Advertisement

Divide and Conquer: Efficient Multi-path Validation with ProMPV

  • Anxiao HeEmail author
  • Yubai Xie
  • Wensen Mao
  • Tienpei Yeh
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 300)

Abstract

Path validation has long be explored toward forwarding reliability of Internet traffic. Adding cryptographic primitives in packet headers, path validation enables routers to enforce which path a packet should follow and to verify whether the packet has followed the path. How to implement path validation for multi-path routing is yet to be investigated. We find that it leads to an impractically low efficiency when simply applying existing single-path validation to multi-path routing.

In this paper, we present ProMPV as an initiative to explore efficient multi-path validation for multi-path routing. We segment the forwarding path into segments of three routers following a sliding window with size one. Based on this observation, we design ProMPV as a proactive multi-path validation protocol in that it requires a router to proactively leave to its second next hop with proofs that cannot be tampered by its next hop. In multi-path routing, this greatly optimizes the computation and packet size. A packet no longer needs to carry all proofs of routers along all paths. Instead, it iteratively updates its carried proofs that correspond to only three hops. We validate the security and performance of ProMPV through security analysis and experiment results, respectively.

Keywords

Path validation Multi-path routing Source authentication Routing strategy 

Notes

Acknowledgement

This work is supported by The Natural Science Foundation of Zhejiang Province under Grant No. LY19F020050. We would also like to thank Professor Kai Bu for mentoring us on the project.

References

  1. 1.
    OpenSSL: Cryptography and SSL/TLS Toolkit. https://www.openssl.org/
  2. 2.
    Bu, K., Yang, Y., Laird, A., Luo, J., Li, Y., Ren, K.: What’s (not) validating network paths: a survey. arXiv:1804.03385 (2018)
  3. 3.
    He, J., Rexford, J.: Toward internet-wide multipath routing. IEEE Netw. 22(2), 16–21 (2008)CrossRefGoogle Scholar
  4. 4.
    Lee, T., Pappas, C., Perrig, A., Gligor, V., Hu, Y.C.: The case for in-network replay suppression. In: ACM AsiaCCS, pp. 862–873 (2017)Google Scholar
  5. 5.
    Naous, J., Walfish, M., Nicolosi, A., Mazières, D., Miller, M., Seehra, A.: Verifying and enforcing network paths with ICING. In: CoNEXT (2011)Google Scholar
  6. 6.
    Paxson, V.: End-to-end routing behavior in the internet. In: ACM SIGCOMM, pp. 25–38 (1996)CrossRefGoogle Scholar
  7. 7.
    Segall, A.: Optimal distributed routing for virtual line-switched data networks. IEEE Trans. Commun. 27, 201–209 (1979)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Singh, R., Singh, Y., Yadav, A.: Loop free multipath routing algorithm, January 2016Google Scholar
  9. 9.
    Villamizar, C.: OSPF optimized multipath (OSPF-OMP), September 2019Google Scholar
  10. 10.
    Wu, B., et al.: Enabling efficient source and path verification via probabilistic packet marking. In: IWQoS (2018)Google Scholar
  11. 11.
    Xu, W., Rexford, J.: Miro: multi-path interdomain routing. In: ACM SIGCOMM (2006)Google Scholar
  12. 12.
    Yang, X., Wetherall, D.: Source selectable path diversity via routing deflections. ACM SIGCOMM 36, 159–170 (2006)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020

Authors and Affiliations

  1. 1.Zhejiang UniversityHangzhouChina

Personalised recommendations