Network-level privacy for hosted cloud services

Cloud infrastructure providers allow multiple services to be hosted on a shared physical infrastructure. In a typical virtualized and multi-tenant environment, the cloud infrastructure and the hosted cloud services are managed by different administrative entities that may not trust each other. In such a scenario, the cloud service providers might hesitate to disclose operational information to the infrastructure providers. In this paper, we present Encrypted IP (EncrIP), a network-level design consideration for encrypting IP addresses that hides information about which end-systems are communicating in a cloud service, while still allowing packet forwarding with longest-prefix match in commodity routers. Using probabilistic encryption, EncrIP can avoid that an observer can identify what traffic belongs to the same source-destination pairs. Our evaluation results show that EncrIP requires only a few MB of memory on the gateways where traffic enters and leaves the cloud network infrastructure. In our prototype implementation of EncrIP on GENI, which uses standard IP headers, the success probability of a statistical inference attack to identify packets belonging to the same session is less than 0.001%. Therefore, we believe EncrIP presents a practical solution for protecting privacy in multi-tenant, cloud network infrastructure.