Network function virtualisation enables versatile network functions as cloud services with reduced cost. Specifically, network measurement tasks such as heavy-hitter detection and flow distribution estimation serve many core network functions for improved performance and security of enterprise networks. However, deploying network measurement services in third-party multi-tenant cloud service providers raises critical privacy and security concerns. Recent studies demonstrate that leaking and abusing flow statistics can lead to severe network attacks such as DDoS, network topology manipulation and poisoning, etc.
In this paper, we propose OblivSketch, an oblivious network measurement service using Intel SGX. It employs hardware enclave for secure network statistics generation and queries. The statistics are maintained in newly designed oblivious data structures inside the SGX enclave and queried by data-oblivious algorithms to prevent data leakage caused by access patterns to the memory of SGX. To demonstrate the practicality, we implement OblivSketch as a full-fledge service integrated with the off-the-shelf SDN framework. The evaluations demonstrate that OblivSketch consumes a constant and small memory space (6MB) to track a massive amount of flows (from 30k to 1.45m), and it takes no more than 15ms to respond six widely adopted measurement queries for a 5s-trace with 70k flows.