A Secure Middlebox Framework for Enabling Visibility Over Multiple Encryption Protocols

Cited 2 time in webofscience Cited 0 time in scopus
  • Hit : 94
  • Download : 0
Network middleboxes provide the first line of defense for enterprise networks. Many of them typically inspect packet payload to filter malicious attack patterns. However, the widespread use of end-to-end cryptographic protocols designed to promote security and privacy, either inhibits deep packet inspection in the network or forces enterprises to use solutions that are not secure. This article introduces a complete framework for building secure and practical network middleboxes, called EVE, which enables visibility over encrypted traffic. EVE securely processes encrypted traffic using a combination of hardware-based trusted execution and software security technology. For enhanced programmability and security, EVE provides a high-level programming interface based on the Rust language. The high-level APIs of EVE provide security and significantly ease the development effort by hiding the details of cryptographic operations, enclave processing, TCP reassembly, and out-of-band key sharing. Our evaluation shows EVE supports diverse use cases with multiple encryption protocols in a secure fashion while delivering high performance.
Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Issue Date
2020-12
Language
English
Article Type
Article
Citation

IEEE-ACM TRANSACTIONS ON NETWORKING, v.28, no.6, pp.2727 - 2740

ISSN
1063-6692
DOI
10.1109/TNET.2020.3016785
URI
http://hdl.handle.net/10203/279425
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 2 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0