Privacy-Preserving Multilayer In-Band Network Telemetry and Data Analytics: For Safety, Please do Not Report Plaintext Data

With the evolution of Internet infrastructure and network services, multilayer in-band network telemetry (ML-INT) and data analytics (DA) have been considered as key enabling techniques to realize real-time and fine-grained network monitoring, especially for backbone IP-over-Optical networks. However, the existing ML-INT&DA systems have privacy and security issues, because plaintext ML-INT data is reported from the data plane and gets analyzed in the control plane. In this work, we address these issues by designing a privacy-preserving ML-INT&DA system for IP-over-Optical networks. We first leverage vector homomorphic encryption (VHE) to design a lightweight encryption scheme, which overcomes the security breaches due to eavesdropping and preserves the delicate correlations buried in multi-dimensional ML-INT data. Then, we develop an effective data compression scheme to further encode the encrypted ML-INT data and make the results suitable for hash-based signature. The signature is for data certification and enables the DA in the control plane to verify the integrity of received ML-INT data. Hence, the threats from data tampering are removed. Next, we architect a deep learning (DL) model that can directly operate on encrypted ML-INT data for anomaly detection. Finally, we implement the proposed ML-INT&DA system, and experimentally demonstrate its effectiveness in a real IP over elastic optical network (IP-over-EON) testbed, whose key elements, i.e., optical line system (OLS), bandwidth-variable wavelength-selective switches (BV-WSS’) and programmable data plane (PDP) switches, are all commercial products.

[1]  Shengru Li,et al.  Protocol Oblivious Forwarding (POF): Software-Defined Networking with Enhanced Programmability , 2017, IEEE Network.

[2]  Piero Castoldi,et al.  Network Telemetry Streaming Services in SDN-Based Disaggregated Optical Networks , 2018, Journal of Lightwave Technology.

[3]  Gregory W. Wornell,et al.  Efficient homomorphic encryption on integer vectors and its applications , 2014, 2014 Information Theory and Applications Workshop (ITA).

[4]  Baojia Li,et al.  Deep-learning-assisted network orchestration for on-demand and cost-effective VNF service chaining in inter-DC elastic optical networks , 2018, IEEE/OSA Journal of Optical Communications and Networking.

[5]  Wei Lu,et al.  Joint Spectrum and IT Resource Allocation for Efficient VNF Service Chaining in Inter-Datacenter Elastic Optical Networks , 2016, IEEE Communications Letters.

[6]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[7]  Haipeng Yao,et al.  NetworkAI: An Intelligent Network Architecture for Self-Learning Control Strategies in Software Defined Networks , 2018, IEEE Internet of Things Journal.

[8]  Zuqing Zhu,et al.  Virtual Optical Network Embedding (VONE) Over Elastic Optical Networks , 2014, Journal of Lightwave Technology.

[9]  Miriam A. M. Capretz,et al.  MLaaS: Machine Learning as a Service , 2015, 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA).

[10]  Wei Lu,et al.  Efficient resource allocation for all-optical multicasting over spectrum-sliced elastic optical networks , 2013, IEEE/OSA Journal of Optical Communications and Networking.

[11]  Roberto Proietti,et al.  Hierarchical Learning for Cognitive End-to-End Service Provisioning in Multi-Domain Autonomous Optical Networks , 2019, Journal of Lightwave Technology.

[12]  Shashank Srivastava,et al.  Research Trends in Security and DDoS in SDN , 2016, Secur. Commun. Networks.

[13]  Zuqing Zhu,et al.  Novel Location-Constrained Virtual Network Embedding (LC-VNE) Algorithms Towards Integrated Node and Link Mapping , 2016, IEEE/ACM Transactions on Networking.

[14]  Sangheon Pack,et al.  Selective In-band Network Telemetry for Overhead Reduction , 2018, 2018 IEEE 7th International Conference on Cloud Networking (CloudNet).

[15]  Zuqing Zhu,et al.  Programmable Multilayer INT: An Enabler for AI-Assisted Network Automation , 2020, IEEE Communications Magazine.

[16]  Zuqing Zhu,et al.  Experimental demonstration of building and operating QoS-aware survivable vSD-EONs with transparent resiliency. , 2017, Optics express.

[17]  Fan Ji,et al.  Service availability oriented p-cycle protection design in elastic optical networks , 2014, IEEE/OSA Journal of Optical Communications and Networking.

[18]  Angel Yu,et al.  Efficient Integer Vector Homomorphic Encryption , 2015 .

[19]  Min Wang,et al.  Can You Trust AI-assisted Network Automationƒ A DRL-based Approach to Mislead the Automation in SD-IPoEONs , 2020, 2020 Optical Fiber Communications Conference and Exhibition (OFC).

[20]  Zhong Pan,et al.  Jitter and Amplitude Noise Accumulations in Cascaded All-Optical Regenerators , 2008, Journal of Lightwave Technology.

[21]  Zuqing Zhu,et al.  When Deep Learning Meets Inter-Datacenter Optical Network Management: Advantages and Vulnerabilities , 2018, Journal of Lightwave Technology.

[22]  Anirudh Sivaraman,et al.  In-band Network Telemetry via Programmable Dataplanes , 2015 .

[23]  Madhukar Anand,et al.  POINT: An Intent-Driven Framework for Integrated Packet-Optical In-Band Network Telemetry , 2018, 2018 IEEE International Conference on Communications (ICC).

[24]  Deval Bhamare,et al.  Programmable Event Detection for In-Band Network Telemetry , 2019, 2019 IEEE 8th International Conference on Cloud Networking (CloudNet).

[25]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[26]  Lena Wosinska,et al.  Experimental Study of Machine-Learning-Based Detection and Identification of Physical-Layer Attacks in Optical Networks , 2019, Journal of Lightwave Technology.

[27]  Wenjian Fang,et al.  Orchestrating Tree-Type VNF Forwarding Graphs in Inter-DC Elastic Optical Networks , 2016, Journal of Lightwave Technology.

[28]  Ramon Casellas,et al.  OpenSlice: An OpenFlow-based control plane for spectrum sliced elastic optical path networks , 2012, 2012 38th European Conference and Exhibition on Optical Communications.

[29]  P. Castoldi,et al.  P4 In-Band Telemetry (INT) for Latency-Aware VNF in Metro Networks , 2019, 2019 Optical Fiber Communications Conference and Exhibition (OFC).

[30]  Wei Lu,et al.  Predictive Analytics Based Knowledge-Defined Orchestration in a Hybrid Optical/Electrical Datacenter Network Testbed , 2019, Journal of Lightwave Technology.

[31]  Jingjing Yao,et al.  Highly efficient data migration and backup for big data applications in elastic optical inter-data-center networks , 2015, IEEE Network.

[32]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[33]  Baojia Li,et al.  DL-Assisted Cross-Layer Orchestration in Software-Defined IP-Over-EONs: From Algorithm Design to System Prototype , 2019, Journal of Lightwave Technology.

[34]  Zuqing Zhu,et al.  Visualize Your IP-Over-Optical Network in Realtime: A P4-Based Flexible Multilayer In-Band Network Telemetry (ML-INT) System , 2019, IEEE Access.

[35]  Theodore S. Rappaport,et al.  Wireless communications - principles and practice , 1996 .

[36]  Ramesh Govindan,et al.  Evolve or Die: High-Availability Design Principles Drawn from Googles Network Infrastructure , 2016, SIGCOMM.

[37]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[38]  Achim Autenrieth,et al.  Cognitive Assurance Architecture for Optical Network Fault Management , 2018, Journal of Lightwave Technology.

[39]  Chao Lu,et al.  Optical Performance Monitoring: A Review of Current and Future Technologies , 2016, Journal of Lightwave Technology.

[40]  Wei Lu,et al.  Dynamic Service Provisioning in Elastic Optical Networks With Hybrid Single-/Multi-Path Routing , 2013, Journal of Lightwave Technology.

[41]  S. J. B. Yoo,et al.  Demonstration of Cooperative Resource Allocation in an OpenFlow-Controlled Multidomain and Multinational SD-EON Testbed , 2015, Journal of Lightwave Technology.

[42]  Jean C. Walrand,et al.  Knowledge-Defined Networking: Modelització de la xarxa a través de l’aprenentatge automàtic i la inferència , 2016 .

[43]  S. J. B. Yoo,et al.  Spectral and spatial 2D fragmentation-aware routing and spectrum assignment algorithms in elastic optical networks [invited] , 2013, IEEE/OSA Journal of Optical Communications and Networking.

[44]  James Won-Ki Hong,et al.  Towards knowledge-defined networking using in-band network telemetry , 2017, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[45]  Zuqing Zhu,et al.  Spectrum-efficient anycast in elastic optical inter-datacenter networks , 2014, Opt. Switch. Netw..

[46]  A.E. Willner,et al.  Optical performance monitoring , 2004, Journal of Lightwave Technology.

[47]  Marc Ruiz,et al.  An Architecture to Support Autonomic Slice Networking , 2018, Journal of Lightwave Technology.

[48]  Zuqing Zhu,et al.  Sel-INT: A Runtime-Programmable Selective In-Band Network Telemetry System , 2020, IEEE Transactions on Network and Service Management.

[49]  Craig Gentry,et al.  Packed Ciphertexts in LWE-Based Homomorphic Encryption , 2013, Public Key Cryptography.

[50]  Daoyun Hu,et al.  Demonstration of OpenFlow-Controlled Network Orchestration for Adaptive SVC Video Manycast , 2015, IEEE Transactions on Multimedia.

[51]  Shoujiang Ma,et al.  Demonstrations of Efficient Online Spectrum Defragmentation in Software-Defined Elastic Optical Networks , 2014, Journal of Lightwave Technology.

[52]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1989, RFC.

[53]  Roberto Proietti,et al.  Self-Taught Anomaly Detection With Hybrid Unsupervised/Supervised Machine Learning in Optical Networks , 2019, Journal of Lightwave Technology.

[54]  Zuqing Zhu,et al.  Scalable knowledge-defined orchestration for hybrid optical–electrical datacenter networks [Invited] , 2020, IEEE/OSA Journal of Optical Communications and Networking.