SIXPACK: Securing Internet eXchange Points Against Curious onlooKers

We leverage state-of-the-art accomplishments in Secure MultiParty Computation (SMPC) to design the first IXP route server service for ranking, selecting, and dispatching BGP routes without leaking any confidential business peering information.

View on BitBucket » Read our short paper »

Problem: Disclosing routing policy at IXPs

Internet eXchange Points (IXPs) are physical networks where members connect to exchange traffic.

Routing information exchanged via BGP sessions among members.

Route Servers (RSes) at IXPs ease BGP route-dispatch.

Members that use RSes must disclose their confidential route-export policies to the IXP.

Export-policy: what BGP routes a member is willing to announce to other members.

Privacy concerns deter some networks from subscribing to RS services.

How can a member leverage the functionalities of a centralized RS without disclosing its export policies?

Solution: SIXPACK!

A privacy-preserving route dispatching service.

Based on provable security guarantees and recent developments in Secure Multi-Party Computation (SMPC).

Two non-colluding entities perform SMPC computation in order to dispatch the BGP routes to participants.

Two approaches:

ALL: dispatch all exportable BGP routes.

SINGLE: dispatch the “best” exportable BGP route according to the RS ranking.

Example - ALL approach

Member A wants to announce a route R to member B.

Route R is encrypted with key K and sent to each member.

The export policy of A is secret-shared between RS1 and RS2 as an input to the SMPC.

SMPC is responsible for dispatching K only to member B.

Neither RS1 nor RS2 learns anything about the export policy of member A.

SIXPACK mechanism

Practically good SMPC performance

Emulate large IXP with 750 members.

1 Gbps link connection between the two parties.

ABY framework based on the GMW protocol.

The setup phase is independent of the actual inputs and can be precomputed.

Approach Inputs Setup[ms] Online[ms]
ALL 2 1.7 0.6
SINGLE 2 41.7 1.6
4 42.2 3.3
16 54.8 9.2
32 66.0 19.1

Prototype evaluation

Based on a real-world trace of BGP updates from one of the largest IXPs worldwide.

More than 600 members, 10.62 BGP route announcements/withdrawals per second.

SIXPACK prototype in Python.

Bandwidth requirement RS1 RS2 below 11Mbps.

Slightly larger runtimes for the SINGLE approach.

SIXPACK performance

About us

Marco Chiesa (Université catholique de Louvain)

Daniel Demmler (Technische Universität Darmstadt)

Marco Canini (Université catholique de Louvain)

Michael Schapira (Hebrew University of Jerusalem)

Thomas Schneider (Technische Universität Darmstadt)