Routing-Verification-as-a-Service (RVaaS): Trustworthy Routing Despite Insecure Providers

Computer networks today typically do not provide any mechanisms to the users to learn, in a reliable manner, which paths have (and have not!) been taken by their packets. Rather, it seems inevitable that as soon as a packet leaves the network card, the user is forced to trust the network provider to forward the packets as expected or agreed upon. This can be undesirable, especially in the light of today's trend toward more programmable networks: after a successful cyber attack on the network management system or Software-Defined Network (SDN) control plane, an adversary in principle has complete control over the network. This paper presents a low-cost and efficient solution to detect misbehaviors and ensure trustworthy routing over untrusted or insecure providers, in particular providers whose management system or control plane has been compromised (e.g., using a cyber attack). We propose Routing-Verification-as-a-Service (RVaaS): RVaaS offers clients a flexible interface to query information relevant to their traffic, while respecting the autonomy of the network provider. RVaaS leverages key features of OpenFlow-based SDNs to combine (passive and active) configuration monitoring, logical data plane verification and actual in-band tests, in a novel manner.

[1]  Adrian Perrig,et al.  Fleet: defending SDNs from malicious administrators , 2014, HotSDN.

[2]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[3]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[4]  Rodrigo Fonseca,et al.  Planck , 2014, SIGCOMM.

[5]  Xin Li,et al.  Distributed and collaborative traffic monitoring in software defined networks , 2014, HotSDN.

[6]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[7]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[8]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[9]  Bobby Bhattacharjee,et al.  Alibi Routing , 2015, Comput. Commun. Rev..

[10]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[11]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Nick G. Duffield,et al.  Trajectory engine: a backend for trajectory sampling , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[13]  Stefan Schmid,et al.  Study the Past If You Would Define the Future: Implementing Secure Multi-party SDN Updates , 2016, 2016 IEEE International Conference on Software Science, Technology and Engineering (SWSTE).

[14]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[15]  Avishai Wool,et al.  Fang: a firewall analysis engine , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Nick G. Duffield,et al.  Trajectory Sampling With Unreliable Reporting , 2008, IEEE/ACM Transactions on Networking.

[17]  Yih-Chun Hu,et al.  Lightweight source authentication and path validation , 2014, SIGCOMM.

[18]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[19]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[20]  Kevin Borders,et al.  Chimera: A Declarative Language for Streaming Network Traffic Analysis , 2012, USENIX Security Symposium.

[21]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[22]  Dejan Kostic,et al.  Monocle: dynamic, fine-grained data plane monitoring , 2015, CoNEXT.

[23]  David Walker,et al.  Frenetic: a network programming language , 2011, ICFP.

[24]  Xin Li,et al.  Distributed Collaborative Monitoring in Software Defined Networks , 2014, ArXiv.

[25]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[26]  David Walker,et al.  Compiling path queries in software-defined networks , 2014, HotSDN.

[27]  Stefan Savage,et al.  Detecting and Isolating Malicious Routers , 2006, IEEE Transactions on Dependable and Secure Computing.

[28]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[29]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[30]  Sajad Shirali-Shahreza,et al.  FleXam: flexible sampling extension for monitoring and security applications in openflow , 2013, HotSDN '13.

[31]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[32]  Nick McKeown,et al.  I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks , 2014, NSDI.

[33]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[34]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[35]  Theodore Johnson,et al.  Gigascope: a stream database for network applications , 2003, SIGMOD '03.

[36]  Albert G. Greenberg,et al.  Fast accurate computation of large-scale IP traffic matrices from link loads , 2003, SIGMETRICS '03.

[37]  Rob Sherwood,et al.  Can the Production Network Be the Testbed? , 2010, OSDI.

[38]  Emin Gün Sirer,et al.  NetQuery: a knowledge plane for reasoning about network properties , 2010, CoNEXT '10 Student Workshop.

[39]  Avishai Wool,et al.  Firmato: A novel firewall management toolkit , 2004, TOCS.

[40]  G. Weikum Querying the Internet with PIER , 2005 .