Abstract
The end-users communicating over a network path currently have no control over the path. For a better quality of service, the source node often opts for a superior (or premium) network path to send packets to the destination node. However, the current Internet architecture provides no assurance that the packets indeed follow the designated path. Network path validation schemes address this issue and enable each node present on a network path to validate whether each packet has followed the specific path so far. In this work, we introduce two notions of privacy—path privacy and index privacy—in the context of network path validation. We show that, in case a network path validation scheme does not satisfy these two properties, the scheme is vulnerable to certain practical attacks (that affect the privacy, reliability, neutrality and quality of service offered by the underlying network). To the best of our knowledge, ours is the first work that addresses privacy issues related to network path validation. We design PrivNPV, a privacy-preserving network path validation protocol, that satisfies both path privacy and index privacy. We discuss several attacks related to network path validation and how PrivNPV defends against these attacks. Finally, we discuss the practicality of PrivNPV based on relevant parameters.
- Majeed Alajeely, Robin Doss, Asma’a Ahmad, and Vicky H. Mak-Hau. 2017. Defense against packet collusion attacks in opportunistic networks. Comput. Secur. 65 (2017), 269--282.Google Scholar
Digital Library
- Tom Anderson, Ken Birman, Robert M. Broberg, Matthew Caesar, Douglas Comer, Chase Cotton, Michael J. Freedman, Andreas Haeberlen, Zachary G. Ives, Arvind Krishnamurthy, William Lehr, Boon Thau Loo, David Mazières, Antonio Nicolosi, Jonathan M. Smith, Ion Stoica, Robbert van Renesse, Michael Walfish, Hakim Weatherspoon, and Christopher S. Yoo. 2014. A brief overview of the NEBULA future internet architecture. Comput. Commun. Rev. 44, 3 (2014), 81--86.Google Scholar
Digital Library
- Ioannis C. Avramopoulos, Hisashi Kobayashi, Randy Wang, and Arvind Krishnamurthy. 2004. Highly secure and efficient routing. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’04). 197--208.Google Scholar
Cross Ref
- Kai Bu, Yutian Yang, Avery Laird, Jiaqing Luo, Yingjiu Li, and Kui Ren. 2018. What’s (not) validating network paths: A survey. CoRR abs/1804.03385 (2018).Google Scholar
- Hao Cai and Tilman Wolf. 2015. Source authentication and path validation with orthogonal network capabilities. In Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM’15). 111--112.Google Scholar
Cross Ref
- Hao Cai and Tilman Wolf. 2016. Source authentication and path validation in networks using orthogonal sequences. In Proceedings of the International Conference on Computer Communication and Networks (ICCCN’16). 1--10.Google Scholar
Cross Ref
- André O. Castelucio, Antônio Tadeu A. Gomes, Artur Ziviani, and Ronaldo M. Salles. 2012. Intra-domain IP traceback using OSPF. Comput. Commun. 35, 5 (2012), 554--564.Google Scholar
Digital Library
- Dario Catalano, Dario Fiore, and Rosario Gennaro. 2009. Certificateless onion routing. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’09). 151--160.Google Scholar
Digital Library
- Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, and Adrian Perrig. 2015. HORNET: High-speed onion routing at the network layer. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’15). 1441--1454.Google Scholar
Digital Library
- Wei Dai. 2009. Crypto++ 5.6.0 Benchmarks. Retrieved from https://www.cryptopp.com/benchmarks.html.Google Scholar
- Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Trans. Info. Theory 22, 6 (1976), 644--654.Google Scholar
Digital Library
- Wenxiu Ding, Zheng Yan, and Robert H. Deng. 2016. A survey on future internet security architectures. IEEE Access 4 (2016), 4374--4393.Google Scholar
Cross Ref
- Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium. 303--320.Google Scholar
Digital Library
- Bin Guo, Zhu Wang, Zhiwen Yu, Yu Wang, Neil Y. Yen, Runhe Huang, and Xingshe Zhou. 2015. Mobile crowd sensing and computing: The review of an emerging human-powered sensing paradigm. Comput. Surveys 48, 1 (2015), 7:1--7:31.Google Scholar
Digital Library
- Yih-Chun Hu, Adrian Perrig, and Marvin A. Sirbu. 2004. SPV: Secure path vector routing for securing BGP. In Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. 179--192.Google Scholar
- Yixin Jiang, Haojin Zhu, Minghui Shi, Xuemin (Sherman) Shen, and Chuang Lin. 2010. An efficient dynamic-identity-based signature scheme for secure network coding. Comput. Netw. 54, 1 (2010), 28--40.Google Scholar
Digital Library
- Bounpadith Kannhavong, Hidehisa Nakayama, Nei Kato, Yoshiaki Nemoto, and Abbas Jamalipour. 2006. A collusion attack against OLSR-based mobile ad hoc networks. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’06).Google Scholar
Cross Ref
- Stephen T. Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BGP). IEEE J. Select. Areas Commun. 18, 4 (2000), 582--592.Google Scholar
Digital Library
- Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, and Adrian Perrig. 2014. Lightweight source authentication and path validation. In Proceedings of the ACM SIGCOMM Conference. 271--282.Google Scholar
- David Kirkpatrick. 2016. Google: 53% of Mobile Users Abandon Sites That Take over 3 Seconds to Load. Retrieved from https://www.marketingdive.com/news/google-53-of-mobile-users-abandon-sites-that-take-over-3-seconds-to-load/426070/.Google Scholar
- Neal Koblitz. 1987. Elliptic curve cryptosystems. Math. Comp. 48, 177 (1987), 203--209.Google Scholar
Digital Library
- Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Neil Spring, and Bobby Bhattacharjee. 2015. Alibi routing. In Proceedings of the ACM SIGCOMM Conference. 611--624.Google Scholar
Digital Library
- Steve Lohr. 2012. For Impatient Web Users, an Eye Blink Is Just Too Long to Wait. Retrieved from https://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html.Google Scholar
- William McGrath, Mozziyar Etemadi, Shuvo Roy, and Bjoern Hartmann. 2015. fabryq: Using phones as gateways to prototype internet of things applications using web scripting. In Proceedings of the ACM Symposium on Engineering Interactive Computing Systems (EICS’15). 164--173.Google Scholar
Digital Library
- Microsoft. 2018. Microsoft Azure IoT Reference Architecture (Version 2.1). Retrieved from https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-introduction.Google Scholar
- David L. Mills. 1992. Network Time Protocol (Version 3) Specification, Implementation and Analysis. Retrieved from https://tools.ietf.org/html/rfc1305.Google Scholar
- John Moy. 1998. OSPF Version 2. Retrieved from https://tools.ietf.org/html/rfc2328.Google Scholar
- Jad Naous, Michael Walfish, Antonio Nicolosi, David Mazières, Michael Miller, and Arun Seehra. 2011. Verifying and enforcing network paths with ICING. In Proceedings of the Conference on Emerging Networking Experiments and Technologies (CoNEXT’11). 30:1--30:12.Google Scholar
Digital Library
- NIST. 2001. Advanced Encryption Standard (AES). Retrieved from https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf.Google Scholar
- Venkata N. Padmanabhan and Daniel R. Simon. 2003. Secure traceroute to detect faulty or malicious routing. Comput. Commun. Rev. 33, 1 (2003), 77--82.Google Scholar
Digital Library
- Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat. 2017. SCION: A Secure Internet Architecture. Springer.Google Scholar
Cross Ref
- Jon Postel. 1981. Transmission Control Protocol. Retrieved from https://tools.ietf.org/html/rfc793.Google Scholar
- Barath Raghavan and Alex C. Snoeren. 2004. A system for authenticated policy-compliant routing. In Proceedings of the ACM SIGCOMM Conference. 167--178.Google Scholar
- Yakov Rekhter, Tony Li, and Susan Hares. 2006. A Border Gateway Protocol 4 (BGP-4). Retrieved from https://tools.ietf.org/html/rfc4271.Google Scholar
- Stefan Savage, David Wetherall, Anna R. Karlin, and Thomas E. Anderson. 2000. Practical network support for IP traceback. In Proceedings of the ACM SIGCOMM Conference. 295--306.Google Scholar
- Yilin Shen, Thang N. Dinh, and My T. Thai. 2012. Adaptive algorithms for detecting critical links and nodes in dynamic networks. In Proceedings of the IEEE Military Communications Conference (MILCOM’12). 1--6.Google Scholar
- Alex C. Snoeren. 2001. Hash-based IP traceback. In Proceedings of the ACM SIGCOMM Conference. 3--14.Google Scholar
Digital Library
- Dawn Xiaodong Song and Adrian Perrig. 2001. Advanced and authenticated marking schemes for IP traceback. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’01). 878--886.Google Scholar
- Emil Stefanov and Elaine Shi. 2012. FastPRP: Fast pseudo-random permutations for small domains. IACR Cryptol. ePrint Arch. 2012 (2012), 254.Google Scholar
- Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, and Sonesh Surana. 2002. Internet indirection infrastructure. In Proceedings of the ACM SIGCOMM Conference. 73--86.Google Scholar
Digital Library
- Paul F. Syverson, David M. Goldschlag, and Michael G. Reed. 1997. Anonymous connections and onion routing. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’97). 44--54.Google Scholar
- Praveen Tammana, Rachit Agarwal, and Myungjin Lee. 2015. CherryPick: Tracing packet trajectory in software-defined datacenter networks. In Proceedings of the ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR’15). 23:1--23:7.Google Scholar
Digital Library
- Michael Walfish, Jeremy Stribling, Maxwell N. Krohn, Hari Balakrishnan, Robert Tappan Morris, and Scott Shenker. 2004. Middleboxes no longer considered harmful. In Proceedings of the Symposium on Operating System Design and Implementation (OSDI’04). 215--230.Google Scholar
- Matthew Wall. 2016. How Long Will You Wait for a Shopping Website to Load? Retrieved from https://www.bbc.com/news/business-37100091.Google Scholar
- Edmund L. Wong, Praveen Balasubramanian, Lorenzo Alvisi, Mohamed G. Gouda, and Vitaly Shmatikov. 2007. Truth in advertising: Lightweight verification of route integrity. In Proceedings of the ACM Symposium on Principles of Distributed Computing, PODC. 147--156.Google Scholar
Digital Library
- Fuyuan Zhang, Limin Jia, Cristina Basescu, Tiffany Hyun-Jin Kim, Yih-Chun Hu, and Adrian Perrig. 2014. Mechanized network origin and path authenticity proofs. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS. 346--357.Google Scholar
Digital Library
- Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen. 2011. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’11). 212--227.Google Scholar
Index Terms
Privacy-preserving Network Path Validation
Recommendations
VALNET: Privacy-preserving multi-path validation
AbstractNetwork path validation (or simply, path validation) provides network end-hosts with the ability to enforce the network paths they want their packets to traverse. Path validation also enables each on-path node to validate whether a ...
OPAQUE: Protecting Path Privacy in Directions Search
ICDE '09: Proceedings of the 2009 IEEE International Conference on Data EngineeringDirections search returns the shortest path from a source to a destination on a road network. However, the search interests of users may be exposed to the service providers, thus raising privacy concerns. For instance, a path query that finds a path ...
Privacy Preserving Shortest Path Computation in Presence of Convex Polygonal Obstacles
ARES '08: Proceedings of the 2008 Third International Conference on Availability, Reliability and SecurityShortest path computation in presence of obstacles has been a subject of study since long and so has been the study of privacy preserving algorithms. In this paper we design efficient privacy preserving algorithms for computing the shortest path ...






Comments