A group key agreement based encrypted traffic detection scheme for Internet of Things

In CCS 2019, the privacy-preserving deep package inspection (PrivDPI) was proposed to detect anomalies and suspicious activities in encrypted network traffic, which is a provably secure and highly efficient approach for the end-to-end communication model. However, PrivDPI cannot be applied directly on the scenarios of the Internet of Things (IoT) due to its one/many-to-many communication model in which key agreement will bring giant power consumption. In this paper, we propose a group key agreement based encrypted traffic detection scheme for the Internet of Things (GKA_DPI) to solve it. In GKA_DPI, we still use BlindBox for traffic detection, which was used in PrivDPI and Sherry's scheme. The difference is that we use a dynamic group key agreement to replace the original key agreement protocol to reduce power consumption. Then we can perform deep traffic detection over encrypted packages on the widely used protocol Message Queuing Telemetry Transport (MQTT) of IoT. GKA_DPI can detect encrypted traffic without decrypting transmitted messages and find out malicious traffic to ensure the security of sensor network communication. Finally, we prove the forward and backward secrecy of proposed GKA_DPI.