OblivSketch: oblivious network measurement as a cloud service

Shangqi Lai, Xingliang Yuan, Joseph Liu, Xun Yi, Qi Li, Dongxi Liu, Surya Nepal

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Network function virtualisation enables versatile
network functions as cloud services with reduced cost. Specifically,
network measurement tasks such as heavy-hitter detection
and flow distribution estimation serve many core network
functions for improved performance and security of enterprise
networks. However, deploying network measurement services in
third-party multi-tenant cloud service providers raises critical
privacy and security concerns. Recent studies demonstrate that
leaking and abusing flow statistics can lead to severe network
attacks such as DDoS, network topology manipulation and
poisoning, etc.
In this paper, we propose OblivSketch, an oblivious network
measurement service using Intel SGX. It employs hardware
enclave for secure network statistics generation and queries.
The statistics are maintained in newly designed oblivious data
structures inside the SGX enclave and queried by data-oblivious
algorithms to prevent data leakage caused by access patterns
to the memory of SGX. To demonstrate the practicality, we
implement OblivSketch as a full-fledge service integrated with
the off-the-shelf SDN framework. The evaluations demonstrate
that OblivSketch consumes a constant and small memory space
(6MB) to track a massive amount of flows (from 30k to 1.45m),
and it takes no more than 15ms to respond six widely adopted
measurement queries for a 5s-trace with 70k flows.
Original languageEnglish
Title of host publication28th Annual Network and Distributed System Security Symposium, NDSS 2021
EditorsAhmad-Reza Sadeghi, Farinaz Koushanfar
Place of PublicationSan Diego CA USA
PublisherInternet Society
Number of pages18
ISBN (Electronic)1891562665
DOIs
Publication statusPublished - 2021
EventUsenix Network and Distributed System Security Symposium 2021 - Online, United States of America
Duration: 21 Feb 202125 Feb 2021
https://www.ndss-symposium.org/ndss2021/

Conference

ConferenceUsenix Network and Distributed System Security Symposium 2021
Abbreviated titleNDSS 2021
Country/TerritoryUnited States of America
Period21/02/2125/02/21
Internet address

Cite this