Secure State Migration in the Data Plane

Programmable data planes enable stateful packet processing at hardware speeds---a new capability central to many recent systems. However, protocols and systems that effectively manage data plane state remain underexplored. This paper considers the problem of secure state migration, which can serve as an important building block for state management tasks. It delivers data plane state from a source switch to a destination effectively without a software controller, while providing strong cryptographic guarantees on authenticity. Our protocol, P4Sync, tackles several technical challenges, such as adapting memory copy techniques in VM migration, offloading per-packet security operations to the data plane, and amortizing heavyweight cryptographic overheads over a batch of packets. Our initial validation shows that P4Sync has low traffic and memory overheads.

[1]  Laurent Vanbever,et al.  Swing State: Consistent Updates for Stateful and Programmable Data Planes , 2017, SOSR.

[2]  Brighten Godfrey,et al.  DRILL: Micro Load Balancing for Low-latency Data Center Networks , 2017, SIGCOMM.

[3]  Alberto Dainotti,et al.  Blink: Fast Connectivity Recovery Entirely in the Data Plane , 2019, NSDI.

[4]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[5]  Scott Shenker,et al.  Elastic Scaling of Stateful Network Functions , 2018, NSDI.

[6]  Mark Schmidt,et al.  P4-MACsec: Dynamic Topology Monitoring and Data Layer Protection With MACsec in P4-Based SDN , 2019, IEEE Access.

[7]  Jennifer Rexford,et al.  Bamboozling Certificate Authorities with BGP , 2018, USENIX Security Symposium.

[8]  David Walker,et al.  Transparent, Live Migration of a Software-Defined Network , 2014, SoCC.

[9]  Jean-Philippe Aumasson,et al.  SipHash: A Fast Short-Input PRF , 2012, INDOCRYPT.

[10]  Ali Al Imem Comparison and evaluation of digital signature schemes employed in ndn network , 2015, ArXiv.

[11]  M. Ferrante,et al.  The Coupon Collector’s Problem , 2014 .

[12]  Nick Feamster,et al.  SPINE: Surveillance Protection in the Network Elements , 2019, FOCI @ USENIX Security Symposium.

[13]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[14]  Jennifer Rexford,et al.  Seamless BGP Migration with Router Grafting , 2010, NSDI.

[15]  Laurent Vanbever,et al.  NetHide: Secure and Practical Network Topology Obfuscation , 2018, USENIX Security Symposium.

[16]  Xiapu Luo,et al.  Programmable In-Network Security for Context-aware BYOD Policies , 2019, USENIX Security Symposium.

[17]  Yi Wang,et al.  Virtual routers on the move: live router migration as a network-management primitive , 2008, SIGCOMM '08.

[18]  Ellen W. Zegura,et al.  Design and analysis of schedules for virtual network migration , 2013, 2013 IFIP Networking Conference.

[19]  Aditya Akella,et al.  OpenNF , 2014, SIGCOMM.

[20]  Michael Menth,et al.  P4-MACsec: Dynamic Topology Monitoring and Data Layer Protection With MACsec in P4-Based SDN , 2020, IEEE Access.

[21]  Arun Venkataramani,et al.  Black-box and Gray-box Strategies for Virtual Machine Migration , 2007, NSDI.

[22]  Adam J. Aviv,et al.  Scaling Hardware Accelerated Network Monitoring to Concurrent and Dynamic Queries With *Flow , 2018, USENIX ATC.

[23]  Hai Jin,et al.  Live migration of virtual machine based on full system trace and replay , 2009, HPDC '09.

[24]  Ming Zhao,et al.  Write policies for host-side flash caches , 2013, FAST.

[25]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[26]  Minlan Yu,et al.  SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs , 2017, SIGCOMM.

[27]  Yih-Chun Hu,et al.  The Case for In-Network Replay Suppression , 2017, AsiaCCS.

[28]  Marco Canini,et al.  Scheduling multi-flow network updates in Software-Defined NFV systems , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[29]  Benoit Hudzia,et al.  Pre-Copy and Post-Copy VM Live Migration for Memory Intensive Applications , 2012, Euro-Par Workshops.

[30]  Wenqing Wu,et al.  Architecting Programmable Data Plane Defenses into the Network with FastFlex , 2019, HotNets.

[31]  RexfordJennifer,et al.  Virtual routers on the move , 2008 .

[32]  Michael Menth,et al.  P4-IPsec: Implementation of IPsec Gateways in P4 with SDN Control for Host-to-Site Scenarios , 2019, ArXiv.

[33]  Jennifer Rexford,et al.  Dapper: Data Plane Performance Diagnosis of TCP , 2016, SOSR.

[34]  Edwin K. P. Chong,et al.  Efficient multicast packet authentication using signature amortization , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[35]  Vincent Liu,et al.  Synchronized network snapshots , 2018, SIGCOMM.

[36]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[37]  Nan Hua,et al.  Andromeda: Performance, Isolation, and Velocity at Scale in Cloud Network Virtualization , 2018, NSDI.

[38]  Rosario Gennaro,et al.  How to Sign Digital Streams , 1997, Inf. Comput..

[39]  Jennifer Rexford,et al.  HULA: Scalable Load Balancing Using Programmable Data Planes , 2016, SOSR.

[40]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[41]  David Walker,et al.  Abstractions for network update , 2012, SIGCOMM '12.

[42]  Haoyu Song,et al.  Protocol-oblivious forwarding: unleash the power of SDN through a future-proof forwarding plane , 2013, HotSDN '13.

[43]  Kuo-Feng Hsu,et al.  Contra: A Programmable System for Performance-aware Routing , 2019, NSDI.

[44]  RexfordJennifer,et al.  Abstractions for network update , 2012 .

[45]  Srinivasan Seshan,et al.  PSI: Precise Security Instrumentation for Enterprise Networks , 2017, NDSS.

[46]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[47]  Giuseppe Bianchi,et al.  LOcAl DEcisions on Replicated States (LOADER) in programmable data planes: programming abstraction and experimental evaluation , 2021, Comput. Networks.

[48]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[49]  Minlan Yu,et al.  Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags , 2014, NSDI.

[50]  Andrew Warfield,et al.  Live migration of virtual machines , 2005, NSDI.

[51]  Robert Ricci,et al.  Rocksteady: Fast Migration for Low-latency In-memory Storage , 2017, SOSP.

[52]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[53]  Fabien Geyer,et al.  Cryptographic Hashing in P4 Data Planes , 2019, 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[54]  Yangyang Wang,et al.  HyperTester: High-Performance Network Testing Driven by Programmable Switches , 2019, IEEE/ACM Transactions on Networking.

[55]  Jiarong Xing,et al.  NetWarden: Mitigating Network Covert Channels while Preserving Performance , 2020, USENIX Security Symposium.