Title :
Techniques for policy enforcement on encrypted network traffic
Author :
Hanay, Y. Sinan ; Wolf, Tilman
Author_Institution :
Dept. of Electr. & Comput. Eng., Univ. of Massachusetts, Amherst, MA, USA
Abstract :
Most large-scale data communication networks are built from multiple autonomous subnetworks, which are managed by different administrative entities. In many practical environments, information about traffic policies is considered proprietary and is not disclosed by network operators. However, some operational scenarios require routers within a network to check if traffic matches a particular policy that is provided by another entity. In our work, we present several algorithms of how to represent policy databases and how to perform policy checks without explicitly disclosing the total set of policies. This privacy-preserving set operation extends related work, which has assumed that parties trust each other. Our analysis shows that the proposed policy checks can be implemented efficiently in realistic systems.
Keywords :
computer network security; cryptography; data communication; telecommunication traffic; encrypted network traffic; large-scale data communication networks; multiple autonomous subnetworks; policy databases; policy enforcement; privacy-preserving set operation; Classification algorithms; Cryptography; Data communication; Databases; Large-scale systems; Peer to peer computing; Polynomials; Privacy; Telecommunication traffic; Transport protocols;
Conference_Titel :
Military Communications Conference, 2009. MILCOM 2009. IEEE
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4244-5238-5
Electronic_ISBN :
978-1-4244-5239-2
DOI :
10.1109/MILCOM.2009.5379715
