Preserving Network Privacy on Fine-grain Path-tracking Using P4-based SDN

Preserving Network Privacy on Fine-grain Path-tracking Using P4-based SDN

Path-tracking is essential to provide complete information regarding network breach incidents. It records the direction of the attack and its source of origin thus giving the network manager proper information for the next responses. Nevertheless, the existing path-tracking implementations expose th...

Full description

Saved in:
Bibliographic Details
Published in:2020 International Conference on Radar, Antenna, Microwave, Electronics, and Telecommunications (ICRAMET) pp. 129 - 134
Main Authors: Indra Basuki, Akbari, Rosiyadi, Didi, Setiawan, Iwan
Format: Conference Proceeding
Language:English
Published: IEEE 18-11-2020
Subjects:
Bloom filter
fine-grain
IP networks
Network topology
Path-tracking
Privacy
Privacy-aware
Protocols
Routing
Security
Switches
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Path-tracking is essential to provide complete information regarding network breach incidents. It records the direction of the attack and its source of origin thus giving the network manager proper information for the next responses. Nevertheless, the existing path-tracking implementations expose the network topology and routing configurations. In this paper, we propose a privacy-aware path-tracking which mystifies network configurations using in-packet bloom filter. We apply our method by using P4 switch to supports a fine-grain (per-packet) path-tracking with dynamic adaptability via in-switch bloom filter computation. We use a hybrid scheme which consists of a destination-based logging and a path finger print-based marking to minimize the redundant path inferring caused by the bloom filter's false positive. For evaluation, we emulate the network using Mininet and BMv2 software switch. We deploy a source routing mechanism to run the evaluations using a limited testbed machine implementing Rocketfuel topology. By using the hybrid marking and logging technique, we can reduce the redundant path to zero percent, ensuring no-collision in the path-inferring. Based on the experiments, it has a lower space efficiency (56 bit) compared with the bloom filter-only solution (128 bit). Our proposed method guarantees that the recorded path remains secret unless the secret keys of every switch are known.
DOI:10.1109/ICRAMET51080.2020.9298588