SR-TPP: Extending IPv6 Segment Routing to enable Trusted and Private Network Paths

A trusted network path is a desired property of the Internet. Previous works introduced new protocol headers based on source routing for source authentication and path verification. It is obvious that any extra protocol headers will increase the network burden, and network path privacy deserves attention, especially when we use source routing. The emergence of IPv6 Segment Routing (SRv6) may bring the opportunity to assemble trusted network paths with a lightweight header. In this paper, we propose SR-TPP, a novel mechanism based on SRv6 to support network path verification meanwhile hides both-end and path information. Different from existing works, SR-TPP extends SRv6 function instead of introducing a new protocol header to meet the requirement of path compliance. Path information is sequentially encoded into the segment list in SR-TPP so that path information is partially visible to each intermediate router. The distributed verification of SR-TPP also makes it easier to locate faults. Finally, the security analysis and evaluation show that SR-TPP can assemble private and trusted network paths with acceptable performance.

[1]  Fan Zhang,et al.  Inferring users' online activities through traffic analysis , 2011, WiSec '11.

[2]  Clarence Filsfils,et al.  IPv6 Segment Routing Header (SRH) , 2020, RFC.

[3]  Fan Yang,et al.  Robust and lightweight fault localization , 2017, 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC).

[4]  Hongseok Jeon,et al.  Network service chaining challenges for VNF outsourcing in network function virtualization , 2015, 2015 International Conference on Information and Communication Technology Convergence (ICTC).

[5]  Roy H. Campbell,et al.  Routing through the mist: privacy preserving communication in ubiquitous computing environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[6]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[7]  Tilman Wolf,et al.  Source authentication and path validation with orthogonal network capabilities , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[8]  Tiffany Hyun-Jin Kim,et al.  SDNProbe: Lightweight Fault Localization in the Error-Prone Environment , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[9]  Jianping Wu,et al.  Generic and agile service function chain verification on cloud , 2017, 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS).

[10]  Ke Xu,et al.  Enabling Efficient Source and Path Verification via Probabilistic Packet Marking , 2018, 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS).

[11]  Gang Ren,et al.  A Source Address Validation Architecture (SAVA) Testbed and Deployment Experience , 2008, RFC.

[12]  Habib Ullah Khan,et al.  Identifying the linkability between Web servers for enhanced Internet computing , 2014, MELECON 2014 - 2014 17th IEEE Mediterranean Electrotechnical Conference.

[13]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[14]  Min Zhu,et al.  Umbrella: Enabling ISPs to Offer Readily Deployable and Privacy-Preserving DDoS Prevention Services , 2019, IEEE Transactions on Information Forensics and Security.

[15]  Mahdi Jafari Siavoshani,et al.  Deep packet: a novel approach for encrypted traffic classification using deep learning , 2017, Soft Computing.

[16]  Yih-Chun Hu,et al.  Lightweight source authentication and path validation , 2015, SIGCOMM 2015.

[17]  Lin He,et al.  Bootstrapping Accountability and Privacy to IPv6 Internet without Starting from Scratch , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[18]  Martin Henze,et al.  Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments , 2019, 2019 IEEE 27th International Conference on Network Protocols (ICNP).

[19]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[20]  Mark Crovella,et al.  Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies , 2011 .