96176 20210902121852.0 doi 10.1155/2020/8856379 sideral 120580 ART-2020-120580 eng Sancho, J. Universidad de Zaragoza (orcid)0000-0001-8518-6884 Oblivious Inspection: On the Confrontation between System Security and Data Privacy at Domain Boundaries 2020 Access copy available to the general public Unrestricted In this work, we introduce the system boundary security vs. privacy dilemma, where border devices (e.g., firewall devices) require unencrypted data inspection to prevent data exfiltration or unauthorized data accesses, but unencrypted data inspection violates data privacy. To shortcut this problem, we present Oblivious Inspection, a novel approach based on garbled circuits to perform a stateful application-aware inspection of encrypted network traffic in a privacy-preserving way. We also showcase an inspection algorithm for Fast Healthcare Interoperability Resources (FHIR) standard compliant packets along with its performance results. The results point out the importance of the inspection function being aligned with the underlying garbled circuit protocol. In this line, mandatory encryption algorithms for TLS 1.3 have been analysed observing that packets encrypted using Chacha20 can be filtered up to 17 and 25 times faster compared with AES128-GCM and AES256-GCM, respectively. All together, this approach penalizes performance to align system security and data privacy, but it could be appropriate for those scenarios where this performance degradation can be justified by the sensibility of the involved data such as healthcare scenarios. info:eu-repo/grantAgreement/ES/DGA-FEDER/T31-20R info:eu-repo/grantAgreement/ES/DGA-MECD/FPU15-04841 info:eu-repo/grantAgreement/ES/MINECO-FEDER/TIN2016-76770-R info:eu-repo/semantics/openAccess by http://creativecommons.org/licenses/by/3.0/es/ 1.791 2020 TELECOMMUNICATIONS 71 / 91 = 0.78 2020 Q4 T3 COMPUTER SCIENCE, INFORMATION SYSTEMS 125 / 162 = 0.772 2020 Q4 T3 0.446 2020 Information Systems 2020 Q2 Computer Networks and Communications 2020 Q2 info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion García, J. Universidad de Zaragoza (orcid)0000-0001-9485-7678 Alesanco, Á. Universidad de Zaragoza (orcid)0000-0002-5254-1402 5008 560 Universidad de Zaragoza Dpto. Ingeniería Electrón.Com. Área Ingeniería Telemática 2020 (2020), 8856379 [9 pp] SECURITY AND COMMUNICATION NETWORKS SECURITY AND COMMUNICATION NETWORKS 1939-0114 1329780 http://zaguan.unizar.es/record/96176/files/texto_completo.pdf Versión publicada 36942 http://zaguan.unizar.es/record/96176/files/texto_completo.jpg?subformat=icon icon Versión publicada oai:zaguan.unizar.es:96176 articulos driver 2021-09-02-10:30:18 ARTICLE