Visible to the public Preserving Network Privacy on Fine-grain Path-tracking Using P4-based SDN

TitlePreserving Network Privacy on Fine-grain Path-tracking Using P4-based SDN
Publication TypeConference Paper
Year of Publication2020
AuthorsIndra Basuki, Akbari, Rosiyadi, Didi, Setiawan, Iwan
Conference Name2020 International Conference on Radar, Antenna, Microwave, Electronics, and Telecommunications (ICRAMET)
Date PublishedNov. 2020
PublisherIEEE
ISBN Number978-1-7281-8922-2
KeywordsBloom filter, Collaboration, composability, fine-grain, IP networks, ip privacy, Network topology, P4, Path-tracking, policy-based governance, privacy, Privacy-aware, Protocols, pubcrawl, resilience, Resiliency, Routing, security, Switches
AbstractPath-tracking is essential to provide complete information regarding network breach incidents. It records the direction of the attack and its source of origin thus giving the network manager proper information for the next responses. Nevertheless, the existing path-tracking implementations expose the network topology and routing configurations. In this paper, we propose a privacy-aware path-tracking which mystifies network configurations using in-packet bloom filter. We apply our method by using P4 switch to supports a fine-grain (per-packet) path-tracking with dynamic adaptability via in-switch bloom filter computation. We use a hybrid scheme which consists of a destination-based logging and a path finger print-based marking to minimize the redundant path inferring caused by the bloom filter's false positive. For evaluation, we emulate the network using Mininet and BMv2 software switch. We deploy a source routing mechanism to run the evaluations using a limited testbed machine implementing Rocketfuel topology. By using the hybrid marking and logging technique, we can reduce the redundant path to zero percent, ensuring no-collision in the path-inferring. Based on the experiments, it has a lower space efficiency (56 bit) compared with the bloom filter-only solution (128 bit). Our proposed method guarantees that the recorded path remains secret unless the secret keys of every switch are known.
URLhttps://ieeexplore.ieee.org/document/9298588
DOI10.1109/ICRAMET51080.2020.9298588
Citation Keyindra_basuki_preserving_2020