Secure Inter-Domain Forwarding Loop Test in Software Defined Networks

Debugging a traditional network is notoriously difficult due to network devices’ heterogeneity and protocols’ decentralized nature, but Software-Defined Networking (SDN) is changing this predicament. Recent works have provided very nice approaches for an administrator to perform several fundamental network tests in a single-domain SDN network. However, how to perform these tests securely in multi-domain networks still remains open. In this paper, we study the highly challenging problem of inter-domain forwarding loop test in a SDN environment. We present two novel testing protocols that can be used for inter-domain loop tests. Both protocols are secure in the sense that they protect each domain's private information about its topology and configuration. The first protocol, based on random sampling, is highly efficient with a small error probability diminishing exponentially in the sample size. The second protocol, based on secure set intersection test, guarantees 100 percent accuracy of the result, although not as efficient as the first one. We provide rigorous proofs for the security and accuracy guarantees, and show our protocols have very good efficiency by testing them with real-world network data.

[1]  Jun Luo,et al.  Cracking network monitoring in DCNs with SDN , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[2]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[3]  Carmit Hazay,et al.  Oblivious Polynomial Evaluation and Secure Set-Intersection from Algebraic PRFs , 2015, Journal of Cryptology.

[4]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[5]  Daniel Massey,et al.  A study of BGP path vector route looping behavior , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[6]  Alex X. Liu,et al.  Privacy-preserving cross-domain network reachability quantification , 2011, 2011 19th IEEE International Conference on Network Protocols.

[7]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[8]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[9]  Robert Robere,et al.  A Dynamic Algorithm for Loop Detection in Software Defined Networks , 2012 .

[10]  Rolf Egert,et al.  Privately Computing Set-Union and Set-Intersection Cardinality via Bloom Filters , 2015, ACISP.

[11]  Hongkun Yang,et al.  Real-Time Verification of Network Properties Using Atomic Predicates , 2016, IEEE/ACM Trans. Netw..

[12]  Lixin Gao,et al.  A measurement study of persistent forwarding loops on the Internet , 2007, Comput. Networks.

[13]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[14]  Joseph K. Liu,et al.  Enhancing Location Privacy for Electric Vehicles (at the Right time) , 2012, ESORICS.

[15]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[16]  Scott Shenker,et al.  What, Where, and When: Software Fault Localization for SDN , 2012 .

[17]  Gicheol Wang,et al.  Integrated SDN and Non-SDN Network Management Approaches for Future Internet Environment , 2013, MUE.

[18]  Benny Pinkas,et al.  Faster Private Set Intersection Based on OT Extension , 2014, USENIX Security Symposium.

[19]  Benny Pinkas,et al.  Phasing: Private Set Intersection Using Permutation-based Hashing , 2015, USENIX Security Symposium.

[20]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[21]  Nick McKeown,et al.  Leveraging SDN layering to systematically troubleshoot networks , 2013, HotSDN '13.

[22]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 2: Basic Applications , 2001 .

[23]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[24]  Sheng Zhong,et al.  Privacy-enhancing k-anonymization of customer data , 2005, PODS.