Practical Encrypted Network Traffic Pattern Matching for Secure Middleboxes

Network Function Virtualisation (NFV) advances the adoption of composable software middleboxes. Accordingly, cloud data centres become major NFV vendors for enterprise traffic processing. Due to the privacy concern of traffic redirection to the cloud, secure middlebox systems (e.g., BlindBox) draw much attention; they can process encrypted packets against encrypted rules directly. However, most of the existing systems supporting pattern matching based network functions require the enterprise gateway to tokenise packet payloads via sliding windows. Such tokenisation induces a considerable communication overhead, which can be over 100$\times$ to the packet size. To overcome this bottleneck, in this paper, we propose the first bandwidth-efficient encrypted pattern matching protocol for secure middleboxes. We resort to a primitive called symmetric hidden vector encryption (SHVE), and propose a variant of it, aka SHVE+, to achieve constant and moderate communication cost. To speed up, we devise encrypted filters to reduce the number of accesses to SHVE+ during matching highly. We formalise the security of our proposed protocol and conduct comprehensive evaluations over real-world rulesets and traffic dumps. The results show that our design can inspect a packet over 20k rules within 100 $\mu$s. Compared to prior work, it brings a saving of 94$\%$ in bandwidth consumption

Result Pattern Hiding Searchable Encryption for Conjunctive Queries

The recently proposed Oblivious Cross-Tags (OXT) protocol (CRYPTO 2013) has broken new ground in designing efficient searchable symmetric encryption (SSE) protocol with support for conjunctive keyword search in a single-writer single-reader framework. While the OXT protocol offers high performance by adopting a number of specialised data-structures, it also trades-off security by leaking ‘partial’ database information to the server. Recent attacks have exploited similar partial information leakage to breach database confidentiality. Consequently, it is an open problem to design SSE protocols that plug such leakages while retaining similar efficiency. In this paper, we propose a new SSE protocol, called Hidden Cross-Tags (HXT), that removes ‘Keyword Pair Result Pattern’ (KPRP) leakage for conjunctive keyword search. We avoid this leakage by adopting two additional cryptographic primitives - Hidden Vector Encryption (HVE) and probabilistic (Bloom filter) indexing into the HXT protocol. We propose a ‘lightweight’ HVE scheme that only uses efficient symmetric-key building blocks, and entirely avoids elliptic curve-based operations. At the same time, it affords selective simulation-security against an unbounded number of secret-key queries. Adopting this efficient HVE scheme, the overall practical storage and computational overheads of HXT over OXT are relatively small (no more than 10% for two keywords query, and 21% for six keywords query), while providing a higher level of security

Nitrogen, manganese, iron, and carbon resource acquisition are potential functions of the wild rice Oryza rufipogon core rhizomicrobiome

Background: The assembly of the rhizomicrobiome, i.e., the microbiome in the soil adhering to the root, is influenced by soil conditions. Here, we investigated the core rhizomicrobiome of a wild plant species transplanted to an identical soil type with small differences in chemical factors and the impact of these soil chemistry differences on the core microbiome after long-term cultivation. We sampled three natural reserve populations of wild rice (i.e., in situ) and three populations of transplanted in situ wild rice grown ex situ for more than 40 years to determine the core wild rice rhizomicrobiome. Results: Generalized joint attribute modeling (GJAM) identified a total of 44 amplicon sequence variants (ASVs) composing the core wild rice rhizomicrobiome, including 35 bacterial ASVs belonging to the phyla Actinobacteria, Chloroflexi, Firmicutes, and Nitrospirae and 9 fungal ASVs belonging to the phyla Ascomycota, Basidiomycota, and Rozellomycota. Nine core bacterial ASVs belonging to the genera Haliangium, Anaeromyxobacter, Bradyrhizobium, and Bacillus were more abundant in the rhizosphere of ex situ wild rice than in the rhizosphere of in situ wild rice. The main ecological functions of the core microbiome were nitrogen fixation, manganese oxidation, aerobic chemoheterotrophy, chemoheterotrophy, and iron respiration, suggesting roles of the core rhizomicrobiome in improving nutrient resource acquisition for rice growth. The function of the core rhizosphere bacterial community was significantly (p < 0.05) shaped by electrical conductivity, total nitrogen, and available phosphorus present in the soil adhering to the roots. Conclusion: We discovered that nitrogen, manganese, iron, and carbon resource acquisition are potential functions of the core rhizomicrobiome of the wild rice Oryza rufipogon. Our findings suggest that further potential utilization of the core rhizomicrobiome should consider the effects of soil properties on the abundances of different genera. [MediaObject not available: see fulltext.]

Tribological responses of the WC/a-C film to sliding against different counterparts in air, water and oil

The WC/a-C film prepared using a reactive magnetron sputtering system was investigated. The film structure and properties were characterized, and the friction response mechanism between this film and several counterparts was investigated under different environments. The hardness and surface roughness of the counterpart as well as the match between the properties of the counterpart and the film were identified as factors that play a critical role in the friction behaviour. The environment affected the extent of wear through physical and chemical reactions, and mechanical wear with friction chemical reactions was found to be the major mechanism of influence. This study is of great practical interest, as it will help to extend the service life of WC/a-C films and minimize loss during the initial running-in period

Achieving excellent tribological performance of a-C: WC film by controlling sub-nano-structure

To study the tribological behavior of a-C: WC films in the marine environment, the a-C: WC films fabricated by reactive magnetron sputter technique with different bias voltages were reciprocally sliding against Si3N4 balls in artificial seawater. Results showed that the a-C: WC film was an amorphous matrix mixed with plenty of short-range ordered structures in sub-nano scale. Excellent tribological performance of the a-C: WC film in seawater could be achieved when the sub-nano-structure possessed excellent overall mechanical properties in combination with fewer growth defects on the surface. The lowest COF and wear rate for a-C: WC film (- 30 V) in seawater were 0.12 and 6.2 x 10(-8) mm(3 )N(-l) m(-1), respectively. The results demonstrated the potential application of a-C: WC films as protective surfaces in marine environments

Achieving excellent tribological performance of a-C: WC film by controlling sub-nano-structure

To study the tribological behavior of a-C: WC films in the marine environment, the a-C: WC films fabricated by reactive magnetron sputter technique with different bias voltages were reciprocally sliding against Si3N4 balls in artificial seawater. Results showed that the a-C: WC film was an amorphous matrix mixed with plenty of short-range ordered structures in sub-nano scale. Excellent tribological performance of the a-C: WC film in seawater could be achieved when the sub-nano-structure possessed excellent overall mechanical properties in combination with fewer growth defects on the surface. The lowest COF and wear rate for a-C: WC film (- 30 V) in seawater were 0.12 and 6.2 x 10(-8) mm(3 )N(-l) m(-1), respectively. The results demonstrated the potential application of a-C: WC films as protective surfaces in marine environments