research-article

Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation

Authors:

Jiwu ShuAuthors Info & Claims

APNet '23: Proceedings of the 7th Asia-Pacific Workshop on Networking

Pages 28 - 33

https://doi.org/10.1145/3600061.3600064

Published: 05 September 2023 Publication History

Abstract

Interdomain network configuration errors can lead to disastrous financial and social consequences. Although substantial progress has been made in using formal methods to verify whether network configurations conform to certain properties, current tools focus on a single network. The fundamental challenge of configuration verification in an interdomain network is privacy, because each autonomous system (AS) treats its network configuration files as private information and is not willing to share it with others. In this paper, we take a first step toward interdomain network configuration verification and propose InCV, a privacy-preserving interdomain configuration verification system based on data-oblivious computation. Given an interdomain network, InCV allows ASes to collaboratively simulate the running of the network and verify the resulting interdomain routing information base (RIB) without revealing their network configurations to any party. Preliminary evaluation using real-world topologies and synthetic network configurations shows that InCV can verify an interdomain network of 32 ASes within ∼ 52 minutes with reasonable overhead.

References

[1]

Anubhavnidhi Abhashkumar, Aaron Gember-Jacobson, and Aditya Akella. 2020. Tiramisu: Fast Multilayer Network Verification. In NSDI’20. USENIX, 201–219.

[2]

Lawrence Abrams. 2019. BGP Route Leak Causes Cloudflare and Amazon AWS Problems. https://www.bleepingcomputer.com/news/technology/bgp-route-leak-causes-cloudflare-and-amazon-aws-problems/.

[3]

Lawrence Abrams. 2021. Facebook, Instagram, and WhatsApp Back Online after BGP Fix. https://www.bleepingcomputer.com/news/technology/facebook-instagram-and-whatsapp-back-online-after-bgp-fix/.

[4]

David Afolayan. 2018. How Bad is MainOne’s BGP Error and Why They Must Prevent a Recurrence. https://technext24.com/2018/11/15.

[5]

Miklós Ajtai. 2010. Oblivious RAMs without Cryptographic Assumptions. In STOC’10. ACM, 181–190.

[6]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2017. A General Approach to Network Configuration Verification. In SIGCOMM’17. ACM, 155–168.

[7]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2018. Control Plane Compression. In SIGCOMM’18. ACM, 476–489.

[8]

Ryan Beckett, Aarti Gupta, Ratul Mahajan, and David Walker. 2019. Abstract Interpretation of Distributed Network Control Planes. In POPL’19. ACM, 1–27.

[9]

Michael Ben-Or, Shafi Goldwasser, and Avi Wigderson. 1988. Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (Extended Abstract). In STOC’88. ACM, 1–10.

[10]

Ran Canetti. 2001. Universally Composable Security: A New Paradigm for Cryptographic Protocols. In FOCS’01. IEEE Computer Society, 136–145.

[11]

CERN. 2023. The Large Hadron Collider (LHC) Experiment. https://home.cern/topics/large-hadron-collider.

[12]

Ahmed El-Hassanyr, Petar Tsankov, Laurent Vanbever, and Martin T Vechev. 2018. Netcomplete: Practical Network-wide Configuration Synthesis with Autocompletion. In NSDI’18. USENIX, 579–594.

[13]

Seyed K Fayaz, Tushar Sharma, Ari Fogel, Ratul Mahajan, Todd Millstein, Vyas Sekar, and George Varghese. 2016. Efficient Network Reachability Analysis Using a Succinct Control Plane Representation. In OSDI’16. USENIX, 217–232.

[14]

Ari Fogel, Stanley Fung, Luis Pedrosa, Meg Walraed-Sullivan, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. A General Approach to Network Configuration Analysis. In NSDI’15. USENIX, 469–483.

[15]

Aaron Gember-Jacobson, Raajay Viswanathan, Aditya Akella, and Ratul Mahajan. 2016. Fast Control Plane Analysis Using an Abstract Representation. In SIGCOMM’16. ACM, 300–313.

[16]

Oded Goldreich. 1987. Towards a Theory of Software Protection and Simulation by Oblivious RAMs. Journal of the Acm 43, 3, 431–473.

Digital Library

[17]

Steven Dov Gordon, Jonathan Katz, Vladimir Kolesnikov, Fernando Krell, Tal Geula Malkin, Mariana Raykova, and Yevgeniy Vahlis. 2012. Secure Two-party Computation in Sublinear (amortized) Time. In CCS ’12. ACM, 513–524.

[18]

Andreas Haeberlen, Ioannis C Avramopoulos, Jennifer Rexford, and Peter Druschel. 2009. NetReview: Detecting When Interdomain Routing Goes Wrong. In NSDI’09. USENIX, 437–452.

[19]

Karthick Jayaraman, Nikolaj Bjørner, Jitu Padhye, Amar Agrawal, Ashish Bhargava, Paul-Andre C Bissonnette, Shane Foster, Andrew Helwer, Mark Kasten, Ivan Lee, 2019. Validating Datacenters at Scale. In SIGCOMM’19. ACM, 200–213.

[20]

Marcel Keller and Peter Scholl. 2014. Efficient, Oblivious Data Structures for MPC. In ASIACRYPT’14. Springer, 506–525.

[21]

Marcel Kellerl. 2020. MP-SPDZ: A Versatile Framework for Multi-Party Computation. In CCS’20. ACM, 1575–1590.

[22]

Nuno P. Lopes and Andrey Rybalchenko. 2019. Fast BGP Simulation of Large Datacenters. In VMCAI’19. Springer, 386–408.

[23]

Takashi Nishide and Kazuo Ohta. 2007. Multiparty Computation for Interval, Equality, and Comparison Without Bit-Decomposition Protocol. In PKC’07. Springer, 343–360.

[24]

Rafail Ostrovsky. 1990. Efficient Computation on Oblivious RAMs. In STOC’90. ACM, 514–523.

[25]

Santhosh Prabhu, Kuan Yen Chou, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar. 2020. Plankton: Scalable Network Configuration Verification Through Model Checking. In NSDI’20. USENIX, 953–967.

[26]

Yakov Rekhter and Tony Li. 1995. A Border Gateway Protocol 4 (BGP-4). RFC Editor. https://doi.org/10.17487/RFC1771

Digital Library

[27]

A. Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11, 612–613.

Digital Library

[28]

A. Wang, L. Jia, W. Zhou, Y. Ren, B. T. Loo, J. Rexford, V. Nigam, A. Scedrov, and C. Talcott. 2012. FSR: Formal Analysis and Implementation Toolkit for Safe Interdomain Routing. IEEE/ACM Transactions on Networking 20, 6, 1814–1827.

Digital Library

[29]

Konstantin Weitz, Doug Woos, Emina Torlak, Michael D Ernst, Arvind Krishnamurthy, and Zachary Tatlock. 2016. Scalable Verification of Border Gateway Protocol Configurations With an SMT Solver. In OOPSLA’16. ACM, 765–780.

[30]

Huisan Xu. 2022. Network Configuration Survey. https://mailman.nanog.org/pipermail/nanog/2022-November/220861.html.

[31]

Huisan Xu, Qiuyue Qin, Xing Fang, Qiao Xiang, and Jiwu Shu. 2023. InCV-TR.pdf. http://sngroup.org.cn/publication.html.

[32]

Rulan Yang, Xing Fang, Lizhao You, Qiao Xiang, Hanyang Shao, Gao Han, Ziyi Wang, Jiwu Shu, and Linghe Kong.2023. Diagnosing Distributed Routing Configurations Using Sequential Program Analysis. In APNET’23. ACM, 85–92.

[33]

Andrew Chi-Chih Yao. 1982. Protocols for Secure Computations (Extended Abstract). In SFCS’08. IEEE, 160–164.

[34]

Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets. In SFCS’86. IEEE, 162–167.

[35]

Fangdan Ye, Da Yu, Ennan Zhai, Hongqiang Harry Liu, Bingchuan Tian, Qiaobo Ye, Chunsheng Wang, Xin Wu, Tianchen Guo, Cheng Jin, Duncheng She, Qing Ma, Biao Cheng, Hui Xu, Ming Zhang, Zhiliang Wang, and Rodrigo Fonseca. 2020. Accuracy, Scalability, Coverage: A Practical Configuration Verifier on a Global WAN. In SIGCOMM’20. ACM, 599–614.

[36]

Peng Zhang, Aaron Gember-Jacobson, Yueshang Zuo, Yuhao Huang, Xu Liu, and Hao Li. 2022. Differential Network Analysis. In NSDI’22. USENIX, 601–615.

[37]

Peng Zhang, Dan Wang, and Aaron Gember-Jacobson. 2022. Symbolic Router Execution. In SIGCOMM’22. ACM, 336–349.

Cited By

Pillai SPolimetla K(2024)Enhancing Network Privacy through Secure Multi-Party Computation in Cloud Environments2024 International Conference on Integrated Circuits and Communication Systems (ICICACS)10.1109/ICICACS60521.2024.10498662(1-6)Online publication date: 23-Feb-2024
https://doi.org/10.1109/ICICACS60521.2024.10498662

Index Terms

Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation
1. Networks
  1. Network properties
    1. Network reliability
      1. Error detection and error correction
2. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

A General Approach to Network Configuration Verification
SIGCOMM '17: Proceedings of the Conference of the ACM Special Interest Group on Data Communication

We present Minesweeper, a tool to verify that a network satisfies a wide range of intended properties such as reachability or isolation among nodes, waypointing, black holes, bounded path length, load-balancing, functional equivalence of two routers, ...
Path-Preserving Anonymization for Inter-domain Routing Policies
Risks and Security of Internet and Systems
Abstract
The Internet consists of tens of thousands of autonomous systems (ASes), which exchange routing information through policy-based routing protocols, such as Border Gateway Protocol (BGP). BGP allows network administrators/operators to configure ...
Privacy-Preserving Detection of Inter-Domain SDN Rules Overlaps
SIGCOMM Posters and Demos '17: Proceedings of the SIGCOMM Posters and Demos

SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

APNet '23: Proceedings of the 7th Asia-Pacific Workshop on Networking

June 2023

229 pages

ISBN:9798400707827

DOI:10.1145/3600061

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 September 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Alibaba Innovative Research Award
Open Research Projects of Zhejiang Lab
Tan Kah Kee Innovation Laboratory Award
NSFC Award
Future Network Innovation Research Award of Ministry of Education of China

Conference

APNET 2023

APNET 2023: 7th Asia-Pacific Workshop on Networking

June 29 - 30, 2023

Hong Kong, China

Acceptance Rates

Overall Acceptance Rate 50 of 118 submissions, 42%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
59
Total Downloads

Downloads (Last 12 months)34
Downloads (Last 6 weeks)3

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pillai SPolimetla K(2024)Enhancing Network Privacy through Secure Multi-Party Computation in Cloud Environments2024 International Conference on Integrated Circuits and Communication Systems (ICICACS)10.1109/ICICACS60521.2024.10498662(1-6)Online publication date: 23-Feb-2024
https://doi.org/10.1109/ICICACS60521.2024.10498662

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents