TY - GEN
T1 - Zero-Knowledge Middleboxes
AU - Grubbs, Paul
AU - Arun, Arasu
AU - Zhang, Ye
AU - Bonneau, Joseph
AU - Walfish, Michael
N1 - Funding Information:
We are indebted to Chris Wood for suggestions and insights about DNS throughout this project. Srikar Varadaraj provided help during the early stages of this work. Malavika Bal-achandran Tadeusz, Bill Budington, Richard Clayton, Henry Corrigan-Gibbs, Zachary DeStefano, Felix Günther, Anurag Khandelwal, Ian Miers, Eric Rescorla, Justin Thaler, Collin Zhang, Pete Zimmerman, and the anonymous reviewers gave helpful comments. This research was supported by DARPA under Agreement No. HR00112020022. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or DARPA.
Publisher Copyright:
© USENIX Security Symposium, Security 2022.All rights reserved.
PY - 2022
Y1 - 2022
N2 - This paper initiates research on zero-knowledge middleboxes (ZKMBs). A ZKMB is a network middlebox that enforces network usage policies on encrypted traffic. Clients send the middlebox zero-knowledge proofs that their traffic is policy-compliant; these proofs reveal nothing about the client's communication except that it complies with the policy. We show how to make ZKMBs work with unmodified encrypted-communication protocols (specifically TLS 1.3), making ZKMBs invisible to servers. As a contribution of independent interest, we design optimized zero-knowledge proofs for TLS 1.3 session keys. We apply the ZKMB paradigm to several case studies. Experimental results suggest that in certain settings, performance is in striking distance of practicality; an example is a middlebox that filters domain queries (each query requiring a separate proof) when the client has a long-lived TLS connection with a DNS resolver. In such configurations, the middlebox's overhead is 2-5 ms of running time per proof, and client latency to create a proof is several seconds. On the other hand, clients may have to store hundreds of MBs depending on the underlying zero-knowledge proof machinery, and for some applications, latency is tens of seconds.
AB - This paper initiates research on zero-knowledge middleboxes (ZKMBs). A ZKMB is a network middlebox that enforces network usage policies on encrypted traffic. Clients send the middlebox zero-knowledge proofs that their traffic is policy-compliant; these proofs reveal nothing about the client's communication except that it complies with the policy. We show how to make ZKMBs work with unmodified encrypted-communication protocols (specifically TLS 1.3), making ZKMBs invisible to servers. As a contribution of independent interest, we design optimized zero-knowledge proofs for TLS 1.3 session keys. We apply the ZKMB paradigm to several case studies. Experimental results suggest that in certain settings, performance is in striking distance of practicality; an example is a middlebox that filters domain queries (each query requiring a separate proof) when the client has a long-lived TLS connection with a DNS resolver. In such configurations, the middlebox's overhead is 2-5 ms of running time per proof, and client latency to create a proof is several seconds. On the other hand, clients may have to store hundreds of MBs depending on the underlying zero-knowledge proof machinery, and for some applications, latency is tens of seconds.
UR - http://www.scopus.com/inward/record.url?scp=85140973216&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85140973216&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85140973216
T3 - Proceedings of the 31st USENIX Security Symposium, Security 2022
SP - 4255
EP - 4272
BT - Proceedings of the 31st USENIX Security Symposium, Security 2022
PB - USENIX Association
T2 - 31st USENIX Security Symposium, Security 2022
Y2 - 10 August 2022 through 12 August 2022
ER -