| Title | Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Dethise, Arnaud, Chiesa, Marco, Canini, Marco |
| Conference Name | Proceedings of the SIGCOMM Posters and Demos |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5057-0 |
| Keywords | Inter-domain routing, network verification, privacy, pubcrawl, Resiliency, Scalability, Security by Default, SMPC |
| Abstract | SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naive deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points. |
| URL | http://doi.acm.org/10.1145/3123878.3131967 |
| DOI | 10.1145/3123878.3131967 |
| Citation Key | dethise_privacy-preserving_2017 |
Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps