{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,23]],"date-time":"2025-10-23T00:17:23Z","timestamp":1761178643497,"version":"build-2065373602"},"reference-count":33,"publisher":"Oxford University Press (OUP)","issue":"10","license":[{"start":{"date-parts":[[2025,5,24]],"date-time":"2025-05-24T00:00:00Z","timestamp":1748044800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"name":"Key-Area Research and Development Program of Guangdong Province","award":["2020B0101130003"],"award-info":[{"award-number":["2020B0101130003"]}]},{"name":"Major Key Project of PCL","award":["PCL2024A05"],"award-info":[{"award-number":["PCL2024A05"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202473","62272466","62441230","62372123"],"award-info":[{"award-number":["62202473","62272466","62441230","62372123"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Science and Technology Innovation Project of Guangdong","award":["2023TQ07X004"],"award-info":[{"award-number":["2023TQ07X004"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,10,22]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>In virtual private network (VPN) tunnel mode, the entire original packet, including the header\u2019s five-tuple information, is encrypted, which prevents traditional scheduling algorithms from evenly distributing packets to central processing unit (CPU) cores based on packet header information. To address the need for data security and encrypted packet scheduling, we propose a novel framework, named REFS (receive encrypted flow steering), for accelerated receive encrypted flow steering. This work creatively adopts a new method that allows encrypted packets to be distributed across CPU cores without decrypting them, overcoming limitations of traditional scheduling approaches. It efficiently distributes encrypted packets across CPU cores, enabling dynamic allocation of CPU resources. A key feature of REFS is its ability to perform this distribution without decrypting the packets, which enhances dynamic load balancing and improves system responsiveness. When integrated into the Linux kernel\u2019s VPN functionality, REFS can potentially increase throughput by up to 50% compared to WireGuard, which is a benchmark for kernel-based VPN performance. Upon integration of REFS into userspace, network performance shows significant improvements: throughput doubles, while latency is reduced by 80%.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaf059","type":"journal-article","created":{"date-parts":[[2025,4,26]],"date-time":"2025-04-26T08:22:12Z","timestamp":1745655732000},"page":"1565-1578","source":"Crossref","is-referenced-by-count":0,"title":["REFS: a novel framework for accelerated receive encrypted flow steering"],"prefix":"10.1093","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-0339-5307","authenticated-orcid":false,"given":"Zengxie","family":"Ma","sequence":"first","affiliation":[{"name":"School of Information , Renmin University of China, Haidian District, 100872 Beijing,","place":["China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6495-081X","authenticated-orcid":false,"given":"Yao","family":"Xin","sequence":"additional","affiliation":[{"name":"Cyberspace Institute of Advanced Techology , Guangzhou University, Huangpu District, 510530 Guangzhou,","place":["China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8355-0969","authenticated-orcid":false,"given":"Ning","family":"Hu","sequence":"additional","affiliation":[{"name":"Department of New Networks , Pengcheng Laboratory, Nanshan District, 518000 Shenzhen,","place":["China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6805-9565","authenticated-orcid":false,"given":"Tong","family":"Li","sequence":"additional","affiliation":[{"name":"School of Information , Renmin University of China, Haidian District, 100872 Beijing,","place":["China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0284-1113","authenticated-orcid":false,"given":"Zhaorui","family":"Zhang","sequence":"additional","affiliation":[{"name":"Department of Computing , The Hong Kong Polytechnic University, 11 Yuk Choi Road, Hung Hom, Kowloon, 000000","place":["Hong Kong"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1983-7321","authenticated-orcid":false,"given":"Feng","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Information , Renmin University of China, Haidian District, 100872 Beijing,","place":["China"]}]}],"member":"286","published-online":{"date-parts":[[2025,5,24]]},"reference":[{"key":"2025102208424669100_ref1","article-title":"Performance issues in parallelized network protocols","volume-title":"First Symposium on Operating Systems Design and Implementation (OSDI 94)","author":"Nahum","year":"1994"},{"key":"2025102208424669100_ref2"},{"key":"2025102208424669100_ref3","article-title":"Receive packet steering"},{"key":"2025102208424669100_ref4","doi-asserted-by":"crossref","DOI":"10.1145\/3359989.3365412","article-title":"Rss++: load and state-aware receive side scaling","volume-title":"Proceedings of the 15th International Conference on Emerging Networking Experiments and Technologies, CoNEXT \u201819, 318\u2013333, New York, NY, USA","author":"Barbette","year":"2019"},{"key":"2025102208424669100_ref5","doi-asserted-by":"crossref","DOI":"10.1145\/3281411.3281443","article-title":"The express data path: fast programmable packet processing in the operating system kernel","volume-title":"proceedings of the 14th international conference on emerging networking EXperiments and technologies, CoNEXT \u201818, 54\u201366, New York, NY, USA","author":"H\u00f8iland-J\u00f8rgensen","year":"2018"},{"key":"2025102208424669100_ref6","article-title":"Tunnel mode processing","volume":"4303","author":"Kent","year":"2005","journal-title":"RFC"},{"key":"2025102208424669100_ref7","first-page":"1","article-title":"Donenfeld. Wireguard: Next Generation Kernel Network Tunnel","volume-title":"Network and Distributed System Security Symposium","author":"Jason","year":"2017"},{"key":"2025102208424669100_ref8","article-title":"Transport mode processing","volume":"4303","author":"Kent","year":"2005","journal-title":"RFC"},{"volume-title":"Elements of Information Theory (Wiley Series in Telecommunications and Signal Processing)","year":"2006","author":"Cover","key":"2025102208424669100_ref9"},{"key":"2025102208424669100_ref10","doi-asserted-by":"publisher","first-page":"55380","DOI":"10.1109\/ACCESS.2018.2872430","article-title":"Datanet: deep learning based encrypted network traffic classification in sdn home gateway","volume":"6","author":"Wang","year":"2018","journal-title":"IEEE Access"},{"key":"2025102208424669100_ref11","first-page":"41","article-title":"A hierarchical approach to encrypted data packet classification in smart home gateways","volume-title":"2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC\/PiCom\/DataCom\/CyberSciTech)","author":"Chen","year":"2018"},{"key":"2025102208424669100_ref12","first-page":"1","article-title":"Encrypted traffic classification at line rate in programmable switches with machine learning","volume-title":"NOMS 2024\u20132024 IEEE Network Operations and Management Symposium","author":"Akem","year":"2024"},{"key":"2025102208424669100_ref13","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","article-title":"Accurate decentralized application identification via encrypted traffic analysis using graph neural networks","volume":"16","author":"Shen","year":"2021","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2025102208424669100_ref14","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1109\/TIFS.2017.2737970","article-title":"Robust smartphone app identification via encrypted network traffic analysis","volume":"13","author":"Taylor","year":"2018","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2025102208424669100_ref15","doi-asserted-by":"crossref","DOI":"10.1145\/3485447.3512217","article-title":"Et-bert: a contextualized datagram representation with pre-training transformers for encrypted traffic classification","volume-title":"Proceedings of the ACM Web Conference 2022, WWW \u201822, 633\u2013642, New York, NY, USA","author":"Lin","year":"2022"},{"key":"2025102208424669100_ref16","doi-asserted-by":"publisher","first-page":"102361","DOI":"10.1016\/j.asej.2023.102361","article-title":"Encrypted network traffic classification based on machine learning","volume":"15","author":"Elmaghraby","year":"2024","journal-title":"Ain Shams Eng J"},{"key":"2025102208424669100_ref17","first-page":"169","article-title":"On Data Banks and Privacy Homomorphisms","volume-title":"Foundations of Secure Computation","author":"Ronald","year":"1978"},{"key":"2025102208424669100_ref18","article-title":"Comparing tcp performance of tunneled and non-tunneled traffic using openvpn","author":"Musulin","year":"2011","journal-title":"Comput Sci Eng"},{"key":"2025102208424669100_ref19","first-page":"325","article-title":"Performance analysis of vpn gateways","volume-title":"2020 IFIP Networking Conference (Networking)","author":"Pudelko","year":"2020"},{"key":"2025102208424669100_ref20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TCC.2025.3559346","article-title":"Breaking the edge: enabling efficient neural network inference on integrated edge devices","author":"Zhang","year":"2025","journal-title":"IEEE Trans Cloud Comput Secur"},{"key":"2025102208424669100_ref21","doi-asserted-by":"crossref","DOI":"10.1145\/258533.258660","article-title":"Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide web","volume-title":"Proceedings of the twenty-ninth annual ACM symposium on theory of computing, STOC \u201897, 654\u2013663, New York, NY, USA","author":"Karger","year":"1997"},{"key":"2025102208424669100_ref22","article-title":"Intel. Ethernet flow director"},{"key":"2025102208424669100_ref23","article-title":"Receive flow steering"},{"key":"2025102208424669100_ref24","doi-asserted-by":"publisher","first-page":"459","DOI":"10.1109\/TPDS.2021.3093234","article-title":"Poclib: a high-performance framework for enabling near orthogonal processing on compression","volume":"33","author":"Zhang","year":"2022","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"2025102208424669100_ref25","doi-asserted-by":"crossref","DOI":"10.1145\/3286062.3286081","article-title":"A case for spraying packets in software middleboxes","volume-title":"Proceedings of the 17th ACM Workshop on Hot Topics in Networks, HotNets \u201818, 127\u2013133, New York, NY, USA","author":"Sadok","year":"2018"},{"key":"2025102208424669100_ref26","doi-asserted-by":"crossref","DOI":"10.1145\/2168836.2168870","article-title":"Improving network connection locality on multicore systems","volume-title":"Proceedings of the 7th ACM European Conference on Computer Systems, EuroSys \u201812, 337\u2013350, New York, NY, USA","author":"Pesterev","year":"2012"},{"key":"2025102208424669100_ref27","first-page":"1","article-title":"Privacy computing: concept, computing framework, and future development trends","volume":"37","author":"Li","year":"2016","journal-title":"J Commun"},{"key":"2025102208424669100_ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_5","article-title":"Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based","author":"Gentry","year":"2013","journal-title":"Cryptology ePrint Archive."},{"key":"2025102208424669100_ref29","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/s10207-010-0119-9","article-title":"A generalization of paillier\u2019s public-key system with applications to electronic voting","volume":"9","author":"Damg\u00e5rd","year":"2003","journal-title":"Int J Inform Secur"},{"key":"2025102208424669100_ref30","doi-asserted-by":"crossref","DOI":"10.1145\/1536414.1536440","article-title":"Fully homomorphic encryption using ideal lattices","volume-title":"Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC \u201809, 169\u2013178, New York, NY, USA","author":"Gentry","year":"2009"},{"key":"2025102208424669100_ref31","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3371038","article-title":"Fast packet processing with ebpf and xdp: concepts, code, challenges, and applications","volume":"53","author":"Vieira","year":"2020","journal-title":"ACM Comput Surv"},{"key":"2025102208424669100_ref32","article-title":"A proof-of-concept 5g mobile gateway with ebpf","volume-title":"Proceedings of the SIGCOMM \u201820 Poster and Demo Sessions, SIGCOMM \u201820, 68\u201369, New York, NY, USA","author":"Parola","year":"2021"},{"key":"2025102208424669100_ref33","doi-asserted-by":"crossref","DOI":"10.1145\/3098822.3098852","article-title":"Vinh the lam, Carlo Contavalli, and Amin Vahdat. Carousel: scalable traffic shaping at end hosts","volume-title":"Proceedings of the Conference of the ACM Special Interest Group on Data Communication, SIGCOMM \u201817, 404\u2013417, New York, NY, USA","author":"Saeed","year":"2017"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/10\/1565\/63329595\/bxaf059.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/10\/1565\/63329595\/bxaf059.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T12:42:56Z","timestamp":1761136976000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/68\/10\/1565\/8145615"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,24]]},"references-count":33,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2025,5,24]]},"published-print":{"date-parts":[[2025,10,22]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaf059","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"type":"print","value":"0010-4620"},{"type":"electronic","value":"1460-2067"}],"subject":[],"published-other":{"date-parts":[[2025,10]]},"published":{"date-parts":[[2025,5,24]]}}}