Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPINE: Surveillance protection in the network Elements

Published by아성 유 Modified over 5 years ago

Similar presentations

Presentation on theme: "SPINE: Surveillance protection in the network Elements"— Presentation transcript:

1 SPINE: Surveillance protection in the network Elements
Trisha Datta, Nick Feamster, Jennifer Rexford, Liang Wang Princeton University

2 Privacy Threat from Plaintext IP Addresses
IP addresses can reveal sensitive information about senders/recipients Threat of surveillance by intermediate networks Real world example: Brazil, Portugal, USA (adversary) Threat model: Elaborate on what IP addresses reveal (website, who user is, geographic location, etc.) Trusted Entity #1 Trusted Entity #2 Untrusted Entity R1 R2

3 Deployment Challenges in Existing Solutions
IPSec Tunnels: encrypt entire packet Computationally expensive Network-Layer Anonymity Systems: nodes on path implement privacy- preserving protocol (e.g., Tor) Require participation from (potentially adversarial) intermediate nodes Require participation from (probably uninformed) end-users We want a faster solution with fewer participants!

4 Recent Technologies and Trends
TLS use is widespread  payloads are encrypted Programmable switches let us manipulate packets at switch hardware rates Increasing ubiquity of IPv6 (with longer 128-bit IP addresses) in network core

5 SPINE Contributions SPINE: practical solution to prevent an adversary along an end-to-end path from observing source and destination IP addresses. Processing performed at switch hardware rates No cooperation from intermediate autonomous systems No involvement from end users Flow-packet “unlinkability”

6 Encrypting Relevant Header Fields
How do we prevent information leakage from IP addresses and TCP sequence/acknowledgment numbers? Encryption! Central Controller SPINE Tables and Keys - See where everything happens; show where keys are being installed from above (central controller) Trusted Entity #1 Trusted Entity #2 Untrusted Entity SPINE SPINE R1 R2 Original Traffic SPINE (encrypted) Traffic

7 Efficient Cryptography on Header Fields
One-time pad encryption – requires only one XOR operation Encrypt(ip, k) = ip ⊕ H(k, nonce) ip: IP address (or TCP seq/ack no.) k: secret key nonce: public randomly-generated bit string H: keyed hash function Different nonce for each packet  flow-packet unlinkability Nonce Hash Function Original IPv4 Address One-Time Pad Encrypted IPv4 Address

8 Rotating Encryption Keys
We want: No repeated one-time pads To thwart authorities who might demand packet decryption Solution: rotate keys To prevent inconsistency, we use version numbers and remember old keys for t seconds

9 Challenges with Encrypting IP Addresses
Sending encryption metadata with packet Discerning which traffic is SPINE traffic Ensuring successful routing Solution: we need more space in the header  IPv6

10 SPINE Example Trusted Trusted Entity #1 Untrusted Entity #2 Entity
Encrypt and replace IPv4 header with IPv6 header Decrypt and restore original IPv4 header Trusted Entity #1 Trusted Entity #2 Untrusted Entity SPINE SPINE R1 R2 Host A Host B Original Traffic SPINE (encrypted) Traffic

11 IPv4 to IPv6 Header Transformation
Most fields transferred directly New IPv6 address Encrypted IPv4 address Encryption metadata “Reserved IPv6 prefix” – owned and announced by receiving trusted entity but no services offered there Reserved IPv6 Prefix Version # Nonce Encrypted IPv4 Address New IPv6 Address

12 P4 Implementation Advent of high-speed programmable data planes  packet manipulation P4 programs meant to run at line rates – “If it fits, it runs” Limit on operations (e.g., one-time pad encryption) P4 programs: series of match-action tables

13 P4 Pipeline Trusted Trusted Untrusted Entity #2 Entity #1 Entity R1 R2
Central Controller Routing Tables SPINE Tables Trusted Entity #2 Trusted Entity #1 Untrusted Entity SPINE SPINE R1 R2 Parse headers Check IPv6 Dst Addr  Decrypt if necessary Check IPv4 Dst Addr  Encrypt if necessary Deparse headers Set forwarding port SPINE Program

14 P4 Prototype and Resource Requirements
Nonce generation: P4 random() function Hash function: SipHash Pseudorandom function Fast on short inputs Central controller that controls keys and versions Resource Requirements: ~140 KB Ran simulations on Mininet software simulator Working on running SPINE on Barefoot Tofino switches Quantify overhead from adding IPv6 header 20 bytes in IPv4 header 40 bytes in IPv6 header 20 bytes of overhead in header Jumbo frames in core of internet

15 Conclusion Header fields can leak information to intermediate networks
Developed SPINE to combat this threat No cooperation from intermediate autonomous systems No involvement from end users Uses efficient encryption and implementable in P4 Using IPv6 bits for encryption purposes Github repo: Thank you for your time! How often do you cycle keys? use packets/second in core to calculate

16 Why do we need SipHash? SipHash is a pseudorandom function
PRF f and key k Given x, f(k, x), and y, an attacker cannot guess f(k, y) One-time pad encryption: E(ip) = ip ⊕ p, where p = f(k, nonce) ip ⊕ E(ip) = p Attacker can send packet with IP address ip, observe E(ip), and recover p If f is not a PRF, then p can leak information about k

Download ppt "SPINE: Surveillance protection in the network Elements"

Similar presentations

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
P4 demo: a basic L2/L3 switch in 170 LOC

P4 demo: a basic L2/L3 switch in 170 LOC
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—4-1 Implementing Inter-VLAN Routing Deploying Multilayer Switching with Cisco Express Forwarding.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
1 Network Security Lecture 8 IP Sec Waleed Ejaz

1 Network Security Lecture 8 IP Sec Waleed Ejaz
CSCE 715: Network Systems Security

CSCE 715: Network Systems Security
UNIT-3. 20.2 IP Datagram Fragmentation Figure 20.7 IP datagram.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

Similar presentations

Ads by Google