SpringerLink
Log in

Hop-by-Hop Verification Mechanism of Packet Forwarding Path Oriented to Programmable Data Plane

  • Conference paper
  • First Online:
Emerging Networking Architecture and Technologies (ICENAT 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1696))

  • 786 Accesses

Abstract

Attacks against the forwarding path could deviate data packets from the predefined route to achieve ulterior purposes, which has posed a serious threat to the software-defined network. Previous studies attempted to solve this security issue through complex authentication or traffic statistics methods. However, existing schemes have the disadvantages of high bandwidth overhead and high process delay. Hence, this article proposed a lightweight forwarding path verification mechanism based on P4 implementation. First, we deployed inband network telemetry to obtain path information, and then performed the path verification inside each hop in the programmable data plane to ensure that various attacks against forwarding paths could be intercepted. Finally, complete path verification information would convey to the control plane for backup. Corresponding experimental results demonstrate that our mechanism can effectively improve the security of the packet forwarding path with acceptable throughput and delay.

Supported by State Key Laboratory of Mobile Network and Mobile Multimedia Technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 79.50
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 99.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Cai, H., Wolf, T.: Source authentication and path validation with orthogonal network capabilities. In: 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 111–112 (2015). https://doi.org/10.1109/INFCOMW.2015.7179368

  2. Zhang, C., Zhao, M., Zhu, L., Zhang, W., Wu, T., Ni, J.: FRUIT: a blockchain-based efficient and privacy-preserving quality-aware incentive scheme. IEEE J. Sel. Areas Commun. (Early Access, 2022)

    Google Scholar 

  3. Yan, Z.J.: Trusted communication technologies for future networks. ZTE Technol. J. 27(5), 8 (2021)

    Google Scholar 

  4. Wang, J., Liu, Y., Zhang, W., Yan, X., Zhou, N., Jiang, Z.: Relfa: resist link flooding attacks via Renyi entropy and deep reinforcement learning in SDN-IoT. China Commun. 19(7), 157–171 (2022). https://doi.org/10.23919/JCC.2022.07.013

  5. Legner, M., Klenze, T., Wyss, M., Sprenger, C., Perrig, A.: EPIC: every packet is checked in the data plane of a path-aware internet. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 541–558. USENIX Association, August 2020. https://www.usenix.org/conference/usenixsecurity20/presentation/legner

  6. Li, Y., et al.: Achieving a blockchain-based privacy-preserving quality-aware knowledge marketplace in crowdsensing. In: Proceedings of IEEE EUC, Wuhan, China, pp. 1–6 (2022)

    Google Scholar 

  7. Liu, X., Li, A., Yang, X., Wetherall, D.: Passport: secure and adoptable source authentication. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation. NSDI 2008, pp. 365–378. USENIX Association, USA (2008)

    Google Scholar 

  8. Yaar, A., Perrig, A., Song, D.: Siff: a stateless internet flow filter to mitigate DDOS flooding attacks. In: IEEE Symposium on Security and Privacy, Proceedings, pp. 130–143 (2004). https://doi.org/10.1109/SECPRI.2004.1301320

  9. Bosshart, P., et al.: P4: programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014). https://doi.org/10.1145/2656877.2656890

  10. Naous, J., Walfish, M., Nicolosi, A., Mazières, D., Miller, M., Seehra, A.: Verifying and enforcing network paths with icing. In: Proceedings of the Seventh COnference on Emerging Networking EXperiments and Technologies. CoNEXT 2011. Association for Computing Machinery, New York (2011). https://doi.org/10.1145/2079296.2079326

  11. Sengupta, B., Li, Y., Bu, K., Deng, R.H.: Privacy-preserving network path validation. ACM Trans. Internet Technol. 20(1) (2020). https://doi.org/10.1145/3372046

  12. Wu, B., et al.: Enabling efficient source and path verification via probabilistic packet marking. In: 2018 IEEE/ACM 26th International Symposium on Quality of Service (IWQoS), pp. 1–10 (2018). https://doi.org/10.1109/IWQoS.2018.8624169

  13. Barrera, D., Chuat, L., Perrig, A., Reischuk, R.M., Szalachowski, P.: The scion internet architecture. Commun. ACM 60(6), 56–65 (2017). https://doi.org/10.1145/3085591

  14. Sasaki, T., Pappas, C., Lee, T., Hoefler, T., Perrig, A.: SDNSec: forwarding accountability for the SDN data plane. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN), pp. 1–10 (2016). https://doi.org/10.1109/ICCCN.2016.7568569

  15. Zhang, P., Wu, H., Zhang, D., Li, Q.: Verifying rule enforcement in software defined networks with REV. IEEE/ACM Trans. Netw. 28(2), 917–929 (2020). https://doi.org/10.1109/TNET.2020.2977006

    Article  Google Scholar 

  16. Li, Q., Zou, X., Huang, Q., Zheng, J., Lee, P.P.C.: Dynamic packet forwarding verification in SDN. IEEE Trans. Depend. Secure Comput. 16(6), 915–929 (2019). https://doi.org/10.1109/TDSC.2018.2810880

    Article  Google Scholar 

  17. Zhang, P., et al.: Network-wide forwarding anomaly detection and localization in software defined networks. IEEE/ACM Trans. Netw. 29(1), 332–345 (2021). https://doi.org/10.1109/TNET.2020.3033588

    Article  Google Scholar 

  18. Zhang, S., Cao, C., Tang, X.: Computing power network technology architecture based on SRv6. ZTE Technol. J. 28(1), 5 (2022)

    Google Scholar 

  19. Song, F., Li, L., You, I., Zhang, H.: Enabling heterogeneous deterministic networks with smart collaborative theory. IEEE Netw. 35(3), 64–71 (2021). https://doi.org/10.1109/MNET.011.2000613

    Article  Google Scholar 

Download references

Acknowledgements

This work was supported by the ZTE industry-university research cooperation fund project “Research on network identity trusted communication technology architecture”, the State Key Laboratory of Mobile Network and Mobile Multimedia Technology and the Fundamental Research Funds under Grant 2021JBZD204.

Author information

Authors and Affiliations

  1. National Engineering Research Center of Advanced Network Technologies, Bei**g Jiaotong University, Bei**g, China

    Junsan Zeng, Ying Liu & Weiting Zhang

  2. State Key Laboratory of Mobile Network and Mobile Multimedia Technology, Shenzhen, 518055, China

    **ncheng Yan, Na Zhou & Zhihong Jiang

  3. ZTE Corporation, Nan**g, 210012, China

    **ncheng Yan, Na Zhou & Zhihong Jiang

Authors
  1. Junsan Zeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ying Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Weiting Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. **ncheng Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Na Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhihong Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weiting Zhang .

Editor information

Editors and Affiliations

  1. Bei**g Jiaotong University, Bei**g, China

    Wei Quan

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zeng, J., Liu, Y., Zhang, W., Yan, X., Zhou, N., Jiang, Z. (2023). Hop-by-Hop Verification Mechanism of Packet Forwarding Path Oriented to Programmable Data Plane. In: Quan, W. (eds) Emerging Networking Architecture and Technologies. ICENAT 2022. Communications in Computer and Information Science, vol 1696. Springer, Singapore. https://doi.org/10.1007/978-981-19-9697-9_37

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-9697-9_37

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-9696-2

  • Online ISBN: 978-981-19-9697-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation