Preserving Privacy at IXPs

Autonomous systems (ASes) on the Internet increasingly rely on Internet Exchange Points (IXPs) for peering. A single IXP may interconnect several 100s or 1000s of participants (ASes) all of which might peer with each other through BGP sessions. IXPs have addressed this scaling challenge through the use of route servers. However, route servers require participants to trust the IXP and reveal their policies, a drastic change from the accepted norm where all policies are kept private. In this paper we look at techniques to build route servers which provide the same functionality as existing route servers without requiring participants to reveal their policies thus preserving the status quo and enabling wider adoption of IXPs. Prior work has looked at secure multiparty computation (SMPC) as a means of implementing such route servers however this affects performance and reduces policy flexibility. In this paper we take a different tack and build on trusted execution environments (TEEs) such as Intel SGX to keep policies private and flexible. We present results from an initial route server implementation that runs under Intel SGX and show that our approach has 20x better performance than SMPC based approaches. Furthermore, we demonstrate that the additional privacy provided by our approach comes at minimal cost and our implementation is at worse 2.1x slower than a current route server implementation (and in some situations up to 2x faster).

[1]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[2]  Ignacio Castro,et al.  Remote Peering: More Peering without Internet Flattening , 2014, CoNEXT.

[3]  Marco Canini,et al.  An Industrial-Scale Software Defined Internet Exchange Point , 2016, USENIX Annual Technical Conference.

[4]  Keith B. Frikken Secure multiparty computation , 2010 .

[5]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[6]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[7]  Michalis Faloutsos,et al.  Analyzing BGP policies: methodology and tool , 2004, IEEE INFOCOM 2004.

[8]  Salvatore J. Stolfo,et al.  CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management , 2017, USENIX Security Symposium.

[9]  Kok-Kiong Yap,et al.  Taking the Edge off with Espresso: Scale, Reliability and Programmability for Global Internet Peering , 2017, SIGCOMM.

[10]  Nick Feamster,et al.  Authorizing Network Control at Software Defined Internet Exchange Points , 2016, SOSR.

[11]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[12]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[13]  Anja Feldmann,et al.  Peering at Peerings: On the Role of IXP Route Servers , 2014, Internet Measurement Conference.

[14]  Marco Chiesa,et al.  SIXPACK: Securing Internet eXchange Points Against Curious onlooKers , 2017, CoNEXT.

[15]  Ítalo S. Cunha,et al.  Engineering Egress with Edge Fabric: Steering Oceans of Content to the World , 2017, SIGCOMM.

[16]  Jonathan Katz,et al.  Secure Multi-Party Computation of Boolean Circuits with Applications to Privacy in On-Line Marketplaces , 2012, CT-RSA.

[17]  Marco Chiesa,et al.  PrIXP: Preserving the privacy of routing policies at Internet eXchange Points , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[18]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[19]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[20]  Yehuda Lindell,et al.  A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation , 2015, Journal of Cryptology.

[21]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[22]  Russell J. Clark,et al.  SDX , 2014, SIGCOMM.

[23]  Elaine Shi,et al.  GhostRider: A Hardware-Software System for Memory Trace Oblivious Computation , 2015, ASPLOS.

[24]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[25]  Dongsu Han,et al.  A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications , 2015, HotNets.