P4NIS: Improving network immunity against eavesdropping with programmable data planes

Liu, Gang; Quan, Wei; Cheng, Nan; Liu, Ning; Zhang, Hongke; Shen, Xuemin

doi:10.1109/infocomwkshps50562.2020.9162975

Cited by 12 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The studies in [118], [119] focus on privacy threat for IP addresses. Network immunity against eavesdropping has been considered in [120]. Mitigation of network covert channels have been investigated in [121].…”

Section: Other Security Applicationsmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on In-Network Computing: Programmable Data Plane and Technology Specific Applications

Kianpisheh

Taleb

2023

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

In comparison with cloud computing, edge computing offers processing at locations closer to end devices and reduces the user experienced latency. The new recent paradigm of innetwork computing employs programmable network elements to compute on the path and prior to traffic reaching the edge or cloud servers. It advances common edge/cloud server based computing through proposing line rate processing capabilities at closer locations to the end devices. This paper discusses use cases, enabler technologies and protocols for in-network computing. According to our study, considering programmable data plane as an enabler technology, potential in-network computing applications are in-network analytics, in-network caching, innetwork security, and in-network coordination. There are also technology specific applications of in-network computing in the scopes of cloud computing, edge computing, 5G/6G, and NFV. In this survey, the state of the art, in the framework of the proposed categorization, is reviewed. Furthermore, comparisons are provided in terms of a set of proposed criteria which assess the methods from the aspects of methodology, main results, as well as application-specific criteria. Finally, we discuss lessons learned and highlight some potential research directions.

show abstract

Section: Other Security Applicationsmentioning

confidence: 99%

“…Liu et al [120] present a method using programmable data planes to improve network immunity against eavesdropping. The proposed method consists of three defense lines.…”

Section: Other Security Applicationsmentioning

confidence: 99%

A Survey on In-Network Computing: Programmable Data Plane and Technology Specific Applications

Kianpisheh

Taleb

2023

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…e third line of defense adopts the existing encryption algorithm based on computational complexity. P4NIS (P4-based Network Immune Scheme) [59] is also proposed with a three-line defense solution to resist eavesdropping. Firstly, packets belonging to the same flow will be transmitted through different links.…”

Section: Information Hiding Nethidementioning

confidence: 99%

A Review of P4 Programmable Data Planes for Network Security

Gao

Wang

2021

Mobile Information Systems

View full text Add to dashboard Cite

Network attacks show a trend of increased attack intensity, enhanced diversity, and more concealed attack methods, which put forward higher requirements for the performance of network security equipment. Unlike the SDN (software defined network) switch with a fixed-function data plane, switches with programmable data planes can help users realize more network protocols. Programming Protocol-independent Packet Processors (P4) is proposed to define the operations of the data plane and to implement user’s applications, e.g., data center networks, security, or 5G. This paper provides a review of research papers on solving network security problems with P4-based programmable data plane. The work can be organized into two parts. In the first part, the programming language P4, P4 program, architectures, P4 compilers, P4 Runtime, and P4 target are introduced according to the workflow model. The advantages of P4-based programmable switching in solving network security are analyzed. In the second part, the existing network security research papers are divided into four parts according to the perspectives of passive defense, active defense, and combination of multiple technologies. The schemes in each category are compared, and the core ideas and limitations are clarified. In addition, a detailed comparison is made for the research on the performance of P4 targets. Finally, trends and challenges related to the P4-based programmable data plane are discussed.

show abstract

“…However, the implementation is limited as it only considers duplicate address detection. Finally, the authors of [12] propose a P4based network immune scheme against eavesdropping attacks. However, it is not applicable since the attackers can exploit the fixed forwarding as in [12].…”

Section: Security Solutions With P4mentioning

confidence: 99%

Mitigation of IPv6 Router Spoofing Attacks with P4

Mönnich

Bülbül

Ergenç

et al. 2021

Proceedings of the Symposium on Architectures for Networking and Communications Systems

View full text Add to dashboard Cite

The IPv6 protocol will sooner or later replace IPv4 to cope with an exponentially increasing number of connected devices. Some of the most significant functions of IPv6 networks are network discovery, maintenance, and routing mechanisms to promote auto-configuration of the network with less manual effort. Network Discovery Protocol (NDP) is an important protocol in IPv6 to identify the relationships between different neighboring devices in a network. However, it is also subject to spoofing and man-in-the-middle attacks. This paper implements an attack detection and mitigation strategy called Router Advertisement Guard (RA-Guard) in P4 to defend IPv6 networks against router spoofing attacks directly on the data plane. In contrast to very few proprietary RA-Guard implementations with limited details, we consider different scenarios to exploit IPv6 packet structure and publish our implementation open-source. The experiments show that our P4-based implementation can detect and mitigate spoofing attacks leveraging RA-Guard together with its control plane extensions. CCS CONCEPTS• Networks → Programmable networks; Network layer protocols; • Security and privacy → Security protocols.

show abstract

P4NIS: Improving network immunity against eavesdropping with programmable data planes

Cited by 12 publications

References 22 publications

A Survey on In-Network Computing: Programmable Data Plane and Technology Specific Applications

A Survey on In-Network Computing: Programmable Data Plane and Technology Specific Applications

A Review of P4 Programmable Data Planes for Network Security

Mitigation of IPv6 Router Spoofing Attacks with P4

Contact Info

Product

Resources

About