Visible to the public P4NIS: Improving network immunity against eavesdropping with programmable data planes

TitleP4NIS: Improving network immunity against eavesdropping with programmable data planes
Publication TypeConference Paper
Year of Publication2020
AuthorsLiu, G., Quan, W., Cheng, N., Lu, N., Zhang, H., Shen, X.
Conference NameIEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)
Date PublishedJuly 2020
ISBN Number978-1-7281-8695-5
Keywordsbrute force attacks, brute-force attacks, computer network security, cryptography, diverse encryption algorithms, eavesdropping, eavesdropping attacks, encrypted packet transmission, Encryption, encryption-based countermeasures, Human Behavior, human factors, Internet, Internet protocol, IP, IP networks, network immunity, network paths, P4NIS, packet classification, performance evaluation, policy-based governance, programmable data planes, programming protocol-independent packet processor based network immune scheme, Protocols, pubcrawl, Servers, single network path, supercomputer computational capacity, telecommunication traffic, three lines of defense, traffic packets, transmission port field encryption, versatile attackers

Due to improving computational capacity of supercomputers, transmitting encrypted packets via one single network path is vulnerable to brute-force attacks. The versatile attackers secretly eavesdrop all the packets, classify packets into different streams, performs an exhaustive search for the decryption key, and extract sensitive personal information from the streams. However, new Internet Protocol (IP) brings great opportunities and challenges for preventing eavesdropping attacks. In this paper, we propose a Programming Protocol-independent Packet Processors (P4) based Network Immune Scheme (P4NIS) against the eavesdropping attacks. Specifically, P4NIS is equipped with three lines of defense to improve the network immunity. The first line is promiscuous forwarding by splitting all the traffic packets in different network paths disorderly. Complementally, the second line encrypts transmission port fields of the packets using diverse encryption algorithms. The encryption could distribute traffic packets from one stream into different streams, and disturb eavesdroppers to classify them correctly. Besides, P4NIS inherits the advantages from the existing encryption-based countermeasures which is the third line of defense. Using a paradigm of programmable data planes-P4, we implement P4NIS and evaluate its performances. Experimental results show that P4NIS can increase difficulties of eavesdropping significantly, and increase transmission throughput by 31.7% compared with state-of-the-art mechanisms.

Citation Keyliu_p4nis_2020