TY - JOUR
T1 - Privacy-Preserving Encrypted Traffic Inspection With Symmetric Cryptographic Techniques in IoT
AU - Chen, Dajiang
AU - Wang, Hao
AU - Zhang, Ning
AU - Nie, Xuyun
AU - Dai, Hong Ning
AU - Zhang, Kuan
AU - Choo, Kim Kwang Raymond
N1 - Funding information:
The work of Dajiang Chen, Hao Wang, and Xuyun Nie was supported by NSFC under Grant 61872059, Grant 61771417, and Grant 61502085; in part by the Project “The Verification Platform of Multi-tier Coverage Communication Network for Oceans” under Grant LZC0020; in part by the International Scientific and Technological Innovation Cooperation Project in Sichuan Province under Grant 2020YFH0062; and in part by the Open Foundation of State Key Laboratory of Networking and Switching Technology (Beijing University of Posts and Telecommunications) under Grant SKLNST-2019-2-13. The work of Kim-Kwang Raymond Choo was supported by the Cloud Technology Endowed Professorship. (Corresponding author: Ning Zhang.)
Publisher Copyright:
© 2022 IEEE.
PY - 2022/9/15
Y1 - 2022/9/15
N2 - To ensure the security of Internet of Things (IoT) communications, one can use deep packet inspection (DPI) on network middleboxes to detect and mitigate anomalies and suspicious activities in network traffic of IoT, although doing so over encrypted traffic is challenging. Therefore, in this article, an efficient and privacy-preserving encrypted traffic detection scheme is proposed. The scheme uses only lightweight cryptographic operations (i.e., symmetric encryption, hash functions, and pseudorandom functions) to achieve both privacy and security within an inspection round. A dispute resolution mechanism is also designed to address potential disputes between client(s) and server(s). We also present the corresponding security proof and experimental evaluation, which demonstrate that our proposed scheme achieves strong security and privacy preservation and good performance.
AB - To ensure the security of Internet of Things (IoT) communications, one can use deep packet inspection (DPI) on network middleboxes to detect and mitigate anomalies and suspicious activities in network traffic of IoT, although doing so over encrypted traffic is challenging. Therefore, in this article, an efficient and privacy-preserving encrypted traffic detection scheme is proposed. The scheme uses only lightweight cryptographic operations (i.e., symmetric encryption, hash functions, and pseudorandom functions) to achieve both privacy and security within an inspection round. A dispute resolution mechanism is also designed to address potential disputes between client(s) and server(s). We also present the corresponding security proof and experimental evaluation, which demonstrate that our proposed scheme achieves strong security and privacy preservation and good performance.
KW - Encrypted traffic inspection
KW - IoT security
KW - privacy preserving
KW - symmetric cryptographic techniques
UR - http://www.scopus.com/inward/record.url?scp=85125737202&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2022.3155355
DO - 10.1109/JIOT.2022.3155355
M3 - Journal article
AN - SCOPUS:85125737202
SN - 2327-4662
VL - 9
SP - 17265
EP - 17279
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
IS - 18
ER -