High-Speed Inter-Domain Fault Localization

• Published in: 2016 IEEE Symposium on Security and Privacy (SP) pp. 859 - 877
• Main Authors: Basescu, Cristina, Yue-Hsun Lin, Haoming Zhang, Perrig, Adrian
• Format: Conference Proceeding Journal Article
• Language: English
• Published: IEEE 01.05.2016
• Subjects: Algorithms; Computer network reliability; data plane security; Delays; Fault location; Hardware; inter-domain communication; Internet; Localization; network reliability; Networks; Position (location); Privacy; Routers; Routing protocols; secure fault localization; Security
• ISSN: 2375-1207
• DOI: 10.1109/SP.2016.56

Data-plane fault localization enhances network availability and reliability by enabling localization and circumvention of malicious entities on a network path. Algorithms for data-plane fault localization exist for intra-domain settings, however, the per-flow or per-source state required at intermediate routers makes them prohibitively expensive in inter-domain settings. We present Faultprints, the first secure data-plane fault localization protocol that is practical for inter-domain settings. Faultprints enables a source to precisely localize malicious network links that drop, delay, or modify packets. We implemented an efficient version of Faultprints on a software router by taking advantage of the parallelism in the AES-NI module of Intel CPUs. Our evaluation on real-world traffic shows fast forwarding on a commodity server at 116.95 Gbps out of 120 Gbps capacity, and a goodput of 94 Gbps. Additionally, Faultprints achieves a high failure localization rate, while incurring a low communication overhead.