In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forwarding path results in applications communicating over undesired routes, while alternative paths with more desirable properties remain unusable. In this work, we present FABRID, a system that enables applications to forward traffic flexibly, potentially on multiple paths selected to comply with user-defined preferences, where information about forwarding devices is exposed and transparently attested by autonomous systems (ASes). The granularity of this information is chosen by each AS individually, protecting them from leaking sensitive network details, while the secrecy and authenticity of preferences embedded within the users' packets are protected through efficient cryptographic operations. We show the viability of FABRID by deploying it on a global SCION network test bed, and we demonstrate high throughput on commodity hardware.
翻译:在当前状态下,互联网无需为最终用户提供透明性和控制,关于在路径上的转发设备。特别是,缺乏网络设备信息会降低转发路径的可信度,防止需要特定路由器功能的最终用户应用程序发挥其全部潜力。此外,无法影响流量的转发路径会导致应用程序在不希望的路线上通信,而具有更理想特性的备选路径仍然无法使用。在这项工作中,我们提出了一个名为 FABRID 的系统,该系统使应用程序能够灵活转发流量,可能选择符合用户定义的偏好的多个路径,在此路径上,自治系统(ASes)公开和透明地确认有关转发设备的信息。该信息的粒度由每个自治系统单独选择,保护它们免受泄漏敏感网络细节,而嵌入在用户数据包中的首选项的保密性和真实性则通过高效的加密操作进行保护。我们在全球 SCION 网络测试平台上部署 FABRID,并展示了在商品硬件上的高吞吐量。