Conference Paper

Minimum Disclosure Routing for network virtualization

KDDI R&D Labs. Inc., Fujimino, Japan
DOI: 10.1109/INFCOMW.2011.5928932 Conference: Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
Source: IEEE Xplore

ABSTRACT Although virtual collocation of Service Providers (SPs) on top of Infrastructure Providers (InPs) via network virtualization brings various benefits, we posit that operational confidentiality has not been considered in this network model. We extend and apply the Secure Multiparty Computation (SMC) protocol to solving Minimum Disclosure Routing (MDR), that is, enabling an SP to route packets without disclosing routing information to InPs. Our study reveals that MDR can be achieved securely with marginal latency overhead with regard to the convergence time in well-engineered routing algorithms. Our study sheds light on the path for network virtualization to be used to resolve the challenges for ISPs of today.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Network virtualization is a key technology that is necessary to support diverse protocol suites in the future Internet. A virtualized network uses a single physical infrastructure to support multiple logical networks. Each logical network can provide its users with a custom set of protocols and functionalities. Much research work has focused on developing infrastructure components that can provide some level of logical isolation between virtual networks. However, these systems often assume a somewhat cooperative environment where all network infrastructure providers, virtual network operators, and users collaborate. As this technology matures and becomes more widely deployed, it is also important to consider the effects of and possible defenses against malicious operators and users. In this paper, we explore these security issues in network virtualization. In particular, we systematically discuss the relationship between all entities and potential attacks to illustrate the importance of considering security issues in the design and implementation of virtualized networks. We also present several ideas on how to proceed toward the goal of secure network virtualization in the future Internet.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Network resource provisioning is an important technique for infrastructure providers (infra-providers) because it enables them to utilize their facilities with high efficiency. However, to fully satisfy user requests it is probably necessary to use facilities across multiple domains, for which the conventional resource provisioning methods are unsuitable for the multiple domains because they require unrevealed information from infra-providers. The competitive relationships among infra-providers make it difficult for them to reveal their information to the infra-providers. In this paper, we propose a framework and method for resource provisioning across multiple domains that uses infra-providers' confidential information without exposing it to other infra-providers. To preserve the confidentiality of the infra-providers' information, we propose a cooperative framework using multiparty computation (MPC). However, although MPC provides confidentiality it also brings about nearly intractable computational overhead. Therefore, we pick out values that are locally commutable in each domain and essential for resource provisioning. By using MPC only for these values, our proposed method achieves both tractable MPC overhead and good quality provisioning while preserving information secrecy. Evaluation results show that the computational overhead is tractable and that the average utility fee is at least on the same level as that of the conventional methods.
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013

Full-text (2 Sources)

Available from
May 21, 2014