Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation

Proceedings of the 7th Asia-Pacific Workshop on Networking Pub Date : 2023-06-29 DOI:10.1145/3600061.3600064

Huisan Xu, Qiuyue Qin, Xing Fang, Qiao Xiang, J. Shu

{"title":"Toward Privacy-Preserving Interdomain Configuration Verification via Multi-Party Computation","authors":"Huisan Xu, Qiuyue Qin, Xing Fang, Qiao Xiang, J. Shu","doi":"10.1145/3600061.3600064","DOIUrl":null,"url":null,"abstract":"Interdomain network configuration errors can lead to disastrous financial and social consequences. Although substantial progress has been made in using formal methods to verify whether network configurations conform to certain properties, current tools focus on a single network. The fundamental challenge of configuration verification in an interdomain network is privacy, because each autonomous system (AS) treats its network configuration files as private information and is not willing to share it with others. In this paper, we take a first step toward interdomain network configuration verification and propose InCV, a privacy-preserving interdomain configuration verification system based on data-oblivious computation. Given an interdomain network, InCV allows ASes to collaboratively simulate the running of the network and verify the resulting interdomain routing information base (RIB) without revealing their network configurations to any party. Preliminary evaluation using real-world topologies and synthetic network configurations shows that InCV can verify an interdomain network of 32 ASes within ∼ 52 minutes with reasonable overhead.","PeriodicalId":228934,"journal":{"name":"Proceedings of the 7th Asia-Pacific Workshop on Networking","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Asia-Pacific Workshop on Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600061.3600064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Interdomain network configuration errors can lead to disastrous financial and social consequences. Although substantial progress has been made in using formal methods to verify whether network configurations conform to certain properties, current tools focus on a single network. The fundamental challenge of configuration verification in an interdomain network is privacy, because each autonomous system (AS) treats its network configuration files as private information and is not willing to share it with others. In this paper, we take a first step toward interdomain network configuration verification and propose InCV, a privacy-preserving interdomain configuration verification system based on data-oblivious computation. Given an interdomain network, InCV allows ASes to collaboratively simulate the running of the network and verify the resulting interdomain routing information base (RIB) without revealing their network configurations to any party. Preliminary evaluation using real-world topologies and synthetic network configurations shows that InCV can verify an interdomain network of 32 ASes within ∼ 52 minutes with reasonable overhead.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于多方计算的保护隐私域间配置验证研究

域间网络配置错误可能导致灾难性的财务和社会后果。尽管在使用形式化方法验证网络配置是否符合某些属性方面已经取得了实质性进展，但目前的工具主要集中在单个网络上。域间网络中配置验证的基本挑战是隐私，因为每个自治系统(AS)都将其网络配置文件视为私有信息，并且不愿意与其他系统共享。在本文中，我们向域间网络配置验证迈出了第一步，提出了一种基于数据无关计算的保护隐私的域间网络配置验证系统InCV。给定一个域间网络，InCV允许ase协同模拟网络的运行并验证结果的域间路由信息库(RIB)，而无需向任何一方透露其网络配置。使用真实拓扑和合成网络配置的初步评估表明，InCV可以在~ 52分钟内以合理的开销验证32个as的域间网络。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 7th Asia-Pacific Workshop on Networking

自引率

0.00%

发文量