Anxiao He,Jiandong Fu,Kai Bu,Ruiqi Zhou,Chenlu Miao,Kui Ren

DOI: https://doi.org/10.14722/ndss.2024.23104

2024-01-01

Abstract:Path validation has long been explored as a fundamental solution to secure future Internet architectures.It enables end-hosts to specify forwarding paths for their traffic and to verify whether the traffic follows the specified paths.In comparison with the current Internet architecture that keeps packet forwarding uncontrolled and transparent to end-hosts, path validation benefits end-hosts with flexibility, security, and privacy.The key design enforces routers to embed their credentials into cryptographic proofs in packet headers.Such proofs require sufficiently complex computation to guarantee unforgeability.This imposes an inevitable barrier on validation efficiency for a single packet.In this paper, we propose aggregate validation to implement path validation in a group-wise way.Amortizing overhead across packets in a group, aggregate validation promises higher validation efficiency without sacrificing security.We implement aggregation validation through Symphony, with various design techniques integrated and security properties formally proved.In comparison with state-of-the-art EPIC, Symphony speeds up packet processing by 3.78×∼18.40×and increases communication throughput by 1.13×∼6.11×.

Lin Ma,Kai Bu,Ningchao Wu,Tianxiang Luo,Kui Ren

DOI: https://doi.org/10.1016/j.comnet.2020.107224

IF: 5.493

2020-01-01

Computer Networks

Abstract:As an indispensable feature for future secure Internet, path validation verifies whether packets follow specified paths. Existing solutions, however, cannot apply to multipath routing with practical efficiency. Multipath routing may proliferate an exponential scale path choice and the source may not know which path will be followed by a packet as a priori knowledge. In this paper, we design and implement Atlas as the first protocol for efficient multipath validation. It makes a leap in efficiency by two newly proposed techniques—hierarchical validation and tagged pruning. Hierarchical validation divides multipath into non-overlapping segments. We need to compute the path credential for each segment only once no matter how many paths it may co-locate. Furthermore, tagged pruning labels each segment with a unique tag. A router can directly identify the credential field to validate and delete credentials of unused paths. This further accelerates validation and saves bandwidth. Furthermore, we explore two efficiency enhancements—low-level credential elimination and used credential elimination—to improve Atlas scalability. We validate the practicality and applicability of Atlas over a recent topology measurement of Internet2’s IP Network. To validate the performance of Atlas and the enhancements, we implement Atlas using the Click modular router. Experiment results show that compact Atlas headers enable large-scale multipath validation without breaching the MTU limit. Atlas thus invigorates multipath validation practicality.

Yi Gao,Wei Dong,Xiaoyu Zhang,Wenbin Wu

DOI: https://doi.org/10.1109/tnet.2020.2965587

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:Most sensor networks employ dynamic routing protocols so that the routing topology can be dynamically optimized with environmental changes. The routing behaviors can be quite complex with increasing network scale and environmental dynamics. Knowledge on the routing path of each packet is certainly a great help in understanding the complex routing behaviors, allowing effective performance diagnosis and efficient network management. We propose PAT, a universal sensornet path tracing approach. PAT includes an intelligent path encoding scheme that allows efficient decoding at the PC side. To make PAT more scalable, we propose techniques to accurately estimate the degree information by exploiting timing information, allowing more compact path encoding. Moreover, we employ subpath concatenation to infer excessively long paths with a high recovery probability. We carefully evaluate PAT's performance using testbed experiments and and extensive simulations with up to 4,000 nodes. Results show that PAT significantly outperforms existing approaches.

Fan Yang,Ke Xu,Qi Li,Rongxing Lu,Bo Wu,Tong Zhang,Yi Zhao,Meng Shen

DOI: https://doi.org/10.1109/iwqos49365.2020.9213001

2020-01-01

Abstract:No matter from the perspective of detection or defense, source and path validations are fundamentally primitive in constructing security mechanisms to greatly enhance network immunity in the face of malicious attacks, such as injection, traffic hijacking and hidden threats. However, existing works for source and path verification still impose a non-trivial operational overhead and lack adjustment capability for path dynamic changes. In this paper, we propose a flexible and convenient source and path validation protocol called PSVM, which uses an authentication structure PIC composed of ordered pieces to carry out packet verification. Specifically, in the basic PSVM protocol, PIC (related to cryptographic computation) in the packet header does not require any update during packet verification, which thus enables a lower processing overhead in routers. To cope with the challenge of path policy changes in the running protocol, the dynamic PSVM protocol supports controllable adjustment and migration, especially in the case of avoiding a malicious node or region. Our evaluation of a prototype experiment on Click demonstrates that the verification efficiency of PSVM is barely influenced by payload size or path length. Compared to the baseline of normal IP routing, the throughput reduction ratio of the basic PSVM is about 13%, which is much better than 28% of existing best solution Origin and Path Trace (OPT). In addition, for a 35-hop path with 30 pieces of PIC needed to be adjusted in dynamic PSVM, the throughput reduction ratio of routing cross node performing the adjustment operation after normal verification is only 2.4%.

Hossen Mustafa,Xin Zhang,Zhenhua Liu,Wenyuan Xu,Adrian Perrig

DOI: https://doi.org/10.1109/tdsc.2012.69

2012-01-01

Abstract:Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. Existing jamming defenses primarily focus on repairing connectivity between adjacent nodes. In this paper, we address jamming at the network level and focus on restoring the end-to-end data delivery through multipath routing. As long as all paths do not fail concurrently, the end-to-end path availability is maintained. Prior work in multipath selection improves routing availability by choosing node-disjoint paths or link-disjoint paths. However, through our experiments on jamming effects using MicaZ nodes, we show that disjointness is insufficient for selecting fault-independent paths. Thus, we address multipath selection based on the knowledge of a path's availability history. Using Availability History Vectors (AHVs) of paths, we present a centralized AHV-based algorithm to select fault-independent paths, and a distributed AHV-based routing protocol built on top of a classic routing algorithm in ad hoc networks. Our extensive simulation results validate that both AHV-based algorithms are effective in overcoming the jamming impact by maximizing the end-to-end availability of the selected paths.

Hossen Mustafa,Xin Zhang,Zhenhua Liu,Wenyuan Xu,Adrian Perrig

DOI: https://doi.org/10.1145/1998412.1998421

2011-01-01

Abstract:Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication. Existing jamming defenses primarily focus on repairing connectivity between adjacent nodes. In this paper, we address jamming at the network level and focus on restoring the end-to-end data delivery through multipath routing. As long as all paths do not fail concurrently, the end-to-end path availability is maintained. Prior work in multipath selection improves routing by choosing node-disjoint paths or link-disjoint paths. However, through our experiments on jamming effects using MicaZ nodes, we show that topological disjointness is insufficient for selecting fault-independent paths. Thus, we address multipath selection based on the knowledge of a path's availability history. Using Availability History Vectors (AHVs) of paths, we present an AHV-based Link-State (ALS) algorithm to select fault-independent paths. Our extensive simulation results validate that the ALS algorithm is effective in overcoming the jamming impact by maximizing the end-to-end availability of the selected paths.

Jiliang Li,Yuan Su,Rongxing Lu,Zhou Su,Weizhi Meng,Meng Shen

DOI: https://doi.org/10.1109/tdsc.2024.3392299

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Network path validation aims to give more control over the forwarding path of data packets in a path-aware network, which shields the network from security threats and allows end hosts to receive better services. Therefore, network path validation becomes a vital primitive for secure and reliable Internet services in the next generation networks. The path validation enables end hosts and intermediate router nodes to check whether a packet has followed the intended path. However, the existing solutions fail to protect path privacy and incur significant bandwidth and computation overhead on packet transferring, which degrades packet delivery performance. In this paper, we propose the StealthPath to protect path privacy and improve delivery efficiency. Firstly, StealthPath uses lightweight cryptographic primitives to generate nested proofs and ensures all nodes on the path to check the compliance of the forwarding path efficiently. Secondly, StealthPath hides the forwarding path in the proofs and reduces the proof size from linear to constant, which protects the path information and path length, and decreases the bandwidth consumption. Moreover, StealthPath allows on-path nodes to extract their proofs and the next hop address from proof without leaking on-path node index. Finally, StealthPath is proved to resist various attacks and preserves the path privacy. The experiments show that StealthPath saves nearly 60% header size and bandwidth, and is more efficient than state-of-the-art schemes.

Kai Bu,Avery Laird,Yutian Yang,Linfeng Cheng,Jiaqing Luo,Yingjiu Li,Kui Ren

DOI: https://doi.org/10.1145/3409796

IF: 16.6

2020-01-01

ACM Computing Surveys

Abstract:Validating the network paths taken by packets is critical in constructing a secure Internet architecture. Any feasible solution must both enforce packet forwarding along end-host specified paths and verify whether packets have taken those paths. However, the current Internet supports neither enforcement nor verification. Likely due to the radical changes to the Internet architecture and a long-standing confusion between routing and forwarding, only limited solutions for path validation exist in the literature. This survey article aims to reinvigorate research on the essential topic of path validation by crystallizing not only how path validation works but also where seemingly qualified solutions fall short. The analyses explore future research directions in path validation aimed at improving security, privacy, and efficiency.

Anxiao He,Xiang Li,Jiandong Fu,Haoyu Hu,Kai Bu,Chenlu Miao,Kui Ren

DOI: https://doi.org/10.1109/tifs.2023.3236806

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Path validation has already been incrementally deployed in the Internet architecture. It secures packet forwarding by enabling end hosts to negotiate specific forwarding paths and enforcing on-path routers to prove their forwarding behaviors along these paths. Most existing path validation solutions target static paths, paying less attention to fully dynamic paths that support flexible routing. In this paper, we present Hummingbird as the first validation solution over fully dynamic paths. It features a hidden equal-probability sampling technique. Gaining efficiency via routers probabilistically sampling packets to validate, we craft the sampling probability such that each router validates a similar amount of packets given an unknown path length. We further hide the state of whether a packet has been sampled and validated using a lightweight, non-cryptographic scheme. This prevents attackers from differentiating and selectively mis-forwarding packets. We validate security and efficiency of Hummingbird through both theoretical proof and experimental evaluation.

Binanda Sengupta,Yingjiu Li,Kai Bu,Robert H. Deng

DOI: https://doi.org/10.1145/3372046

IF: 5.3

2020-01-01

ACM Transactions on Internet Technology

Abstract:The end-users communicating over a network path currently have no control over the path. For a better quality of service, the source node often opts for a superior (or premium) network path to send packets to the destination node. However, the current Internet architecture provides no assurance that the packets indeed follow the designated path. Network path validation schemes address this issue and enable each node present on a network path to validate whether each packet has followed the specific path so far. In this work, we introduce two notions of privacy-path privacy and Index privacy-in the context of network path validation. We show that, in case a network path validation scheme does not satisfy these two properties, the scheme is vulnerable to certain practical attacks (that affect the privacy, reliability, neutrality and quality of service offered by the underlying network). To the best of our knowledge, ours is the first work that addresses privacy issues related to network path validation. We design PrivNPV, a privacy-preserving network path validation protocol, that satisfies both path privacy and index privacy. We discuss several attacks related to network path validation and how PrivNPV defends against these attacks. Finally, we discuss the practicality of PrivNPV based on relevant parameters.

Anxiao He,Kai Bu,Yucong Li,Eikoh Chida,Qianping Gu,Kui Ren

DOI: https://doi.org/10.1109/tifs.2020.3001669

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Path validation has been explored as an indispensable security feature for the future Internet. Motivated by the Path-Aware Networking Research Group (PANRG) under the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF), it gives end-hosts more control over packet forwarding and ensures that the forwarding history is verifiable. The main idea is to require that routers add proofs in packet headers for other routers to verify. We identify linear-scale proofs as the essential efficiency barrier of existing path validation solutions. In this paper, we propose Atomos to validate network paths with constant-size proofs. To this end, we construct a noncommutative homomorphic asymmetric-key encryption scheme. Asymmetric cryptography minimizes the number of proofs needed and saves time in processing proofs. The homomorphism we design yields constant-size proofs. It limits the header-space overhead and outperforms existing linear-scale counterparts when the path length exceeds a value that is usually small. Furthermore, the proposed encryption scheme is noncommutative so that any deviation from the forwarding path can be detected. We explore a series of design strategies for security and efficiency. The evaluation results show that Atomos yields not only shorter proofs but also faster validation than existing solutions.

Kai Bu,Yutian Yang,Avery Laird,Jiaqing Luo,Yingjiu Li,Kui Ren

DOI: https://doi.org/10.48550/arXiv.1804.03385

2018-04-10

Networking and Internet Architecture

Abstract:Validating network paths taken by packets is critical for a secure Internet architecture. Any feasible solution must both enforce packet forwarding along endhost-specified paths and verify whether packets have taken those paths. However, neither enforcement nor verification is supported by the current Internet. Due likely to a long-standing confusion between routing and forwarding, only limited solutions for path validation exist in the literature. This survey article aims to reinvigorate research in to the significant and essential topic of path validation. It crystallizes not only how path validation works but also where seemingly qualified solutions fall short. The analyses explore future research directions in path validation toward improving security, privacy, and efficiency.

Chong Gao,Zhihao Ling,Yifeng Yuan

DOI: https://doi.org/10.1002/dac.2632

2013-01-01

International Journal of Communication Systems

Abstract:Path diversity of different concurrent paths inevitably introduces out-of-order packet delivery, which leads to unnecessary retransmissions and a severely lowered data throughput. In order to analyze the fundamental behavior and influencing factors of packet reordering, several sets of simulation-based multipath experiments are conducted with different aggregating paths. In addition, the relationship between reordering and number of paths are discussed. Furthermore, an end-to-end measurement study of packet reordering in concurrent multipath transfer is presented. To simply the analysis process, a cumulative distribution function of transmission delay for each packet is used. The model is proved to be an effective one by contrastive analysis. Finally, some solutions to handle it are provided with a further discussion. Copyright (c) 2013 John Wiley & Sons, Ltd.

Bo Wu,Ke Xu,Qi Li,Zhuotao Liu,Yih-Chun Hu,Martin J. Reuel,Meng Shen,Fan Yang

DOI: https://doi.org/10.1109/iwqos.2018.8624169

2018-01-01

Abstract:The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

Quan Ren,Tao Hu,Jiangxing Wu,Yuxiang Hu,Lei He,Julong Lan

DOI: https://doi.org/10.1016/j.comnet.2021.108134

IF: 5.493

2021-01-01

Computer Networks

Abstract:SDN improves the flexibility and programmability of the network. However, malicious attacks caused by potential vulnerabilities and backdoors can easily lead to data and rule tampering in the network. To address this problem, this paper proposes an endogenous secure SDN network framework based on multipath resilient routing (MRR). MRR includes multipath comparing forwarding, multipath weighted forwarding, and multipath random forwarding. The framework ensures the correctness of flow rules and data content by dynamically comparing the consistency of multi-heterogeneous path data within a certain period, and multipath can also achieve load balance by weighted forwarding. In the MRR framework, we also present an intermediate information feedback mechanism based on encryption authentication and give a mathematical model to evaluate it. This mechanism can accurately identify and dynamically repair malicious switches. Simulation evaluation and prototype system test show that this framework can achieve high accuracy of flow transmission and high availability of system. At the same time, multipath comparing forwarding will bring some performance costs such as delay, bandwidth, and jitter at initial and attacking time. However, when the appropriate forwarding mode and reasonable period T are selected, the proportion of delay introduced by comparing and ruling can be less than 10%, and the average bandwidth of mixed forwarding is almost the same as traditional multipaths', such as we can guarantee 25% multipath comparing forwarding when the bandwidth requirement is 250 M in prototype system.

Heyu Chang,Xiaobing Zhang,Nianwen Si,Ping Wu

DOI: https://doi.org/10.1016/j.cose.2024.103906

IF: 5.105

2024-05-28

Computers & Security

Abstract:By decoupling the control plane and the data plane, Software Defined Networking (SDN) has reshaped the ossified network architecture and improved the programmability of the network. However, SDN is also susceptible to malicious injection, tampering, dropping and hijacking attacks against forwarding packets, and the SDN architecture cannot perceive the real behavior of switches in the data plane. Packet forwarding verification and exception localization are recognized as effective and promising methods, enabling reliable packet delivery in the data plane and allowing the controller in SDN to identify abnormal links. While existing mechanisms embed the linear-scale cryptographic tags into the packet header space as the transmission path lengthens to realize packet verification and exception localization, which cannot achieve a feasible tradeoff between efficiency and security. Leveraging the central controllability of SDN, we propose a lightweight packet forwarding verification mechanism. This mechanism splits the runtime of a flow into consecutive epochs by address hopping. The switches in the data plane forward packets based on hopping address, collecting the information of packets forwarded in a compact data structure, namely traffic sketch. The controller verifies traffic sketches and localizes exception in the epoch. We further prototype the proposed mechanism based on simulation network. The analysis and experiments demonstrate that the cost of proposed scheme is lower than the similar mechanisms, introducing no more than 9% additional forwarding delay and less than 8% throughput degradation.

computer science, information systems

Hatem Fetoh,Khaled M. Amin,Ahmed M. Hamad

DOI: https://doi.org/10.1049/ntw2.12116

2024-02-22

IET Networks

Abstract:A framework that uses the end‐to‐end delay of paths to distribute the packets over asymmetric paths in ordering policy is proposed. The proposed framework detects network congestion in the assigned path and reduces the congestion window. Furthermore, the proposed framework predicts receiver buffer blocking and deactivates the highest delay path that causes this problem. Concurrent multipath transfer (CMT) is a transport layer protocol used for transferring data over multiple paths concurrently. In the case of asymmetric paths, the dissimilarity of delay, bandwidth, and loss rate among paths leads to challenges such as out‐of‐order packets, receiver buffer blocking, and throughput reduction. A framework that uses the end‐to‐end delay of paths to distribute the packets over asymmetric paths in ordering policy is proposed. The proposed framework detects network congestion in the assigned path and reduces the congestion window. Furthermore, the proposed framework predicts receiver buffer blocking and deactivates the highest delay path that causes this problem. The simulation results show that the proposed framework achieves highest throughput, lower entropy and lower average application end‐to‐end delay than the previous algorithms.

Donglai Li,Lei Wang,Xinwei Zhang,Jian Fang,Yuanfang Chen

DOI: https://doi.org/10.1109/bigcom57025.2022.00009

2022-01-01

Abstract:In the past decade, blockchain-based cryptocurrencies have shown great promise without trusted third parties. However, the lack of scalability prevents them from a wide range of use. Payment Channel Networks (PCNs) such as the Lightning Network are proposed as a promising solution. But unlike traditional networks, transactions on PCNs will fail under insufficient balance in any node of the transaction path. There are some existing multi-path routing schemes to improve the success ratio, while it still remains a challenge to discover the most appropriate paths for each transaction with minimal impact on its subsequent transactions. In this paper, we propose Compass, a novel multi-path routing scheme, to address this challenge. First, we introduce the concept of penalty points. The penalty points are increased for the channel that causes the transaction to fail, and decreased upon a successful transaction for each channel of the path. We use penalty points to choose more reliable paths. After the possible transmission paths are obtained, the transaction amount is split into several sub-transactions which are sent to different paths. The splitting process aims at minimizing the loss of success probability for all channels on the paths, thus making the channels more durable. Compared with state-of-the-art schemes, simulations show that Compass has a higher transaction success ratio, while maintaining a lower latency and transaction fees.

Songtao Fu,Qi Li,Min Zhu,Xiaoliang Wang,Su Yao,Yangfei Guo,Xinle Du,Ke Xu

DOI: https://doi.org/10.1109/iwqos52092.2021.9521345

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The source and path verification in Path-Aware Networking considers the two critical issues: (1) end hosts could verify that the network follows their forwarding decisions, and (2) both on-path routers and destination host could authenticate the source of packets and filter the malicious traffic. Unfortunately, the state-of-the-art mechanisms require heavy communication overhead in the network and computation overhead in the router; moreover, it is difficult to meet the dynamic requirements of the end host. We propose a user-driven mechanism, source and path verification based on Multi-AS-Key (MASK). MASK decreases the communication overhead by a short additional packet header and reduces the computation overhead by separating the control and data plane in terms of the cryptographic operation. Furthermore, it utilizes the stateful user to instruct the stateless routers to process the packet with a user-driven policy, thus satisfying the user’s requirements such as detecting the packet drop and replay attack. With the plausible design, the communication overhead for realistic path lengths is 1/2 to 1/10 compared with the state-of-the-art mechanisms. We implement MASK in the BMv2 environment and commodity Barefoot Tofino programmable switch, testify that MASK introduces significantly less overhead than the state-of-the-art mechanisms, and demonstrate that MASK could achieve the verification in the programmable switch at line rate.

Jie Li,Jun Bi,Jianping Wu,Wei Zhang

DOI: https://doi.org/10.1109/nca.2012.20

2012-01-01

Abstract:The functional deficiency of the Internet architecture enables attackers the ability to easily to spoof IP source address. The traditional signature-and-verification based anti-spoofing methods are often limited by essential process based on an explicit analysis and process of the IP header and does not adapt to incremental deployment. This paper designs a multi-fence countermeasure based inter-domain source address validation method named VIP. By employing intelligent originating information label and extended MPLS based cloud and network, VIP enables lightweight-label-based packet forwarding and validation. And VIP offers gains in efficiency by reducing the load on both forwarding tables and validation processing without negative influences and complex operations on de facto networks. In addition to enhanced scalability, VIP may facilitate incremental deployment in the long run.