Conference Paper

Minimum Disclosure Routing for network virtualization

KDDI R&D Labs. Inc., Fujimino, Japan
DOI: 10.1109/INFCOMW.2011.5928932 Conference: Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on
Source: IEEE Xplore


Although virtual collocation of Service Providers (SPs) on top of Infrastructure Providers (InPs) via network virtualization brings various benefits, we posit that operational confidentiality has not been considered in this network model. We extend and apply the Secure Multiparty Computation (SMC) protocol to solving Minimum Disclosure Routing (MDR), that is, enabling an SP to route packets without disclosing routing information to InPs. Our study reveals that MDR can be achieved securely with marginal latency overhead with regard to the convergence time in well-engineered routing algorithms. Our study sheds light on the path for network virtualization to be used to resolve the challenges for ISPs of today.

Download full-text


Available from: Masaki Fukushima, Feb 12, 2014
  • Source
    • "NI can also indulge in biased management practices by introducing hidden VN monitoring activities on the network traffic, thus violating user privacy and confidentiality . Reference [22] proposes a minimum disclosure routing technique to address the operational confidentiality of the hosted VN. In section V-B, we discuss one possible solution to address the data privacy and confidentiality issue when hosting virtual networks on third party network infrastructures. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Network virtualization is a key technology that is necessary to support diverse protocol suites in the future Internet. A virtualized network uses a single physical infrastructure to support multiple logical networks. Each logical network can provide its users with a custom set of protocols and functionalities. Much research work has focused on developing infrastructure components that can provide some level of logical isolation between virtual networks. However, these systems often assume a somewhat cooperative environment where all network infrastructure providers, virtual network operators, and users collaborate. As this technology matures and becomes more widely deployed, it is also important to consider the effects of and possible defenses against malicious operators and users. In this paper, we explore these security issues in network virtualization. In particular, we systematically discuss the relationship between all entities and potential attacks to illustrate the importance of considering security issues in the design and implementation of virtualized networks. We also present several ideas on how to proceed toward the goal of secure network virtualization in the future Internet.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Network resource provisioning is an important technique for infrastructure providers (infra-providers) because it enables them to utilize their facilities with high efficiency. However, to fully satisfy user requests it is probably necessary to use facilities across multiple domains, for which the conventional resource provisioning methods are unsuitable for the multiple domains because they require unrevealed information from infra-providers. The competitive relationships among infra-providers make it difficult for them to reveal their information to the infra-providers. In this paper, we propose a framework and method for resource provisioning across multiple domains that uses infra-providers' confidential information without exposing it to other infra-providers. To preserve the confidentiality of the infra-providers' information, we propose a cooperative framework using multiparty computation (MPC). However, although MPC provides confidentiality it also brings about nearly intractable computational overhead. Therefore, we pick out values that are locally commutable in each domain and essential for resource provisioning. By using MPC only for these values, our proposed method achieves both tractable MPC overhead and good quality provisioning while preserving information secrecy. Evaluation results show that the computational overhead is tractable and that the average utility fee is at least on the same level as that of the conventional methods.
    Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Horizontal IaaS federation exploits datacenter for federation of IaaS provider by supplying virtual nodes (e.g. virtual machines, virtual switches, and virtual routers) and virtual links. Today's datacenters for cloud computing do not supply full network virtualization in terms of user-level network management and user-agreed network topology. The datacenters lack the basic security services required for the collocation of tenants' virtual networks. The network virtualization research projects from academia and industry support full network virtualization but lack the basic security services required for the collocation of tenants' virtual networks. This paper investigates the security issues in four areas namely, (a) monolithic IaaS cloud, (b) network virtualization research projects, (c) datacenter network virtualization and (d) virtual resources to incorporate full network virtualization environment in horizontal IaaS federation. Further, it presents the security related qualitative comparisons of datacenters, network virtualization research projects and virtual resources to incorporate full network virtualization in horizontal IaaS federation.
    01/2013; 2(1):19. DOI:10.1186/2192-113X-2-19
Show more