Prof. Dali Kaafar


Group Leader, Senior Principal Researcher…

Prof. Dali Kaafar is the Group Leader of the Networks Research Group and a Senior Principal Researcher at Data61. His main research interests are in the area of Online Privacy, Networks Security and Performance modelling. He holds the position of visiting professor of the Chinese Academy of Science (CAS). He was previously a research leader and a principal researcher at the Mobile Networks Systems group at NICTA and a researcher at the Privatics team at INRIA in France. Prof. Kaafar obtained an Engineering degree, an M.S and a Ph.D. in Computer Science from Ecole Polytechnique Nice Sophia Antipolis. He published over 200 scientific peer-reviewed papers with several repetitive publications in the prestigious ACM SIGCOMM and IEEE INFOCOM. Prof. Kaafar is also a member of the editorial board of the Privacy Enhancing Technologies Symposium and Journal (PETS and PoPETS). In 2015, he has been appointed as the editor of the IEEE Internet Computing on Small Wearables and currently serves as the associate editor of the ACM Transactions on Modeling and Performance Evaluation of Computing Systems. He is also member of several technical committees including the ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), ACM Internet Measurement Conference (IMC) and WWW. He is the general Chair of Passive Active Measurement 2017.

YOW! Data 2016 Sydney

Don’t Give the Network a Function, Teach the Network how to Function!


Organizations are increasingly prone to outsource network functions to the cloud, aiming to reduce the cost and the complexity of maintaining network infrastructures. At the same time, however, outsourcing implies that sensitive network policies, such as firewall rules, are revealed to the cloud provider. In this talk, I will walk you through investigation of the use of a few cryptographic primitives for processing outsourced network functions, so that the provider does not learn any sensitive information.

I will present a cryptographic treatment of privacy-preserving outsourcing of network functions, introducing security definitions as well as an abstract model of generic network functions, and then propose a few instantiations using homomorphic encryption and public-key encryption with keyword search. This will be an illustration of things you should not do if you are after high performance Function Outsourcing. On the other hand however, that shows that it is feasible if Performance, as in run time performance, is not critical.

I will then presents SplitBox, an efficient system for privacy-preserving processing of network functions that are outsourced as software processes to the cloud. Specifically, cloud providers processing the network functions do not learn the network policies instructing how the functions are to be processed. First, I will present an abstract model of a generic network function based on match-action pairs. We assume that this function is processed in a distributed manner by multiple honest-but-curious cloud service providers. Then, I will describe in detail the SplitBox system for private network function virtualization and present a proof-of-concept implementation on FastClick, an extension of the Click modular router, using a firewall as a use case. This PoC achieves a throughput of over 2 Gbps with 1 kB-sized packets on average, traversing up to 60 firewall rules.