Privacy-preserving detection of inter-domain SDN rules overlaps

Arnaud Dethise*, Marco Chiesa, Marco Canini

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.

Original languageEnglish (US)
Title of host publicationSIGCOMM Posters and Demos 2017 - Proceedings of the 2017 SIGCOMM Posters and Demos, Part of SIGCOMM 2017
PublisherAssociation for Computing Machinery, Inc
Pages6-8
Number of pages3
ISBN (Electronic)9781450350570
DOIs
StatePublished - Aug 22 2017
EventACM SIGCOMM 2017 Conference - Los Angeles, United States
Duration: Aug 22 2017Aug 24 2017

Publication series

NameSIGCOMM Posters and Demos 2017 - Proceedings of the 2017 SIGCOMM Posters and Demos, Part of SIGCOMM 2017

Conference

ConferenceACM SIGCOMM 2017 Conference
Country/TerritoryUnited States
CityLos Angeles
Period08/22/1708/24/17

Keywords

  • Inter-domain routing
  • Network Verification
  • Privacy
  • SMPC

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Privacy-preserving detection of inter-domain SDN rules overlaps'. Together they form a unique fingerprint.

Cite this