Preserving user query privacy in cloud-based security services

Cloud-based security services become popular in protection against security attacks for resource-constrained end-user devices. With abundant hardware at the cloud and strong support by security professionals, cloud-based security services can provide better protection than traditional security monitoring agents. However, security services usually involve the inspection of private system states or user behavior, which should not be disclosed to an untrusted entity, such as a cloud service provider. Maintaining end-user privacy and allowing security services to work on the cloud seem contradictory.In this paper, we present a framework for building privacy-preserving cloud-based security services. The framework consists of an architecture for building cloud-based security services and a technique, called private signature filtering, to preserve end-user privacy. The framework supports security monitoring signatures whose correspondence with end-user device queries can be established through conjunction of keywords and numeric value ranges. The framework also allows a trusted middle layer to do a part of the security monitoring computation for the end-user device to reduce the computation overhead on the end-user device.We implement two prototype systems for the cloud-based network intrusion service and the cloud-based malicious URL detection service, to verify effectiveness of our design. The experimental results show that the framework can indeed ensure end-user privacy with acceptable performance overhead in a practical cloud-based security service setting.