SIXPACK: Securing Internet eXchange Points Against Curious onlooKers
We leverage state-of-the-art accomplishments in Secure MultiParty Computation (SMPC) to design the first IXP route server service for ranking, selecting, and dispatching BGP routes without leaking any confidential business peering information.
Problem: Disclosing routing policy at IXPs
Internet eXchange Points (IXPs) are physical networks where members connect to exchange traffic.
Routing information exchanged via BGP sessions among members.
Route Servers (RSes) at IXPs ease BGP route-dispatch.
Members that use RSes must disclose their confidential route-export policies to the IXP.
Export-policy: what BGP routes a member is willing to announce to other members.
Privacy concerns deter some networks from subscribing to RS services.
How can a member leverage the functionalities of a centralized RS without disclosing its export policies?
A privacy-preserving route dispatching service.
Based on provable security guarantees and recent developments in Secure Multi-Party Computation (SMPC).
Two non-colluding entities perform SMPC computation in order to dispatch the BGP routes to participants.
ALL: dispatch all exportable BGP routes.
SINGLE: dispatch the “best” exportable BGP route according to the RS ranking.
Example - ALL approach
Member A wants to announce a route R to member B.
Route R is encrypted with key K and sent to each member.
The export policy of A is secret-shared between RS1 and RS2 as an input to the SMPC.
SMPC is responsible for dispatching K only to member B.
Neither RS1 nor RS2 learns anything about the export policy of member A.
Practically good SMPC performance
Emulate large IXP with 750 members.
1 Gbps link connection between the two parties.
ABY framework based on the GMW protocol.
The setup phase is independent of the actual inputs and can be precomputed.
Based on a real-world trace of BGP updates from one of the largest IXPs worldwide.
More than 600 members, 10.62 BGP route announcements/withdrawals per second.
SIXPACK prototype in Python.
Bandwidth requirement RS1 RS2 below 11Mbps.
Slightly larger runtimes for the SINGLE approach.