PPFilter: Provider Privacy-aware Encrypted Filtering System
Filtering refers to an operation to determine whether the concerned data should be accepted and transferred, or be blocked and marked as a malicious traffic flow. It mitigates inter-domain bandwidth overhead, local computational cost and storage cost for data identification. In many sensitive applications, the provider identity needs to be hidden. This creates challenges how to filter transmitted data packets with encrypted forms. It is non-trivial to hide this provider's identity while enabling filtering, as the used policy as a matching criteria will need to determine whether the data needs to be transferred or not without knowing the origin of that data. In this work, we design PPFilter, a privacy-aware encrypted filtering mechanism which allows the filtering to be conducted without knowing the provider identity. PPFilter achieves the integrity protection of data packets and the provider privacy Level 3. PPFilter is built on top of a novel notion called identity-based encryption with sender search (IESS), which supports anonymous sender identity in an encrypted searching. We present a provably secure IESS instantiation, and apply it to achieve a PPFilter protocol. The analysis and evaluation show that PPFilter maintains cost-reasonable filtering while preserving provider privacy, and hence it guarantees its practicality.