In this work, we introduce the system boundary security vs. privacy dilemma, where border devices (e.g., firewall devices) require unencrypted data inspection to prevent data exfiltration or unauthorized data accesses, but unencrypted data inspection violates data privacy. To shortcut this problem, we present Oblivious Inspection, a novel approach based on garbled circuits to perform a stateful application-aware inspection of encrypted network traffic in a privacy-preserving way. We also showcase an inspection algorithm for Fast Healthcare Interoperability Resources (FHIR) standard compliant packets along with its performance results. The results point out the importance of the inspection function being aligned with the underlying garbled circuit protocol. In this line, mandatory encryption algorithms for TLS 1.3 have been analysed observing that packets encrypted using Chacha20 can be filtered up to 17 and 25 times faster compared with AES128-GCM and AES256-GCM, respectively. All together, this approach penalizes performance to align system security and data privacy, but it could be appropriate for those scenarios where this performance degradation can be justified by the sensibility of the involved data such as healthcare scenarios.

中文翻译：

---

遗忘检查：论域边界上的系统安全性与数据隐私之间的对抗

在这项工作中，我们介绍了系统边界安全与隐私困境，边界设备（例如，防火墙设备）要求未加密的数据检查以防止数据泄露或未授权的数据访问，但是未加密的数据检查会破坏数据隐私。为了简化此问题，我们提出了“遗忘检查”，这是一种基于乱码的新颖方法，可以以隐私保护的方式对加密的网络流量执行有状态的应用感知检查。我们还将展示针对快速医疗互操作性资源（FHIR）标准的数据包的检查算法及其性能结果。结果指出了检查功能与底层乱码协议相一致的重要性。在此行中，TLS 1的强制加密算法。已对3进行了分析，观察到与AES128-GCM和AES256-GCM相比，使用Chacha20加密的数据包可以分别快17倍和25倍。总之，这种方法会降低性能以使系统安全性和数据隐私保持一致，但是对于那些性能下降可以通过相关数据的敏感性来证明其合理性的情况（例如医疗保健情况）可能是合适的。