Nik Sultana
Andrew W. Moore
ABSTRACT
Network monitoring is vital to the administration and operation of networks, but it requires privileged access that only highly trusted parties are granted. This severely limits the opportunity for external parties, such as service or equipment providers, auditors, or even clients, to measure the health or operation of a network in which they are stakeholders, but do not have access to its internal structure.
In this position paper we propose the use of middleboxes to open up network monitoring to external parties using privacy-preserving technology. This will allow distrusted parties to make more inferences about the network state than currently possible, without learning any precise information about the network or the data that crosses it.
Thus the state of the network will be more transparent to external stakeholders, who will be empowered to verify claims made by network operators. Network operators will be able to provide more information about their network without compromising security or privacy.
- 1.K. Argyraki, P. Maniatis, et al. Verifiable Network-Performance Measurements. In CoNEXT. ACM, 2010. Google Scholar
Digital Library
- 2.M. Backes, M. Barbosa, et al. ADSNARK: nearly practical and privacy-preserving proofs on authenticated data. In Security and Privacy, pp. 271–286. IEEE, 2015. Google ScholarDigital Library
- 3.J. Bacon, D. Evans, et al. Middleware 2010, chap. Enforcing End-to-End Application Security in the Cloud, pp. 293–312. Springer, 2010. Google ScholarDigital Library
- 4.E. Ben Sasson, A. Chiesa, et al. Zerocash: Decentralized anonymous payments from bitcoin. In Security and Privacy, pp. 459–474. IEEE, 2014. Google ScholarDigital Library
- 5.F. Bonomi, R. Milito, et al. Fog Computing and Its Role in the Internet of Things. MCC '12, pp. 13–16. ACM, 2012. Google ScholarDigital Library
- 6.D. F. Brewer and M. J. Nash. The Chinese Wall Security Policy. In Security and Privacy, pp. 206–214. IEEE, 1989.Google Scholar
- 7.L. Carata, S. Akoush, et al. A primer on provenance. Commun. ACM, 57(5):52–60, May 2014. Google ScholarDigital Library
- 8.J. C. Corbett, J. Dean, et al. Spanner: Google's Globally Distributed Database. ACM Trans. Comput. Syst., 31(3):8:1–8:22, Aug. 2013. Google ScholarDigital Library
- 9.M. Costa, J. Crowcroft, et al. Vigilante: End-to-end containment of internet worm epidemics. ACM Trans. Comput. Syst., 26(4):9:1–9:68, Dec. 2008. Google ScholarDigital Library
- 10.C. Costello, C. Fournet, et al. Geppetto: Versatile verifiable computation. In Security and Privacy, pp. 253–270. IEEE, 2015. Google ScholarDigital Library
- 11.S. K. Fayazbakhsh, M. K. Reiter, et al. Verifiable network function outsourcing: Requirements, challenges, and roadmap. HotMiddlebox '13, pp. 25–30. ACM, 2013. Google ScholarDigital Library
- 12.S. K. Fayazbakhsh, V. Sekar, et al. Flowtags: Enforcing network-wide policies in the presence of dynamic middlebox actions. HotSDN '13, pp. 19–24. ACM, 2013. Google ScholarDigital Library
- 13.C. Fournet, M. Kohlweiss, et al. ZQL: A Compiler for Privacy-Preserving Data Processing. In USENIX Security, pp. 163–178. Citeseer, 2013. Google ScholarDigital Library
- 14.M. Fredrikson and B. Livshits. ZØ: An Optimizing Distributing Zero-knowledge Compiler. In USENIX Security Symposium, pp. 909–924. 2014. Google ScholarDigital Library
- 15.V. Jeyakumar, M. Alizadeh, et al. Tiny packet programs for low-latency network control and monitoring. HotNets-XII, pp. 8:1–8:7. ACM, 2013. Google ScholarDigital Library
- 16.E. Keller, R. B. Lee, et al. Accountability in Hosted Virtual Networks. VISA '09, pp. 29–36. ACM, 2009. Google ScholarDigital Library
- 17.M. Lennon. Cisco Reviewing Code After Juniper Backdoor Hack. Securityweek.com, Dec 2015.Google Scholar
- 18.I. Miers, C. Garman, et al. Zerocoin: Anonymous distributed e-cash from bitcoin. In Security and Privacy, pp. 397–411. IEEE, 2013. Google ScholarDigital Library
- 19.J. Naous, M. Walfish, et al. Verifying and Enforcing Network Paths with Icing. CoNEXT '11, pp. 30:1–30:12. ACM, 2011. Google ScholarDigital Library
- 20.B. Parno, J. Howell, et al. Pinocchio: Nearly Practical Verifiable Computation. In Security and Privacy, pp. 238–252. IEEE, 2013. Google ScholarDigital Library
- 21.A. Rial and G. Danezis. Privacy-preserving smart metering. WPES '11, pp. 49–60. ACM, 2011. Google ScholarDigital Library
- 22.B. Schneier and J. Kelsey. Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur., 2(2):159–176, May 1999. Google ScholarDigital Library
- 23.V. Sekar and P. Maniatis. Verifiable resource accounting for cloud computing services. CCSW '11, pp. 21–26. ACM, 2011. Google ScholarDigital Library
- 24.J. Sommers, P. Barford, et al. Accurate and Efficient SLA Compliance Monitoring. SIGCOMM Comput. Commun. Rev., 37(4):109–120, Aug. 2007. Google ScholarDigital Library
- 25.R. N. Staff. RIPE Atlas. The Internet Protocol Journal, 18(3):2–26, Sept 2015.Google Scholar
- 26.Y. Zhang, C. Papamanthou, et al. ALITHEIA: towards practical verifiable graph processing. In G. Ahn, M. Yung, et al., eds., Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pp. 856–867. ACM, 2014. Google ScholarDigital Library
Index Terms
- Light at the middle of the tunnel: middleboxes for selective disclosure of network monitoring to distrusted parties
Recommendations
An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations
USAB'11: Proceedings of the 7th conference on Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society: information Quality in e-HealthThe emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support ...
Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems
Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered ...
RFID system with fairness within the framework of security and privacy
ESAS'05: Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor NetworksRadio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In ...
Reviews
Vijay K Gurbani
Sultana et al. tackle the problem of remotely making measurements on a network over which the party conducting the reconnaissance has no control. Such scenarios are prevalent in cloud computing, where the subscriber to a cloud service has no visibility into the networking infrastructure hosted by the provider of the cloud service. Providers are reluctant to provide subscribers with visibility inside the network because this risks privacy breach, losing trade secrets to competitors, or aiding an adversary carrying out reconnaissance. Subscribers, on the other hand, would like such information so they can enforce service-level agreements (SLA) and increase their confidence in the provider. Their approach to conducting such reconnaissance is to use network cryptometry, which they define as employing a third-party-owned middlebox deployed by the service provider and trusted by the subscriber. They require that the service provider, the subscriber, and the third-party-owned middlebox communicate over channels that preserve confidentiality and integrity. Using techniques that tag network traffic with additional data related to the type of query the subscriber wants (reachability, path length, and so on), they craft a system that uses middleboxes to answer these queries and log the answers in a privacy-preserving manner to a global audit log file. The subscribers can subsequently audit the global log file to police SLAs. In my opinion, the system designed by Sultana et al. has the following drawbacks. One, it introduces middleboxes in networks where clients and servers are increasingly using opportunistic end-to-end encryption; upon encountering such an end-to-end encrypted stream, the middlebox may not be able to add the required tags. Second, there appears to be alternate standardized protocols like application-layer traffic optimization (ALTO) [1] that are designed exactly to expose the network state to applications (subscribers) in a privacy-preserving manner for the network providers (that is, the subscribers cannot glean the internals of the network). ALTO is used in data center networks, peer-to-peer networks, and enterprise networks. Finally, the solution proposed by Sultana et al. will require capital expenditure to host these middleboxes. Leaving technical issues aside, business strategy dictates that because all parties (service provider, subscriber, middlebox vendor) benefit from such an arrangement, the cost is borne equivalently among them. Would subscribers be amenable to paying more money to independently verify the network telemetry of the provider Or is the SLA itself enough Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments