P4NIS: Improving network immunity against eavesdropping with programmable data planes

Due to improving computational capacity of supercomputers, transmitting encrypted packets via one single network path is vulnerable to brute-force attacks. The versatile attackers secretly eavesdrop all the packets, classify packets into different streams, performs an exhaustive search for the decryption key, and extract sensitive personal information from the streams. However, new Internet Protocol (IP) brings great opportunities and challenges for preventing eavesdropping attacks. In this paper, we propose a Programming Protocol-independent Packet Processors (P4) based Network Immune Scheme (P4NIS) against the eavesdropping attacks. Specifically, P4NIS is equipped with three lines of defense to improve the network immunity. The first line is promiscuous forwarding by splitting all the traffic packets in different network paths disorderly. Complementally, the second line encrypts transmission port fields of the packets using diverse encryption algorithms. The encryption could distribute traffic packets from one stream into different streams, and disturb eavesdroppers to classify them correctly. Besides, P4NIS inherits the advantages from the existing encryption-based countermeasures which is the third line of defense. Using a paradigm of programmable data planes—P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping significantly, and increase transmission throughput by 31.7% compared with state-of-the-art mechanisms.

[1]  Kiyoshi Fukui,et al.  Initial common secret key sharing using random plaintexts for short-range wireless communications , 2009, IEEE Transactions on Consumer Electronics.

[2]  M. Al-Asli,et al.  FPGA-Based Symmetric Re-Encryption Scheme to Secure Data Processing for Cloud-Integrated Internet of Things , 2019, IEEE Internet of Things Journal.

[3]  Hongyi Wu,et al.  Puncturable Attribute-Based Encryption for Secure Data Delivery in Internet of Things , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[4]  George K. Karagiannidis,et al.  Secure Cache-Aided Multi-Relay Networks in the Presence of Multiple Eavesdroppers , 2019, IEEE Transactions on Communications.

[5]  Hongke Zhang,et al.  Accuracy or delay? A game in detecting interest flooding attacks , 2018, Internet Technol. Lett..

[6]  Xuemin Shen,et al.  VLI: Variable-Length Identifier for Interconnecting Heterogeneous IoT Networks , 2020, IEEE Wireless Communications Letters.

[7]  Rajitha Tennekoon,et al.  On the Effectiveness of IP-Routable Entire-Packet Encryption Service Over Public Networks (November 2018) , 2018, IEEE Access.

[8]  Seong Oun Hwang,et al.  Enhancement of a Lightweight Attribute-Based Encryption Scheme for the Internet of Things , 2019, IEEE Internet of Things Journal.

[9]  Jinho Choi,et al.  Channel Aware Encryption and Decision Fusion for Wireless Sensor Networks , 2013, IEEE Transactions on Information Forensics and Security.

[10]  Yuval Elovici,et al.  Vesper: Using Echo Analysis to Detect Man-in-the-Middle Attacks in LANs , 2018, IEEE Transactions on Information Forensics and Security.

[11]  Gang Liu,et al.  Efficient DDoS attacks mitigation for stateful forwarding in Internet of Things , 2019, J. Netw. Comput. Appl..

[12]  Hongke Zhang,et al.  Adaptive Transmission Control for Software Defined Vehicular Networks , 2019, IEEE Wireless Communications Letters.

[13]  Aurojit Panda,et al.  Enabling a permanent revolution in internet architecture , 2019, SIGCOMM.

[14]  Chunming Qiao,et al.  Smart identifier network: A collaborative architecture for the future internet , 2016, IEEE Network.

[15]  Xianbin Wang,et al.  Three-Stage Stackelberg Game for Defending Against Full-Duplex Active Eavesdropping Attacks in Cooperative Communication , 2018, IEEE Transactions on Vehicular Technology.

[16]  Hien Quoc Ngo,et al.  Cell-Free Massive MIMO Networks: Optimal Power Control Against Active Eavesdropping , 2018, IEEE Transactions on Communications.

[17]  Ali Chehab,et al.  An Efficient OFDM-Based Encryption Scheme Using a Dynamic Key Approach , 2019, IEEE Internet of Things Journal.

[18]  Jin Xu,et al.  Secure Coding Over Networks Against Noncooperative Eavesdropping , 2013, IEEE Transactions on Information Theory.

[19]  Jie Wu,et al.  Secure Data Communications in Wireless Networks Using Multi-Path Avoidance Routing , 2019, IEEE Transactions on Wireless Communications.

[20]  Andrei V. Gurtov,et al.  Secure communication channel architecture for Software Defined Mobile Networks , 2017, Comput. Networks.

[21]  Christoforos N. Hadjicostis,et al.  Distributed Calculation of Edge-Disjoint Spanning Trees for Robustifying Distributed Algorithms Against Man-in-the-Middle Attacks , 2018, IEEE Transactions on Control of Network Systems.

[22]  Miguel Correia,et al.  MACHETE: Multi-path communication for security , 2016, 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA).