000096176 001__ 96176
000096176 005__ 20210902121852.0
000096176 0247_ $$2doi$$a10.1155/2020/8856379
000096176 0248_ $$2sideral$$a120580
000096176 037__ $$aART-2020-120580
000096176 041__ $$aeng
000096176 100__ $$0(orcid)0000-0001-8518-6884$$aSancho, J.$$uUniversidad de Zaragoza
000096176 245__ $$aOblivious Inspection: On the Confrontation between System Security and Data Privacy at Domain Boundaries
000096176 260__ $$c2020
000096176 5060_ $$aAccess copy available to the general public$$fUnrestricted
000096176 5203_ $$aIn this work, we introduce the system boundary security vs. privacy dilemma, where border devices (e.g., firewall devices) require unencrypted data inspection to prevent data exfiltration or unauthorized data accesses, but unencrypted data inspection violates data privacy. To shortcut this problem, we present Oblivious Inspection, a novel approach based on garbled circuits to perform a stateful application-aware inspection of encrypted network traffic in a privacy-preserving way. We also showcase an inspection algorithm for Fast Healthcare Interoperability Resources (FHIR) standard compliant packets along with its performance results. The results point out the importance of the inspection function being aligned with the underlying garbled circuit protocol. In this line, mandatory encryption algorithms for TLS 1.3 have been analysed observing that packets encrypted using Chacha20 can be filtered up to 17 and 25 times faster compared with AES128-GCM and AES256-GCM, respectively. All together, this approach penalizes performance to align system security and data privacy, but it could be appropriate for those scenarios where this performance degradation can be justified by the sensibility of the involved data such as healthcare scenarios.
000096176 536__ $$9info:eu-repo/grantAgreement/ES/DGA-FEDER/T31-20R$$9info:eu-repo/grantAgreement/ES/DGA-MECD/FPU15-04841$$9info:eu-repo/grantAgreement/ES/MINECO-FEDER/TIN2016-76770-R
000096176 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttp://creativecommons.org/licenses/by/3.0/es/
000096176 590__ $$a1.791$$b2020
000096176 591__ $$aTELECOMMUNICATIONS$$b71 / 91 = 0.78$$c2020$$dQ4$$eT3
000096176 591__ $$aCOMPUTER SCIENCE, INFORMATION SYSTEMS$$b125 / 162 = 0.772$$c2020$$dQ4$$eT3
000096176 592__ $$a0.446$$b2020
000096176 593__ $$aInformation Systems$$c2020$$dQ2
000096176 593__ $$aComputer Networks and Communications$$c2020$$dQ2
000096176 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000096176 700__ $$0(orcid)0000-0001-9485-7678$$aGarcía, J.$$uUniversidad de Zaragoza
000096176 700__ $$0(orcid)0000-0002-5254-1402$$aAlesanco, Á.$$uUniversidad de Zaragoza
000096176 7102_ $$15008$$2560$$aUniversidad de Zaragoza$$bDpto. Ingeniería Electrón.Com.$$cÁrea Ingeniería Telemática
000096176 773__ $$g2020 (2020), 8856379 [9 pp]$$pSECURITY AND COMMUNICATION NETWORKS$$tSECURITY AND COMMUNICATION NETWORKS$$x1939-0114
000096176 8564_ $$s1329780$$uhttps://zaguan.unizar.es/record/96176/files/texto_completo.pdf$$yVersión publicada
000096176 8564_ $$s36942$$uhttps://zaguan.unizar.es/record/96176/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000096176 909CO $$ooai:zaguan.unizar.es:96176$$particulos$$pdriver
000096176 951__ $$a2021-09-02-10:30:18
000096176 980__ $$aARTICLE