ABSTRACT
The growing relevance of Internet eXchange Points (IXPs), where an increasing number of networks exchange routing information, poses fundamental questions regarding the privacy guarantees of confidential business information. To facilitate the exchange of routes among their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's export policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design SIXPACK (which stands for "Securing Internet eXchange Points Against Curious onlooKers"), a RS service that leverages Secure Multi-Party Computation (SMPC) techniques to keep export policies confidential, while maintaining the same functionalities as today's RSes. We assess the effectiveness and scalability of our system by evaluating our prototype implementation and using traces of data from one of the largest IXPs in the world.
- 1.Real-Time-Statistics AMS-IX. https://ams-ix.net/technical/statistics/real-time-stats.Google Scholar
- 2.B. Ager, N. Chatzis, A. Feldmann, N. Sarrar, S. Uhlig, and W. Willinger. Anatomy of a Large European IXP. In SIGCOMM'12, 2012. Google ScholarDigital Library
- 3.D. Demmler, T. Schneider, and M. Zohner. ABY – A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS'15.Google Scholar
- 4.O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game or A Completeness Theorem for Protocols with Honest Majority. In STOC'87. Google ScholarDigital Library
- 5.A. Gupta, R. MacDavid, R. Birkner, M. Canini, N. Feamster, J. Rexford, and L. Vanbever†. An Industrial-Scale Software Defined Internet Exchange Point. In NSDI'16. Google ScholarDigital Library
- 6.D. Gupta, A. Segal, A. Panda, G. Segev, M. Schapira, J. Feigenbaum, J. Rexford, and S. Shenker. A new approach to interdomain routing based on secure multi-party computation. In HotNets'12. Google ScholarDigital Library
- 7.C. Labovitz, A. Ahuja, A. Bose, and F. Jahanian. Delayed Internet Routing Convergence. In SIGCOMM'00. Google ScholarDigital Library
- 8.S. Machiraju and R. H. Katz. Reconciling Cooperation with Confidentiality in Multi-Provider Distributed Systems. Technical report, EECS Department, University of California, Berkeley, Aug 2004.Google Scholar
- 9.Z. M. Mao, R. Bush, T. Griffin, and M. Roughan. BGP Beacons. In IMC'03. Google ScholarDigital Library
- 10.P. Richter, G. Smaragdakis, A. Feldmann, N. Chatzis, J. Boettger, and W. Willinger. Peering at Peerings: On the Role of IXP Route Servers. In IMC'14. Google ScholarDigital Library
- 11.A. C. Yao. How to Generate and Exchange Secrets. In FOCS'86. Google ScholarDigital Library
Index Terms
- Towards Securing Internet eXchange Points Against Curious onlooKers
Recommendations
SIXPACK: Securing Internet eXchange Points Against Curious onlooKers
CoNEXT '17: Proceedings of the 13th International Conference on emerging Networking EXperiments and TechnologiesInternet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
A tale of nine Internet exchange points: Studying path latencies through major regional IXPs
LCN '12: Proceedings of the 2012 IEEE 37th Conference on Local Computer Networks (LCN 2012)The Internet ecosystem comprising of thousands of Autonomous Systems (ASes) now include Internet eXchange Points (IXPs) as another critical component in the infrastructure. With the growth of peering worldwide, IXPs are playing an increasing role not ...
Comments