Cited By
View all- Gomez CWang XShami A(2021)Federated Intelligence for Active Queue Management in Inter-Domain CongestionIEEE Access10.1109/ACCESS.2021.30501749(10674-10685)Online publication date: 2021
Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps
Pages 6 - 8
Abstract
SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level.
In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.
References
[1]
Rüdiger Birkner, Arpit Gupta, Nick Feamster, and Laurent Vanbever. 2017. SDX-Based Flexibility or Internet Correctness?: Pick Two!. In SOSR.
[2]
Marco Chiesa, Daniel Demmler, Marco Canini, Michael Schapira, and Thomas Schneider. 2016. Towards Securing Internet eXchange Points Against Curious onlooKers. In Applied Networking Research Workshop.
[3]
Marco Chiesa and et al. 2016. Inter-Domain Networking Innovation on Steroids: Empowering IXPs withSDN Capabilities. IEEE Communications Magazine 54, 10 (Oct 2016), 102--108.
[4]
Daniel Demmler, Thomas Schneider, and Michael Zohner. 2015. ABY -- A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS.
[5]
Oded Goldreich, Silvio Micali, and Avi Wigderson. 1987. How to play any mental game. In STOC.
[6]
Arpit Gupta and et al. 2014. SDX: A Software Defined Internet eXchange. In SIGCOMM.
[7]
Debayan Gupta, Aaron Segal, Aurojit Panda, Gil Segev, Michael Schapira, Joan Feigenbaum, Jenifer Rexford, and Scott Shenker. 2012. A new approach to interdomain routing based on secure multi-party computation. In Proceedings of the 11th ACM Workshop on Hot Topics in Networks. ACM, 37--42.
[8]
Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header Space Analysis: Static Checking for Networks. In NSDI.
[9]
Andrew C Yao. 1982. Protocols for Secure Computations. In FOCS.
Index Terms
- Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps
Recommendations
Path-Preserving Anonymization for Inter-domain Routing Policies
Risks and Security of Internet and SystemsAbstractThe Internet consists of tens of thousands of autonomous systems (ASes), which exchange routing information through policy-based routing protocols, such as Border Gateway Protocol (BGP). BGP allows network administrators/operators to configure ...
Inter-domain collaborative routing (IDCR): Server selection for optimal client performance
Communication between institutions, or domains, residing in the Internet requires a route to be created between the routing domains. Each of these domains is controlled by a single administrative authority, and is referred to as an autonomous system (AS)...
Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation
APNet '23: Proceedings of the 7th Asia-Pacific Workshop on NetworkingInterdomain network configuration errors can lead to disastrous financial and social consequences. Although substantial progress has been made in using formal methods to verify whether network configurations conform to certain properties, current tools ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
August 2017
158 pages
ISBN:9781450350570
DOI:10.1145/3123878
Copyright © 2017 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 August 2017
Check for updates
Author Tags
Qualifiers
- Poster
- Research
- Refereed limited
Funding Sources
Conference
SIGCOMM '17
Sponsor:
Acceptance Rates
Overall Acceptance Rate 92 of 158 submissions, 58%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 311Total Downloads
- Downloads (Last 12 months)22
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Dec 2024
Other Metrics
Citations
Cited By
View all- Gomez CWang XShami A(2021)Federated Intelligence for Active Queue Management in Inter-Domain CongestionIEEE Access10.1109/ACCESS.2021.30501749(10674-10685)Online publication date: 2021
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in