skip to main content
research-article

Privacy-preserving Network Path Validation

Published:07 February 2020Publication History
Skip Abstract Section

Abstract

The end-users communicating over a network path currently have no control over the path. For a better quality of service, the source node often opts for a superior (or premium) network path to send packets to the destination node. However, the current Internet architecture provides no assurance that the packets indeed follow the designated path. Network path validation schemes address this issue and enable each node present on a network path to validate whether each packet has followed the specific path so far. In this work, we introduce two notions of privacy—path privacy and index privacy—in the context of network path validation. We show that, in case a network path validation scheme does not satisfy these two properties, the scheme is vulnerable to certain practical attacks (that affect the privacy, reliability, neutrality and quality of service offered by the underlying network). To the best of our knowledge, ours is the first work that addresses privacy issues related to network path validation. We design PrivNPV, a privacy-preserving network path validation protocol, that satisfies both path privacy and index privacy. We discuss several attacks related to network path validation and how PrivNPV defends against these attacks. Finally, we discuss the practicality of PrivNPV based on relevant parameters.

References

  1. Majeed Alajeely, Robin Doss, Asma’a Ahmad, and Vicky H. Mak-Hau. 2017. Defense against packet collusion attacks in opportunistic networks. Comput. Secur. 65 (2017), 269--282.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Tom Anderson, Ken Birman, Robert M. Broberg, Matthew Caesar, Douglas Comer, Chase Cotton, Michael J. Freedman, Andreas Haeberlen, Zachary G. Ives, Arvind Krishnamurthy, William Lehr, Boon Thau Loo, David Mazières, Antonio Nicolosi, Jonathan M. Smith, Ion Stoica, Robbert van Renesse, Michael Walfish, Hakim Weatherspoon, and Christopher S. Yoo. 2014. A brief overview of the NEBULA future internet architecture. Comput. Commun. Rev. 44, 3 (2014), 81--86.Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ioannis C. Avramopoulos, Hisashi Kobayashi, Randy Wang, and Arvind Krishnamurthy. 2004. Highly secure and efficient routing. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’04). 197--208.Google ScholarGoogle ScholarCross RefCross Ref
  4. Kai Bu, Yutian Yang, Avery Laird, Jiaqing Luo, Yingjiu Li, and Kui Ren. 2018. What’s (not) validating network paths: A survey. CoRR abs/1804.03385 (2018).Google ScholarGoogle Scholar
  5. Hao Cai and Tilman Wolf. 2015. Source authentication and path validation with orthogonal network capabilities. In Proceedings of the IEEE Conference on Computer Communications Workshops (INFOCOM’15). 111--112.Google ScholarGoogle ScholarCross RefCross Ref
  6. Hao Cai and Tilman Wolf. 2016. Source authentication and path validation in networks using orthogonal sequences. In Proceedings of the International Conference on Computer Communication and Networks (ICCCN’16). 1--10.Google ScholarGoogle ScholarCross RefCross Ref
  7. André O. Castelucio, Antônio Tadeu A. Gomes, Artur Ziviani, and Ronaldo M. Salles. 2012. Intra-domain IP traceback using OSPF. Comput. Commun. 35, 5 (2012), 554--564.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Dario Catalano, Dario Fiore, and Rosario Gennaro. 2009. Certificateless onion routing. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’09). 151--160.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Chen Chen, Daniele Enrico Asoni, David Barrera, George Danezis, and Adrian Perrig. 2015. HORNET: High-speed onion routing at the network layer. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’15). 1441--1454.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Wei Dai. 2009. Crypto++ 5.6.0 Benchmarks. Retrieved from https://www.cryptopp.com/benchmarks.html.Google ScholarGoogle Scholar
  11. Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Trans. Info. Theory 22, 6 (1976), 644--654.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Wenxiu Ding, Zheng Yan, and Robert H. Deng. 2016. A survey on future internet security architectures. IEEE Access 4 (2016), 4374--4393.Google ScholarGoogle ScholarCross RefCross Ref
  13. Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The second-generation onion router. In Proceedings of the USENIX Security Symposium. 303--320.Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Bin Guo, Zhu Wang, Zhiwen Yu, Yu Wang, Neil Y. Yen, Runhe Huang, and Xingshe Zhou. 2015. Mobile crowd sensing and computing: The review of an emerging human-powered sensing paradigm. Comput. Surveys 48, 1 (2015), 7:1--7:31.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Yih-Chun Hu, Adrian Perrig, and Marvin A. Sirbu. 2004. SPV: Secure path vector routing for securing BGP. In Proceedings of the ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. 179--192.Google ScholarGoogle Scholar
  16. Yixin Jiang, Haojin Zhu, Minghui Shi, Xuemin (Sherman) Shen, and Chuang Lin. 2010. An efficient dynamic-identity-based signature scheme for secure network coding. Comput. Netw. 54, 1 (2010), 28--40.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Bounpadith Kannhavong, Hidehisa Nakayama, Nei Kato, Yoshiaki Nemoto, and Abbas Jamalipour. 2006. A collusion attack against OLSR-based mobile ad hoc networks. In Proceedings of the IEEE Global Communications Conference (GLOBECOM’06).Google ScholarGoogle ScholarCross RefCross Ref
  18. Stephen T. Kent, Charles Lynn, and Karen Seo. 2000. Secure border gateway protocol (S-BGP). IEEE J. Select. Areas Commun. 18, 4 (2000), 582--592.Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, and Adrian Perrig. 2014. Lightweight source authentication and path validation. In Proceedings of the ACM SIGCOMM Conference. 271--282.Google ScholarGoogle Scholar
  20. David Kirkpatrick. 2016. Google: 53% of Mobile Users Abandon Sites That Take over 3 Seconds to Load. Retrieved from https://www.marketingdive.com/news/google-53-of-mobile-users-abandon-sites-that-take-over-3-seconds-to-load/426070/.Google ScholarGoogle Scholar
  21. Neal Koblitz. 1987. Elliptic curve cryptosystems. Math. Comp. 48, 177 (1987), 203--209.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Dave Levin, Youndo Lee, Luke Valenta, Zhihao Li, Victoria Lai, Cristian Lumezanu, Neil Spring, and Bobby Bhattacharjee. 2015. Alibi routing. In Proceedings of the ACM SIGCOMM Conference. 611--624.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Steve Lohr. 2012. For Impatient Web Users, an Eye Blink Is Just Too Long to Wait. Retrieved from https://www.nytimes.com/2012/03/01/technology/impatient-web-users-flee-slow-loading-sites.html.Google ScholarGoogle Scholar
  24. William McGrath, Mozziyar Etemadi, Shuvo Roy, and Bjoern Hartmann. 2015. fabryq: Using phones as gateways to prototype internet of things applications using web scripting. In Proceedings of the ACM Symposium on Engineering Interactive Computing Systems (EICS’15). 164--173.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Microsoft. 2018. Microsoft Azure IoT Reference Architecture (Version 2.1). Retrieved from https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-introduction.Google ScholarGoogle Scholar
  26. David L. Mills. 1992. Network Time Protocol (Version 3) Specification, Implementation and Analysis. Retrieved from https://tools.ietf.org/html/rfc1305.Google ScholarGoogle Scholar
  27. John Moy. 1998. OSPF Version 2. Retrieved from https://tools.ietf.org/html/rfc2328.Google ScholarGoogle Scholar
  28. Jad Naous, Michael Walfish, Antonio Nicolosi, David Mazières, Michael Miller, and Arun Seehra. 2011. Verifying and enforcing network paths with ICING. In Proceedings of the Conference on Emerging Networking Experiments and Technologies (CoNEXT’11). 30:1--30:12.Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. NIST. 2001. Advanced Encryption Standard (AES). Retrieved from https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.197.pdf.Google ScholarGoogle Scholar
  30. Venkata N. Padmanabhan and Daniel R. Simon. 2003. Secure traceroute to detect faulty or malicious routing. Comput. Commun. Rev. 33, 1 (2003), 77--82.Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Adrian Perrig, Pawel Szalachowski, Raphael M. Reischuk, and Laurent Chuat. 2017. SCION: A Secure Internet Architecture. Springer.Google ScholarGoogle ScholarCross RefCross Ref
  32. Jon Postel. 1981. Transmission Control Protocol. Retrieved from https://tools.ietf.org/html/rfc793.Google ScholarGoogle Scholar
  33. Barath Raghavan and Alex C. Snoeren. 2004. A system for authenticated policy-compliant routing. In Proceedings of the ACM SIGCOMM Conference. 167--178.Google ScholarGoogle Scholar
  34. Yakov Rekhter, Tony Li, and Susan Hares. 2006. A Border Gateway Protocol 4 (BGP-4). Retrieved from https://tools.ietf.org/html/rfc4271.Google ScholarGoogle Scholar
  35. Stefan Savage, David Wetherall, Anna R. Karlin, and Thomas E. Anderson. 2000. Practical network support for IP traceback. In Proceedings of the ACM SIGCOMM Conference. 295--306.Google ScholarGoogle Scholar
  36. Yilin Shen, Thang N. Dinh, and My T. Thai. 2012. Adaptive algorithms for detecting critical links and nodes in dynamic networks. In Proceedings of the IEEE Military Communications Conference (MILCOM’12). 1--6.Google ScholarGoogle Scholar
  37. Alex C. Snoeren. 2001. Hash-based IP traceback. In Proceedings of the ACM SIGCOMM Conference. 3--14.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Dawn Xiaodong Song and Adrian Perrig. 2001. Advanced and authenticated marking schemes for IP traceback. In Proceedings of the IEEE Conference on Computer Communications (INFOCOM’01). 878--886.Google ScholarGoogle Scholar
  39. Emil Stefanov and Elaine Shi. 2012. FastPRP: Fast pseudo-random permutations for small domains. IACR Cryptol. ePrint Arch. 2012 (2012), 254.Google ScholarGoogle Scholar
  40. Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, and Sonesh Surana. 2002. Internet indirection infrastructure. In Proceedings of the ACM SIGCOMM Conference. 73--86.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Paul F. Syverson, David M. Goldschlag, and Michael G. Reed. 1997. Anonymous connections and onion routing. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’97). 44--54.Google ScholarGoogle Scholar
  42. Praveen Tammana, Rachit Agarwal, and Myungjin Lee. 2015. CherryPick: Tracing packet trajectory in software-defined datacenter networks. In Proceedings of the ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR’15). 23:1--23:7.Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Michael Walfish, Jeremy Stribling, Maxwell N. Krohn, Hari Balakrishnan, Robert Tappan Morris, and Scott Shenker. 2004. Middleboxes no longer considered harmful. In Proceedings of the Symposium on Operating System Design and Implementation (OSDI’04). 215--230.Google ScholarGoogle Scholar
  44. Matthew Wall. 2016. How Long Will You Wait for a Shopping Website to Load? Retrieved from https://www.bbc.com/news/business-37100091.Google ScholarGoogle Scholar
  45. Edmund L. Wong, Praveen Balasubramanian, Lorenzo Alvisi, Mohamed G. Gouda, and Vitaly Shmatikov. 2007. Truth in advertising: Lightweight verification of route integrity. In Proceedings of the ACM Symposium on Principles of Distributed Computing, PODC. 147--156.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Fuyuan Zhang, Limin Jia, Cristina Basescu, Tiffany Hyun-Jin Kim, Yih-Chun Hu, and Adrian Perrig. 2014. Mechanized network origin and path authenticity proofs. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, CCS. 346--357.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig, and David G. Andersen. 2011. SCION: Scalability, control, and isolation on next-generation networks. In Proceedings of the IEEE Symposium on Security and Privacy (S8P’11). 212--227.Google ScholarGoogle Scholar

Index Terms

  1. Privacy-preserving Network Path Validation

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Internet Technology
            ACM Transactions on Internet Technology  Volume 20, Issue 1
            Visions and Regular Papers
            February 2020
            135 pages
            ISSN:1533-5399
            EISSN:1557-6051
            DOI:10.1145/3381410
            • Editor:
            • Ling Liu
            Issue’s Table of Contents

            Copyright © 2020 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 7 February 2020
            • Revised: 1 November 2019
            • Accepted: 1 November 2019
            • Received: 1 April 2019
            Published in toit Volume 20, Issue 1

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
            • Research
            • Refereed

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!