preserving privacy at ixps
play

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick - PowerPoint PPT Presentation

Feb 04, 2023 •511 likes •729 views

Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + * Internet Exchange Points Global Transit / Hyper Giants National Large Content, Consumer, Hosting CDN

  1. � � � � � Preserving Privacy at IXPs + Xiaohe Hu * Arpit Gupta , Nick Feamster , Aurojit Panda , Scott Shenker + *

  2. Internet Exchange Points Global Transit / “Hyper Giants” National Large Content, Consumer, Hosting CDN Global Internet Backbones • 901 IXPs in total Core • 140 new IXPs in the past year IXP IXP IXP • Large IXPs Regional / Tier2 500+ AS members • Providers ISP ISP 50K+ peering links • 4T+ peek traffic • Customer IP Networks Interdomain Ecosystem Labovitz et al., Internet Inter-Domain Traffic , SIGCOMM 2010 2 http://wwww.pch.net/ixp/dir

  3. Internet Exchange Points Scalability challenge for AS BGP Implementation • 100s or1000s of sessions at large IXPs IXP Switching Fabric AS A Router AS C Router AS B Router 3

  4. IXP Route Server IXP • Functionality Route Server (RS) Aggregating and distributing routes • Executing AS policies • BGP Session • Scalability Switching Fabric n 2 Sessions from O( ) to O( ) • n AS A Router AS C Router AS B Router 4

  5. IXP Route Server SDX = SDN + IXP Flexibility on functionality extension SDX Controller More flexible business relationships • Load balancing and traffic engineering • Better security applications • Programmable Fabric AS A Router AS C Router AS B Router 5

  6. Privacy Concern • AS policies are revealed to the IXP provider • Related to AS commercial resources, agreements and strategies • Backup paths, peering relationships, and local preferences on route selection • No SLA or NDA on data confidentiality • Concern of network operators • Impeding the widespread adoption of route servers 6

  7. ? ? Problem Statement Can we construct IXP route servers which are • scalable : increasing # of ASes at an IXP ✔ • flexible : supporting functionality extension ✔ • privacy-preserving : protecting AS policies ? 7

  8. Route Server Computation … IXP Route Server (RS) Incoming routes AS B Sanitization RIB Master BGP Session Route Selection RIB (Ranking Policies) Outgoing routes Switching Fabric Filtering BGP Handler (Export/Import Policies) … AS A Router AS C Router AS B Router 8

  9. Policy Privacy Information Publicly Visible Route Server Visible Route Announcements Yes Yes Possible Routes (RIB) No Configuration Dependent Best Route Yes Yes Filtering Policy No Yes Ranking Policy No Configuration Dependent Auxiliary State ( e.g. No Configuration Dependent intradomain link property) Dataplane Behavior Yes Yes 9

  10. Previous Approach • Secure Multi-Party Computation (SMPC) • Splitting computation across multiple non-colluding players • Converting computation into an arithmetic or boolean circuit • SIX-PACK: a privacy-preserving route server using SMPC • Limitations • Requiring computation outsourced to non-colluding providers • Two order-of-magnitude slower than the insecure approach • Making it harder to add functionality when minimizing computation with SMPC 10

  11. Trusted Execution Environment • A hybrid approach of system and cryptography TEE processor is trusted • Physical Memory Hardware guaranteed confidentiality and integrity • Access Encrypted Data from OS/App Sealing Current commodity instances such as Intel SGX • CPU Enclave Page Cache (EPC) Enclave Access • Enclave abstraction Code/Data Check Code/Data Memory protection • Memory snoop Enclave Ctrl Structure Encryption Engine (MEE) ACL from other application accesses • snoop (D)Encryption between cache<->enclave<->main memory • Attestation Remote attestation • Integrity check Verifying code within enclave for remote clients by signatures • 11

  12. Trusted Execution Environment • Threat Model • IXPs are honest but curious • ASes and IXP trust the hardware vendor and TEE is correct • IXPs don’t use side-channel attacks • Related Work • Staying in simulation stage • Not to centralize BGP computation 12

  13. System Design • Scalability: route server in real TEE platform • Identify the untrusted and trusted code and data • Protect minimal trusted part within enclave to reduce system calls • Flexibility: little restriction on route server functionality • Consolidate trusted parts in one single enclave • Replace trusted-untrusted message passing with TEE transition calls • Privacy-preserving: end to end trustworthiness and confidentiality • Remote attestation, memory protection and secure channels 13

  14. SGRS = SGX + Route Server SGRS Application SGX Enclave Message Parsing � Session Handler Route Sanity Check RIBs - Control Route Computation ECALLs - BGP Server OCALLs Routing Policy Core Policies SGX Untrusted Handler Run-Time System Untrusted Trusted Attestation, Authentication, and De/Encryption Module OS Kernel � SGX Driver SGX Trusted Run-Time System and Basic Library Support � System Call Handler 14

  15. SGDX = SGX + SDX Central Services AS Controller SDN Policy Updates Application BGP State and SDN New private function � Session Handler BGP Announcements Policy Handler � VNH Assignment • Augment SDN outbound Enclave � SDN Policies Extended RS Core policies with BGP reachability � BGP States Reachability Handler • Virtual Next-hops • Routing Handler • Augmented • Reachability Tag Requests Consolidate computation Tagging Relay Update and Tagging Handler Fabric Controller • Run all routing related functions in central services IXP Programmable Fabric 15

  16. Implementation Analysis • SGRS and SGDX trusted part • Most functions are written in identical way as general C program • SGX related logic • Reusable: enclave_init() remote_attestation() etc. • Transition call interfaces by enclave definition language • Application-specific transition call functions • Development overhead ( Application-specific LOC / total trusted LOC ) • SGRS: 207 / 2241 = 9.23% • SGDX: 277 / 2807 = 9.87% 16

  17. Evaluation • A 4-core SGX-enabled processor and 64GB DRAM • Data-sets derived from real-world RIPE RIS data • Original data consists of only public BGP updates and RIB dumps • Extend AS number with uniform fraction of peering • Random local preferences as ranking policies • Replay real BGP update traces to evaluate BGP update compute time • SGRS v.s. SIXPACK, SGDX v.s. iSDX 17

  18. Evaluation • SGRS is 20x-70x faster than SIX-PACK • SGRS is 4x-26x slower than Baseline (insecure) AS Number 18

  19. Evaluation • SGDX is comparable to iSDX ranging from 0.5x-2.1x the processing time of iSDX 19

  20. Summary • Propose SGRS and SGDX to preserve privacy at IXPs with TEE • SGDX is approximately scalable and flexible as iSDX while preserves privacy • Codebase: https://github.com/huxh10/SGDX • Future work • Expanding the threat model to mitigate side-channel attacks • Application extensions with SGDX • Automating the privacy-preserving development process 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

1.04k views • 60 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining &amp; Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides
Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Biryukov, Khovratovich, Tikhomirov Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex Biryukov, Dmitry Khovratovich, Sergei Tikhomirov Conclusion and future work

828 views • 20 slides
P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

197 views • 5 slides
Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model Giovanni Di Crescenzo 1 Brian Coan 1 John Schultz 3 Simon Tsang 1 Rebecca N.

338 views • 14 slides
Certification and IoT Guillaume Boufgard ( guillaume.boufgard@ssi.gouv.fr ) Agence nationale de la

Certification and IoT Guillaume Boufgard ( guillaume.boufgard@ssi.gouv.fr ) Agence nationale de la

Certification and IoT Guillaume Boufgard ( guillaume.boufgard@ssi.gouv.fr ) Agence nationale de la scurit des systmes dinformation 23 Mai 2019 Until now Security features are made on specific devices Payment Identity Travel

560 views • 26 slides
Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia

Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia

Scalaz-Stream Masterclass Rnar Bjarnason, Verizon Labs @ runarorama NEScala 2016 , Philadelphia Scalaz-Stream (FS2) F unctional S treams for S cala https://github.com/functional-streams-for-scala/fs2 Disclaimer This library is

1.16k views • 93 slides
Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides

Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides

Tufts COMP 135: Introduction to Machine Learning https://www.cs.tufts.edu/comp/135/2019s/ Dimensionality Reduction &amp; Embedding (part 2/2) Prof. Mike Hughes Many ideas/slides attributable to: Emily Fox (UW), Erik Sudderth (UCI) 2 What

998 views • 52 slides
How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if

How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if

How To Get A New Shirt Make it yourself: How To Get A Shirt Make it yourself: Get if from a store or factory: How To Get A Shirt Make it yourself: Get if from a store or factory: Have someone give it to you: How To Get A

282 views • 10 slides
Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat?

Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat?

Iteratees in C the lightning talk pesco @khjk.org 30C3, Hamburg, 27-30.12.2013 Wat? Iteratees are stream processors. Programming model / API to allow reasoning about I/O Origin: functional programming Challenge: Do it without

374 views • 10 slides
Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and

Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and

Preprocessing and Inprocessing Techniques in SAT Armin Biere Institute for Formal Models and Verification Johannes Kepler University Linz, Austria joint work with Marijn Heule and Matti J arvisalo WorKer11 3rd Workshop on Kernelization

1.03k views • 49 slides
UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform

UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform

UN Global Platform Mark Craddock #UNGlobalPlatform @mcraddock @UNBigData 1 #UNGlobalPlatform A global collaboration to harness the power of data for better lives 2 #UNGlobalPlatform Leave no one behind Endeavour to reach the furthest

745 views • 48 slides
Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC

Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC

Parallel Data Migration Between GPFS Filesystems via the iRODS Rule Engine Ilari Korhonen, PDC Center for High Performance Computing The 12th Annual iRODS Users Group Meeting June 9th 2020, The Internet Background PDC is a HPC center based

236 views • 19 slides

More recommend