1

A Cryptographic Approach to Safe Inter-domain Traffic

EngineeringSridhar Machiraju

SAHARA Retreat, Summer 2004

2

Outline

• Motivation• Defining the Problem• Proposed Solution• Random Noise• Discussion and Conclusions

3

Motivation

• In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

4

In reality,

AS1AS2

AS3

Peering linksInternal links

5

In BGP,

AS1AS2

AS3

Peering linksInternal links

6

Motivation

• Why? – Scalability– Confidentiality of intra-domain information,

e.g., link quality, routing, flow info, policies etc.

• Why is this bad? Traffic engineering by one AS can send flows over “bad” paths in neighboring ASs

• In BGP, Autonomous Systems (ASs) are abstracted as a node in a graph

7

Outline

• Motivation• Defining the Problem• Proposed Solution• Random Noise• Discussion and Conclusions

8

High-level Problem Statement

A

Sourceof flow F

In A, this path has most available bandwidth

B

9

High-level Problem Statement

BA

Sourceof flow F

Destinationof flow F

In A, this path has most available bandwidthpath with best end-to-end available bandwidth

10

High-level Problem Statement

• Design a technique so that neighboring domains conduct traffic engineering cooperatively in a scalable fashion without having to reveal confidential intra-domain information?

BA

Sourceof flow F

Destinationof flow F

In A, this path has most available bandwidthpath with best end-to-end available bandwidth

11

Formalizing the Problem

• Consider traffic from A to B that can exit one of P peering points

BWxki

ikik ,

iik Txk

Confidentialinformation

• Two kinds of constraints (of A and B) – – Given demand Ti, find amount of traffic, xik

of flow Fi to transit peering point k – For every “bottleneck” link, , all traffic

traversing it must not exceed avail b/w

12

A Linear Programming Problem…

• Constraints:

B

A

B

A

W

WX

V

V

Constraints in AS A (private to A)

Constraints in AS B(private to B)

amount of eachflow exchangedat peering points

• Objective: maximize/minimize CTX:– (minimize) maximum link utilization– (maximize) total traffic exchanged– (minimize) average/maximum path inflation

13

Outline

• Motivation• Defining the Problem• Proposed Solution• Random Noise• Discussion and Conclusions

14

Overview of Solution

WVXXCT when , Maximize

• Sub-matrices of V,W are private to A, B• A and B transform the above into:

• Solve LP1’ and X=QX’• V’, W’, X’, X, C’, C do not reveal any

information about private information of A and B to each other (almost)

')())((''

s.t. ))(('' Maximize1

1

WPWXQPVQXV

XQQCXC TT

LP1

LP1’

15

Transforming the LP problem

• A sends encrypted sub-matrix, E(VA) and E(WA) to B

• B chooses random invertible P and Q• B sends E(V’)=PE(V)Q and E(W’)=PE(W)

– requires addition of encrypted values and multiplication by known scalars (VB, WB)

– These can be performed by homomorphic encryption schemes, e.g., Paillier’s

• A decrypts E(V’) and E(W’) to obtain LP1’

16

The Final Solution

A

B

E(VA),

E(WA)

B

A

E(V’)=PE(V)Q E(W’)=PE(W)

Solve V’X’<W’ for X’

Send X=QX’

E() represents encryption by A

17

Outline

• Motivation• Defining the Problem• Proposed Solution• Random Noise• Discussion and Conclusions

18

Small random noise is OK

• LP1’ does not leak any information about VB, WB only if V has full rank

• So, add small random noise to matrix entries – this can be done by homomorphic

encryptions

• How does this affect the LP problem?– Constraints may not be violated by small

noise – Objective function may be affected, though

19

Effect of random noise(1)

0

10

20

30

40

50

1 100 10000 1000000 100000000

Inverse of Noise

Opt

imal

Obj

ectiv

e Fu

nctio

n V

alue

With Random Noise Without Noise

• 10 constraints; objective – maximize flow

20

Effect of random noise(2)

-2.5

-2

-1.5

-1

-0.5

0

1 100 10000 1000000 100000000

Inverse of Noise

Opt

imal

Obj

ectiv

e Fu

nctio

n V

alue

With Random Noise Without Noise

• Objective – maximize (–1*path inflation)• About 2-3% unsolvable problems too!

21

Outline

• Motivation• Defining the Problem• Proposed Solution• Discussion and Conclusions• Random Noise

22

Discussion

• Scalability– LP problem transformation is quadratic in

terms of number of cryptographic operations – But, traffic engineering not frequent (hourly)

• Threat model– ASs are assumed to be rational, i.e., do not

inject wrong inputs

• Future work: Experiment with real topologies and quantify time complexity

23

Conclusions

• Inter-domain routing could benefit a lot from cooperation which is hindered by confidentiality requirements

• We demonstrate this for the case of safe traffic engineering

• Other cases of inter-domain cooperation – policy safety, resource allocation and intrusion detection: – checking global invariants– computing global functions