Binanda Sengupta,Yingjiu Li,Kai Bu,Robert H. Deng

DOI: https://doi.org/10.1145/3372046

IF: 5.3

2020-01-01

ACM Transactions on Internet Technology

Abstract:The end-users communicating over a network path currently have no control over the path. For a better quality of service, the source node often opts for a superior (or premium) network path to send packets to the destination node. However, the current Internet architecture provides no assurance that the packets indeed follow the designated path. Network path validation schemes address this issue and enable each node present on a network path to validate whether each packet has followed the specific path so far. In this work, we introduce two notions of privacy-path privacy and Index privacy-in the context of network path validation. We show that, in case a network path validation scheme does not satisfy these two properties, the scheme is vulnerable to certain practical attacks (that affect the privacy, reliability, neutrality and quality of service offered by the underlying network). To the best of our knowledge, ours is the first work that addresses privacy issues related to network path validation. We design PrivNPV, a privacy-preserving network path validation protocol, that satisfies both path privacy and index privacy. We discuss several attacks related to network path validation and how PrivNPV defends against these attacks. Finally, we discuss the practicality of PrivNPV based on relevant parameters.

Yanfei Fan,Yixin Jiang,Haojin Zhu,Jiming Chen,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/twc.2011.122010.100087

IF: 10.4

2010-01-01

IEEE Transactions on Wireless Communications

Abstract:Privacy threat is one of the critical issues in multi-hop wireless networks, where attacks such as traffic analysis and flow tracing can be easily launched by a malicious adversary due to the open wireless medium. Network coding has the potential to thwart these attacks since the coding/mixing operation is encouraged at intermediate nodes. However, the simple deployment of network coding cannot achieve the goal once enough packets are collected by the adversaries. On the other hand, the coding/mixing nature precludes the feasibility of employing the existing privacy-preserving techniques, such as Onion Routing. In this paper, we propose a novel network coding based privacy-preserving scheme against traffic analysis in multi-hop wireless networks. With homomorphic encryption on Global Encoding Vectors (GEVs), the proposed scheme offers two significant privacy-preserving features, packet flow untraceability and message content confidentiality, for efficiently thwarting the traffic analysis attacks. Moreover, the proposed scheme keeps the random coding feature, and each sink can recover the source packets by inverting the GEVs with a very high probability. Theoretical analysis and simulative evaluation demonstrate the validity and efficiency of the proposed scheme.

Yi Gao,Wei Dong,Xiaoyu Zhang,Wenbin Wu

DOI: https://doi.org/10.1109/tnet.2020.2965587

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:Most sensor networks employ dynamic routing protocols so that the routing topology can be dynamically optimized with environmental changes. The routing behaviors can be quite complex with increasing network scale and environmental dynamics. Knowledge on the routing path of each packet is certainly a great help in understanding the complex routing behaviors, allowing effective performance diagnosis and efficient network management. We propose PAT, a universal sensornet path tracing approach. PAT includes an intelligent path encoding scheme that allows efficient decoding at the PC side. To make PAT more scalable, we propose techniques to accurately estimate the degree information by exploiting timing information, allowing more compact path encoding. Moreover, we employ subpath concatenation to infer excessively long paths with a high recovery probability. We carefully evaluate PAT's performance using testbed experiments and and extensive simulations with up to 4,000 nodes. Results show that PAT significantly outperforms existing approaches.

Yanfei Fan,Bin Lin,Yixin Jiang,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/glocom.2008.ecp.891

2008-01-01

Abstract:In this paper, we propose an efficient privacy-preserving scheme for secure packet transmission at wireless link layer. The proposed scheme is constructed by using hash values in reverse hash chains as interface identifiers. It can successfully and efficiently resist the Media Access Control (MAC) address based attacks, such as flow tracking and traffic analysis, which are launched by either outside or even inside attackers. In addition, some optimization techniques are also introduced to further improve the efficiency of the proposed scheme. The extensive analysis and simulations demonstrate the enhanced security and efficiency of the proposed scheme.

Fan Yang,Ke Xu,Qi Li,Rongxing Lu,Bo Wu,Tong Zhang,Yi Zhao,Meng Shen

DOI: https://doi.org/10.1109/iwqos49365.2020.9213001

2020-01-01

Abstract:No matter from the perspective of detection or defense, source and path validations are fundamentally primitive in constructing security mechanisms to greatly enhance network immunity in the face of malicious attacks, such as injection, traffic hijacking and hidden threats. However, existing works for source and path verification still impose a non-trivial operational overhead and lack adjustment capability for path dynamic changes. In this paper, we propose a flexible and convenient source and path validation protocol called PSVM, which uses an authentication structure PIC composed of ordered pieces to carry out packet verification. Specifically, in the basic PSVM protocol, PIC (related to cryptographic computation) in the packet header does not require any update during packet verification, which thus enables a lower processing overhead in routers. To cope with the challenge of path policy changes in the running protocol, the dynamic PSVM protocol supports controllable adjustment and migration, especially in the case of avoiding a malicious node or region. Our evaluation of a prototype experiment on Click demonstrates that the verification efficiency of PSVM is barely influenced by payload size or path length. Compared to the baseline of normal IP routing, the throughput reduction ratio of the basic PSVM is about 13%, which is much better than 28% of existing best solution Origin and Path Trace (OPT). In addition, for a 35-hop path with 30 pieces of PIC needed to be adjusted in dynamic PSVM, the throughput reduction ratio of routing cross node performing the adjustment operation after normal verification is only 2.4%.

Kai Bu,Yingjiu Li

DOI: https://doi.org/10.1109/tifs.2017.2768022

IF: 7.231

2018-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Path authentication thwarts counterfeits in RFIDbased supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are pathgrained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present STEPAUTH, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict path bindings. We encode a path into a secret with minimum path visibility disclosure between adjacent steps. Carrying the secret, a product has to go through steps in the exact order as in the designated path to pass authentication. STEPAUTH enforces no tag computation and enables each step to locally verify path secrets without pre-offloaded valid-path sets. Toward an even higher security guarantee, STEPAUTH can hinder an adversary capable of compromising all steps from forging valid secrets. We make STEPAUTH practically efficient by taking advantage of nested encryption and hybrid encryption. To achieve a 128-b security for a practically long path of 100 steps, STEPAUTH generates a secret around 10 KB, which can be well supported by high-memory EPC Gen2 tags. Such secrets take STEPAUTH less than 1 s to encode and around 10 ms to verify.

Songtao Fu,Qi Li,Min Zhu,Xiaoliang Wang,Su Yao,Yangfei Guo,Xinle Du,Ke Xu

DOI: https://doi.org/10.1109/iwqos52092.2021.9521345

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The source and path verification in Path-Aware Networking considers the two critical issues: (1) end hosts could verify that the network follows their forwarding decisions, and (2) both on-path routers and destination host could authenticate the source of packets and filter the malicious traffic. Unfortunately, the state-of-the-art mechanisms require heavy communication overhead in the network and computation overhead in the router; moreover, it is difficult to meet the dynamic requirements of the end host. We propose a user-driven mechanism, source and path verification based on Multi-AS-Key (MASK). MASK decreases the communication overhead by a short additional packet header and reduces the computation overhead by separating the control and data plane in terms of the cryptographic operation. Furthermore, it utilizes the stateful user to instruct the stateless routers to process the packet with a user-driven policy, thus satisfying the user’s requirements such as detecting the packet drop and replay attack. With the plausible design, the communication overhead for realistic path lengths is 1/2 to 1/10 compared with the state-of-the-art mechanisms. We implement MASK in the BMv2 environment and commodity Barefoot Tofino programmable switch, testify that MASK introduces significantly less overhead than the state-of-the-art mechanisms, and demonstrate that MASK could achieve the verification in the programmable switch at line rate.

Kai Bu,Yutian Yang,Avery Laird,Jiaqing Luo,Yingjiu Li,Kui Ren

DOI: https://doi.org/10.48550/arXiv.1804.03385

2018-04-10

Networking and Internet Architecture

Abstract:Validating network paths taken by packets is critical for a secure Internet architecture. Any feasible solution must both enforce packet forwarding along endhost-specified paths and verify whether packets have taken those paths. However, neither enforcement nor verification is supported by the current Internet. Due likely to a long-standing confusion between routing and forwarding, only limited solutions for path validation exist in the literature. This survey article aims to reinvigorate research in to the significant and essential topic of path validation. It crystallizes not only how path validation works but also where seemingly qualified solutions fall short. The analyses explore future research directions in path validation toward improving security, privacy, and efficiency.

Kai Bu,Avery Laird,Yutian Yang,Linfeng Cheng,Jiaqing Luo,Yingjiu Li,Kui Ren

DOI: https://doi.org/10.1145/3409796

IF: 16.6

2020-01-01

ACM Computing Surveys

Abstract:Validating the network paths taken by packets is critical in constructing a secure Internet architecture. Any feasible solution must both enforce packet forwarding along end-host specified paths and verify whether packets have taken those paths. However, the current Internet supports neither enforcement nor verification. Likely due to the radical changes to the Internet architecture and a long-standing confusion between routing and forwarding, only limited solutions for path validation exist in the literature. This survey article aims to reinvigorate research on the essential topic of path validation by crystallizing not only how path validation works but also where seemingly qualified solutions fall short. The analyses explore future research directions in path validation aimed at improving security, privacy, and efficiency.

Bo Wu,Ke Xu,Qi Li,Zhuotao Liu,Yih-Chun Hu,Martin J. Reuel,Meng Shen,Fan Yang

DOI: https://doi.org/10.1109/iwqos.2018.8624169

2018-01-01

Abstract:The Internet lacks verification of source authenticity and path compliance between the planned packet delivery paths and the real delivery paths, which allows attackers to construct attacks like source spoofing and traffic hijacking attacks. Thus, it is essential to enable source and path verification in networks to detect forwarding anomalies and ensure correct packet delivery. However, most of the existing security mechanisms can only capture anomalies but are unable to locate the detected anomalies. Besides, they incur significant computation and communication overhead, which exacerbates the packet delivery performance. In this paper, we propose a high-efficient packet forwarding verification mechanism called PPV for networks, which verifies packet source and their forwarding paths in real time. PPV enables probabilistic packet marking in routers instead of verifying all packets. Thus, it can efficiently identify forwarding anomalies by verifying markings. Moreover, it localizes packet forwarding anomalies, e.g., malicious routers, by reconstructing packet forwarding paths based on the packet markings. We implement PPV prototype in Click routers and commodity servers, and conducts real experiments in a real testbed built upon the prototype. The experimental results demonstrate the efficiency and performance of PPV. In particular, PPV significantly improves the throughput and the goodput of forwarding verification, and achieves around 2 times and 3 times improvement compared with the-state-of-art OPT scheme, respectively.

Akbari Indra Basuki,Didi Rosiyadi,Iwan Setiawan

DOI: https://doi.org/10.1109/icramet51080.2020.9298588

2020-11-18

Abstract:Path-tracking is essential to provide complete information regarding network breach incidents. It records the direction of the attack and its source of origin thus giving the network manager proper information for the next responses. Nevertheless, the existing path-tracking implementations expose the network topology and routing configurations. In this paper, we propose a privacy-aware path-tracking which mystifies network configurations using in-packet bloom filter. We apply our method by using P4 switch to supports a fine-grain (per-packet) path-tracking with dynamic adaptability via in-switch bloom filter computation. We use a hybrid scheme which consists of a destination-based logging and a path finger print-based marking to minimize the redundant path inferring caused by the bloom filter’s false positive. For evaluation, we emulate the network using Mininet and BMv2 software switch. We deploy a source routing mechanism to run the evaluations using a limited testbed machine implementing Rocketfuel topology. By using the hybrid marking and logging technique, we can reduce the redundant path to zero percent, ensuring no-collision in the path-inferring. Based on the experiments, it has a lower space efficiency (56 bit) compared with the bloom filter-only solution (128 bit). Our proposed method guarantees that the recorded path remains secret unless the secret keys of every switch are known.

Anxiao He,Kai Bu,Jiongrui Huang,Yifei Pang,Qianping Gu,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3315457

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Path validation promises a necessary security add-on for future Internet architectures. It authenticates not only source identities but also the exact path where a packet forwards through. This offers users more flexibility and reliability in network services. Most existing solutions focus on single-path validation that pre-correlates a packet to a specific forwarding path. However, parallel transmissions in multipath routing tend to induce bursty traffic that is hardly validated in time by existing solutions. In this paper, we present SwiftParade as the first attempt toward anti-burst multipath validation. It proposes a composite validation technique that can simultaneously validate a group of packets likely from multiple different paths. This helps to amortize the validation overhead across packets of the entire group instead of imposing the validation overhead equally on every packet. To implement composite validation, SwiftParade further explores a noncommutative homomorphic asymmetric encryption scheme. We prove effectiveness and security of SwiftParade through theoretical analysis. We also conduct extensive experiments to evaluate SwiftParade performance. The results show that SwiftParade offers high efficiency and applicability to multipath validation with complex routing topologies. In comparison with the state-of-the-art multipath validation solution—Atlas, SwiftParade speeds up packet processing by 2.5× $\sim 8.3\times$ and increases communication throughput by 2.8× $\sim 10.2\times$ .

Xueming Zhang,Haitao Deng,Zenggang Xiong,Yanchao Liu,Ying Rao,Yuanlin Lyu,Yuan Li,Delin Hou,Youfeng Li

DOI: https://doi.org/10.1007/s11265-023-01908-1

2024-02-18

Journal of Signal Processing Systems

Abstract:In social aware networks, the routing protocol possesses a considerable amount of sensitive user information during node transmission. When selecting the next hop node for transmitting information in social sensing networks, there is an inherent risk of privacy breach due to malicious nodes attacking innocent nodes within the network. To address the issue of user privacy leakage, this study presents a novel privacy-preserving access control algorithm, termed Attribute Trust-based Security (ATST), which is designed to protect sensitive information. The algorithm, based on encrypting the plaintext message to ensure message security, employs the user's attributes to create an attribute trust measurement model and a network access control structure. This process identifies a trusted next hop node for information transmission. Subsequently, the access control tree model derived from the attribute is utilized during decryption. After the message reached its destination node, only the user who satisfied the access control criteria of the decryption module was authorized to decrypt the ciphertext. By verifying the trust measurement and access control of nodes through the dual trust mechanism, it prevented malicious nodes from entering the network, causing damage to the network and affecting the performance of the network. In addition, the clear text message was encrypted and transmitted, and the final receiving node was verified to ensure the secure transmission of the message to the destination node. The simulation outcomes demonstrate that the ATST algorithm effectively mitigates the effects of malevolent nodes on the network, ensuring message transfer efficiency and reducing the average delay.

computer science, information systems,engineering, electrical & electronic

Anxiao He,Xiang Li,Jiandong Fu,Haoyu Hu,Kai Bu,Chenlu Miao,Kui Ren

DOI: https://doi.org/10.1109/tifs.2023.3236806

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Path validation has already been incrementally deployed in the Internet architecture. It secures packet forwarding by enabling end hosts to negotiate specific forwarding paths and enforcing on-path routers to prove their forwarding behaviors along these paths. Most existing path validation solutions target static paths, paying less attention to fully dynamic paths that support flexible routing. In this paper, we present Hummingbird as the first validation solution over fully dynamic paths. It features a hidden equal-probability sampling technique. Gaining efficiency via routers probabilistically sampling packets to validate, we craft the sampling probability such that each router validates a similar amount of packets given an unknown path length. We further hide the state of whether a packet has been sampled and validated using a lightweight, non-cryptographic scheme. This prevents attackers from differentiating and selectively mis-forwarding packets. We validate security and efficiency of Hummingbird through both theoretical proof and experimental evaluation.

Sushama Karumanchi,Jingwei Li,Anna Squicciarini

DOI: https://doi.org/10.1145/2857705.2857715

2016-01-01

Abstract:Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.

Anxiao He,Kai Bu,Yucong Li,Eikoh Chida,Qianping Gu,Kui Ren

DOI: https://doi.org/10.1109/tifs.2020.3001669

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Path validation has been explored as an indispensable security feature for the future Internet. Motivated by the Path-Aware Networking Research Group (PANRG) under the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF), it gives end-hosts more control over packet forwarding and ensures that the forwarding history is verifiable. The main idea is to require that routers add proofs in packet headers for other routers to verify. We identify linear-scale proofs as the essential efficiency barrier of existing path validation solutions. In this paper, we propose Atomos to validate network paths with constant-size proofs. To this end, we construct a noncommutative homomorphic asymmetric-key encryption scheme. Asymmetric cryptography minimizes the number of proofs needed and saves time in processing proofs. The homomorphism we design yields constant-size proofs. It limits the header-space overhead and outperforms existing linear-scale counterparts when the path length exceeds a value that is usually small. Furthermore, the proposed encryption scheme is noncommutative so that any deviation from the forwarding path can be detected. We explore a series of design strategies for security and efficiency. The evaluation results show that Atomos yields not only shorter proofs but also faster validation than existing solutions.

Wenlong Chen,Xiaolin Wang,Xiaoliang Wang,Ke Xu,Sushu Guo

DOI: https://doi.org/10.1109/jsyst.2022.3165826

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:The correctness of user traffic forwarding paths is an important goal of trusted transmission. Many network security issues are related to it, i.e., denial-of-service attacks, route hijacking, etc. The current path-aware network architecture can effectively overcome this issue through path verification. At present, the main problems of path verification are high communication and high computation overhead. To this aim, this article proposes a lightweight real-time verification mechanism of intradomain forwarding paths in autonomous systems to achieve a path verification architecture with no communication overhead and low computing overhead. The problem situation is that a packet finally reaches the destination, but its forwarding path is inconsistent with the expected path. The expected path refers to the packet forwarding path determined by the interior gateway protocols. If the actual forwarding path is different from the expected one, it is regarded as an incorrect forwarding path. This article focuses on the most typical intradomain routing environment. A few routers are set as the verification routers to block the traffic with incorrect forwarding paths and raise alerts. Experiments prove that this article effectively solves the problem of path verification and the problem of high communication and computing overhead.

Dong Xie,Guanru Li,Bin Yao,Xuan Wei,Xiaokui Xiao,Yunjun Gao,Minyi Guo

DOI: https://doi.org/10.1109/icde.2016.7498254

2016-01-01

Abstract:As location-based services (LBSs) become popular, location-dependent queries have raised serious privacy concerns since they may disclose sensitive information in query processing. Among typical queries supported by LBSs, shortest path queries may reveal information about not only current locations of the clients, but also their potential destinations and travel plans. Unfortunately, existing methods for private shortest path computation suffer from issues of weak privacy property, low performance or poor scalability. In this paper, we aim at a strong privacy guarantee, where the adversary cannot infer almost any information about the queries, with better performance and scalability. To achieve this goal, we introduce a general system model based on the concept of Oblivious Storage (OS), which can deal with queries requiring strong privacy properties. Furthermore, we propose a new oblivious shuffle algorithm to optimize an existing OS scheme. By making trade-offs between query performance, scalability and privacy properties, we design different schemes for private shortest path computation. Eventually, we comprehensively evaluate our schemes upon real road networks in a practical environment and show their efficiency.

Xiaolei Dong,Lifei Wei,Haojin Zhu,Zhenfu Cao,Licheng Wang

DOI: https://doi.org/10.1109/TVT.2010.2095432

2011-01-01

Abstract:Service-oriented vehicular ad hoc networks (VANETs) are expected to support the diverse infrastructure-based commercial services, including Internet access, real-time traffic concerns, video streaming, and content distribution. The success of service-oriented VANETs depends on the underlying communication system to enable the user devices to connect to a large number of communicating peers and even to the Internet. This poses many new research challenges, particularly on the aspects of security and user's privacy. In this paper, we propose a novel privacy-preserving data-forwarding scheme based on our proposed novel Lite-CA-based public key cryptography and on-path onion encryption technique. The proposed scheme is expected to not only thwart the traffic tracing attack at the minimized computational overhead but to provide an efficient way to relieve workload and deployment complexity of certificates as well. Performance comparisons and security analysis show that the proposed schemes are very efficient and suitable for service-oriented VANETs.

Chen Chen,Adrian Perrig

DOI: https://doi.org/10.1515/popets-2017-0007

2016-12-22

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract We identify two vulnerabilities for existing highspeed network-layer anonymity protocols, such as LAP and Dovetail. First, the header formats of LAP and Dovetail leak path information, reducing the anonymity-set size when an adversary launches topological attacks. Second, ASes can launch session hijacking attacks to deanonymize destinations. HORNET addresses these problems but incurs additional bandwidth overhead and latency. In this paper, we propose PHI, a Path-HIdden lightweight anonymity protocol that solves both challenges while maintaining the same level of efficiency as LAP and Dovetail. We present an efficient packet header format that hides path information and a new back-off setup method that is compatible with current and future network architectures. Our experiments demonstrate that PHI expands anonymity sets of LAP and Dovetail by over 30x and reaches 120 Gbps forwarding speed on a commodity software router.