SIXPACK: Securing Internet eXchange Points Against Curious onlooKers

We leverage state-of-the-art accomplishments in Secure MultiParty Computation (SMPC) to design the first IXP route server service for efficiently ranking, selecting, and dispatching BGP routes based on the IXP members' expressive routing policies and IXP performance-related information without leaking any confidential business peering information.

View on BitBucket » Read our paper » Check our privacy survey » Read our short paper » Read our technical report » Reproduce our results »

Problem: Improving Internet Routing without disclosing private information

Internet eXchange Points (IXPs) are physical networks where member organizations connect to exchange traffic.

Routing information exchanged via BGP sessions among members.

Route Servers (RSes) at IXPs ease BGP route-dispatch.

Members that use RSes must disclose their confidential route-export policies to the IXP.

Export-policy: what BGP routes a member is willing to announce to other members.

Privacy concerns deter some networks from subscribing to RS services.

How can a member leverage the functionalities of a centralized RS without disclosing its export policies?

Can we add further information (e.g., port utilization) into the BGP dispatch operation at the RS to improve Internet Routing?

Solution: SIXPACK!

A privacy-preserving advanced route dispatching service.

Based on provable security guarantees and recent developments in Secure Multi-Party Computation (SMPC).

Two non-colluding entities perform SMPC computation in order to dispatch the BGP routes to participants.

The best route of each member is computed based on:

Example - Exporting a route

Member A wants to announce a route R to member B.

Route R is encrypted with key K and sent to each member.

The export policy of A is secret-shared between RS1 and RS2 as an input to the SMPC.

SMPC is responsible for dispatching K only to member B.

Neither RS1 nor RS2 learns anything about the export policy of member A.

SIXPACK mechanism

Practically good SMPC performance

Emulate large IXP with 750 members.

1 Gbps link connection between the two parties.

ABY framework based on the GMW protocol.

The setup phase is independent of the actual inputs and can be precomputed.

SIXPACK comprises two efficient route dispatching functions:

Approach Routes Setup[ms] Online[ms]
Export-All 1 1.7 0.6
Select-Best 2 16.5 4.2
3 19.8 5.3
7 34.6 10.3
15 63.7 19.3
31 122.4 35.9

Prototype evaluation

Based on a real-world trace of BGP updates from one of the largest IXPs worldwide.

More than 600 members, 10.62 BGP route announcements/withdrawals per second.

SIXPACK prototype in Python.

Bandwidth requirement RS1 RS2 below 11Mbps.

Slightly larger runtimes for the Select-Best approach.

SIXPACK performance

About us

Marco Chiesa (KTH Royal Institute of Technology, Université catholique de Louvain)

Daniel Demmler (Technische Universität Darmstadt)

Marco Canini (Université catholique de Louvain)

Michael Schapira (Hebrew University of Jerusalem)

Thomas Schneider (Technische Universität Darmstadt)