Collaborative Enforcement of Firewall Policies in Virtual Private Networks Fei Chen Dept. of Computer Science and Engineering Michigan State University Joint work with Prof. Alex X. Liu Introduction Virtual Private Network (VPN) MSU IBM 1.1.0.0/16 Malicious websites 2.2.0.0/16 A secure hole IBM Representative 1.1.0.10 Firewall VPN Server Confidential Database 2.2.0.1 2.2.0.25 Header Encrypted Payload 2.2.0.2 Src IP: 1.1.0.10 Dst IP: 2.2.0.1 Src IP: 2.2.0.25 Dst IP: 2.2.0.2 Src IP: 2.2.0.25 Dst IP: 2.2.0.2 Header Payload Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 2/18 Motivation • The problem: MSU firewall cannot know what traffic is inside VPN – Viruses or worms can enter into MSU’s networks • Two straight forward ways MSU Firewall × IBM VPN Server Firewall packet • Goal: MSU and IBM collaboratively enforce the firewall policy without MSU knowing IBM packet and IBM knowing MSU firewall Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 3/18 Related Work • Secure Function Evaluation (SFE) (Yao, 1982) – Garbled circuits (Yao, 1986) • Computation cost is O(2b) • Oblivious Attribute Certificates (OACerts) (Li et al., 2005) – Trusted third party – Expensive PKI operation • Cross-Domain Cooperative Firewall (CDCF) (Cheng et al., 2007) – CDCF is insecure • MSU knows which rule matches which packet – CDCF is inefficient • It uses commutative encryption functions Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 4/18 Our Approach: VGuard MSU Firewall f1(Firewall) IBM VPN Server f2(f1(Firewall)) 1. Compute f1(f2(packet)) 2. Search f1(f2(packet)) in Bootstrapping Protocol f2(packet) decision Filtering Protocol f2(f1(Firewall)) • Key idea I: We propose Xhash protocol for oblivious comparison – Three orders faster than the commutative encryption • Key idea II: We uses Firewall Decision Diagrams (FDD) – For security purpose, FDD can help to prevent MSU from knowing which rule matches which packet – For efficiency purpose, processing packets using FDD is much more efficient than using linear search Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 5/18 Oblivious Comparison • Oblivious comparison problem c1 IBM MSU c2 c1 ?= c2 If c1 ≠ c2, no party should learn the value of the other party • Xhash protocol MSU(K1) Compute h(c2⊕K2⊕K1) c1⊕K1 IBM(K2) h(c1⊕K1⊕K2) c2⊕K2 Compare with h(c1⊕K1⊕K2) Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 6/18 Membership Query • Membership query problem [a, b] c IBM MSU Does c in the range [a,b]? No party should learn the value of the other party • Solutions using Xhash protocol [3, 7] Prefix format {011, 1**} 5 Prefix family PF(5)={101, 10*,1**,***} 1** Collaborative Enforcement of Firewall Policies in Virtual Private Networks 1** Liu, Chen 7/18 How to check the intersection of two sets in a privacy preserving manner ? MSU [3, 7] IBM 5 Prefix format Prefix family {011, 1**} PF(5)={101, 10*,1**,***} Prefix numericalization {01100, 10010} {01100⊕K1, 10010⊕K1} Prefix numericalization {h(01100⊕K1⊕K2), h(10010⊕K1⊕K2)} Store {h(01100⊕K1⊕K2), h(10010⊕K1⊕K2)} 10111⊕K2, …,00011⊕K2 {10111, 10010,10001,00011} Compute {h(10111⊕K2⊕K1), …, h(00011⊕K2⊕K1)} Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 8/18 The Bootstrapping Protocol (1/3) • Why to prevent MSU from knowing which rule matches which packet? f1(Firewall) Bootstrapping Protocol f2(f1(Firewall)) 1. Compute f1(f2(packet)) f2(packet) 2. Search f1(f2(packet)) in decision f2(f1(Firewall)) MSU may figure out packet by knowing the original rule that matches packet Filtering Protocol IBM cannot figure out Firewall by using f1(Firewall) F1 [1,4] F2 [5,8] accept match f2(packet) change by MSU F1 [1,2] F2 [5,6] accept F1(packet) is in [1, 2] F2(packet) is not in [5, 6] F1 [1,2] F2 [7,8] accept …… Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 9/18 The Bootstrapping Protocol (2/3) • Convert overlapping rules to non-overlapping rules F1 [4,11] F2 [0,5] accept F1 [0,3] F2 [2,7] accept FDD construction Prefix generation F1 [12,15] F2 [2,7] accept F1 [0,15] F2 [0,15] discard Overlapping rules Prefix numericalization Non-Overlapping rules Rule (0100010⊕K1, 0000010⊕K1) → a generation (0100010⊕K1, 0100011⊕K1) → a (1000010⊕K1, 0000010⊕K1) → a (1000010⊕K1, 0100011⊕K1) → a (0100010⊕K1, 0110011⊕K1) → d XOR by MSU …… The order of non-overlapping rules does not affect their function Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 10/18 The Bootstrapping Protocol (3/3) (0100010⊕K1, 0000010⊕K1) → a (0100010⊕K1, 0100011⊕K1) → a (1000010⊕K1, 0000010⊕K1) → a (1000010⊕K1, 0100011⊕K1) → a (0100010⊕K1, 0110011⊕K1) → d Send to IBM …… (h (0100010⊕K1⊕K2), h(0000010⊕K1⊕K2)) → a (h(0100010⊕K1⊕K2), h(0100011⊕K1⊕K2)) → a (h(1000010⊕K1⊕K2), h(0000010⊕K1⊕K2)) → a (h(1000010⊕K1⊕K2), h(0100011⊕K1⊕K2)) → a (h(0100010⊕K1⊕K2), h(0110011⊕K1⊕K2)) → d …… IBM shuffles rules MSU statistically analyze Send back to MSU 1. Frequency of values 2. Frequency of decisions IBM add dummy rules (h(0100010⊕K1⊕K2), (h(0100010⊕K1⊕K2), (h(1000010⊕K1⊕K2), (h(0100010⊕K1⊕K2), (h(1000010⊕K1⊕K2), h(0000010⊕K1⊕K2)) → a h(0100011⊕K1⊕K2)) → a h(0000010⊕K1⊕K2)) → a h(0110011⊕K1⊕K2)) → d h(0100011⊕K1⊕K2)) → a (h(0100010⊕K1⊕K2), h(dummy1⊕K2)) → d …… Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 11/18 The Filtering Protocol (1/2) A Packet: Prefix family generation (0101, 0011) 0101 0011 010* 001* 01** 00** 0*** 0*** **** **** Prefix Numericalizaiton 0101100 0100011 0100010 0000001 0000000 0011100 0010011 0000010 0000001 0000000 XOR by IBM h(0101100⊕K2⊕K1) h(0100011⊕K2⊕K1) h(0100010⊕K2⊕K1) h(0000001⊕K2⊕K1) h(0000000⊕K2⊕K1) h(0011100⊕K2⊕K1) 0101100⊕K2 HMAC h(0010011⊕K2⊕K1) XORByand 0100011⊕K2 MSU h(0000010⊕K2⊕K1) 0100010⊕K2 h(0000001⊕K2⊕K1) 0000001⊕K2 h(0000000⊕K2⊕K1) 0000000⊕K2 Collaborative Enforcement of Firewall Policies in Virtual Private Networks 0011100⊕K2 0010011⊕K2 0000010⊕K2 0000001⊕K2 0000000⊕K2 Liu, Chen 12/18 The Filtering Protocol (2/2) • To improve search efficiency, MSU can convert non-overlapping rules to a FDD (h(0100010⊕K1⊕K2), (h(0100010⊕K1⊕K2), (h(1000010⊕K1⊕K2), (h(1000010⊕K1⊕K2), (h(0100010⊕K1⊕K2), (h(dummy5⊕K1⊕K2), h(0000010⊕K1⊕K2)) → d h(0100011⊕K1⊕K2)) → d h(0110011⊕K1⊕K2)) → a h(0100011⊕K1⊕K2)) → d h(0110011⊕K1⊕K2)) → a h(dummy7⊕K1⊕K2)) → d …… Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 13/18 Experimental Results (1/3) • For real-life firewalls in bootstrapping protocol – Bootstrapping cost of VGuard is lower than that of CDCF for most firewalls MSU IBM Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 14/18 Experimental Results (2/3) • For real-life firewalls in filtering protocol – VGuard is 552 times faster than CDCF on the MSU side – VGuard is 5035 times faster than CDCF on the IBM side (Log scale) (Log scale) MSU • Two intuitive reasons for the better performance IBM – Xhash is three orders faster than commutative encryption – FDD is much efficient to search the decision of a given packet Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 15/18 Experimental Results (3/3) • For synthetic firewall policies in filtering protocol – VGuard is 252 times faster than CDCF on the MSU side – VGuard is 5529 times faster than CDCF on the IBM side (Log scale) (Log scale) MSU Collaborative Enforcement of Firewall Policies in Virtual Private Networks IBM Liu, Chen 16/18 Concluding Remarks • VGuard is secure – VGuard prevents MSU from identifying which rule matches the given packet • VGuard is efficient – Xhash is three orders faster than the commutative encryption – VGuard uses firewall decision diagrams for processing packets • Xhash is very efficient for oblivious comparison and can be used for other applications Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 17/18 Questions? Thank you! Collaborative Enforcement of Firewall Policies in Virtual Private Networks Liu, Chen 18/18