Divide and Conquer: Efficient Multi-path Validation with ProMPV
Path validation has long be explored toward forwarding reliability of Internet traffic. Adding cryptographic primitives in packet headers, path validation enables routers to enforce which path a packet should follow and to verify whether the packet has followed the path. How to implement path validation for multi-path routing is yet to be investigated. We find that it leads to an impractically low efficiency when simply applying existing single-path validation to multi-path routing.
In this paper, we present ProMPV as an initiative to explore efficient multi-path validation for multi-path routing. We segment the forwarding path into segments of three routers following a sliding window with size one. Based on this observation, we design ProMPV as a proactive multi-path validation protocol in that it requires a router to proactively leave to its second next hop with proofs that cannot be tampered by its next hop. In multi-path routing, this greatly optimizes the computation and packet size. A packet no longer needs to carry all proofs of routers along all paths. Instead, it iteratively updates its carried proofs that correspond to only three hops. We validate the security and performance of ProMPV through security analysis and experiment results, respectively.
KeywordsPath validation Multi-path routing Source authentication Routing strategy
This work is supported by The Natural Science Foundation of Zhejiang Province under Grant No. LY19F020050. We would also like to thank Professor Kai Bu for mentoring us on the project.
- 1.OpenSSL: Cryptography and SSL/TLS Toolkit. https://www.openssl.org/
- 2.Bu, K., Yang, Y., Laird, A., Luo, J., Li, Y., Ren, K.: What’s (not) validating network paths: a survey. arXiv:1804.03385 (2018)
- 4.Lee, T., Pappas, C., Perrig, A., Gligor, V., Hu, Y.C.: The case for in-network replay suppression. In: ACM AsiaCCS, pp. 862–873 (2017)Google Scholar
- 5.Naous, J., Walfish, M., Nicolosi, A., Mazières, D., Miller, M., Seehra, A.: Verifying and enforcing network paths with ICING. In: CoNEXT (2011)Google Scholar
- 8.Singh, R., Singh, Y., Yadav, A.: Loop free multipath routing algorithm, January 2016Google Scholar
- 9.Villamizar, C.: OSPF optimized multipath (OSPF-OMP), September 2019Google Scholar
- 10.Wu, B., et al.: Enabling efficient source and path verification via probabilistic packet marking. In: IWQoS (2018)Google Scholar
- 11.Xu, W., Rexford, J.: Miro: multi-path interdomain routing. In: ACM SIGCOMM (2006)Google Scholar