Journal of Computer Science and Technology ›› 2020, Vol. 35 ›› Issue (4): 863-874.doi: 10.1007/s11390-020-9247-5

Special Issue: Computer Networks and Distributed Computing

• Computer Networks and Distributed Computing • Previous Articles     Next Articles

Preserving Privacy of Software-Defined Networking Policies by Secure Multi-Party Computation

Maryam Zarezadeh1, Hamid Mala1,*, Homa Khajeh2        

  1. 1 Faculty of Computer Engineering, University of Isfahan, Isfahan 8174673441, Iran;
    2 Independent Researcher, Isfahan 8183913851, Iran
  • Received:2018-12-03 Revised:2020-05-02 Online:2020-07-20 Published:2020-07-20
  • Contact: Hamid Mala E-mail:h.mala@eng.ui.ac.ir
  • About author:Maryam Zarezadeh received her B.Sc. degree in information technology (IT) engineering from University of Isfahan, Isfahan, in 2010, and her M.Sc. degree in IT engineering (information security) from Shahed University, Tehran, in 2013. She is currently a Ph.D. student in IT engineering (information security) at University of Isfahan, Isfahan. Her research interests are security protocols, secure multiparty computation, and network security.

In software-defined networking (SDN), controllers are sinks of information such as network topology collected from switches. Organizations often like to protect their internal network topology and keep their network policies private. We borrow techniques from secure multi-party computation (SMC) to preserve the privacy of policies of SDN controllers about status of routers. On the other hand, the number of controllers is one of the most important concerns in scalability of SMC application in SDNs. To address this issue, we formulate an optimization problem to minimize the number of SDN controllers while considering their reliability in SMC operations. We use Non-Dominated Sorting Genetic Algorithm II (NSGA-II) to determine the optimal number of controllers, and simulate SMC for typical SDNs with this number of controllers. Simulation results show that applying the SMC technique to preserve the privacy of organization policies causes only a little delay in SDNs, which is completely justifiable by the privacy obtained.

Key words: software-defined networking (SDN); privacy; secure multi-party computation (SMC); structure function; multiobjective optimization;

[1] Nadeau T D, Gray K. SDN:Software Defined Networks:An Authoritative Review of Network Programmability Technologies (1st edition). O'Reilly Media, 2013.
[2] Feldmann A, Heyder P, Kreutzer M et al. NetCo:Reliable routing with unreliable routers. In Proc. the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop, June 2016, pp.128-135.
[3] McKeown N, Anderson T, Balakrishnan H et al. OpenFlow:Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74.
[4] Sezer S, Scott-Hayward S, Chouhan P K et al. Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 2013, 51(7):36-43.
[5] Cramer R, Damgård I, Nielsen J B. Secure Multiparty Computation and Secret Sharing (1st edition). Cambridge University Press, 2013.
[6] Yao A C. Protocols for secure computations. In Proc. the 23rd Annual Symposium on Foundations of Computer Science, November 1982, pp.160-164.
[7] Goldreich O, Micali S, Wigderson A. How to play any mental game or a completeness theorem for protocols with honest majority. In Proc. the 19th Annual ACM Symposium on Theory of Computing, January 1987, pp.218-229.
[8] Aven T, Jensen U. Stochastic Models in Reliability (2nd edition). Springer, 2013.
[9] Deb K, Pratap A, Agarwal S, Meyarivan T. A fast and elitist multiobjective genetic algorithm:NSGA-II. IEEE Transactions on Evolutionary Computation, 2002, 6(2):182-197.
[10] Rekhter Y, Li T. A border gateway protocol 4(BGP-4). https://www.rfc-editor.org/rfc/pdfrfc/rfc1771.txt.pdf, May 2020.
[11] Zhao M, Zhou W, Gurney A J, Haeberlen A, Sherr M, Loo B T. Private and verifiable interdomain routing decisions. IEEE/ACM Transactions on Networking, 2016, 24(2):1011-1024.
[12] Gupta D, Segal A, Panda A et al. A new approach to interdomain routing based on secure multi-party computation. In Proc. the 11th ACM Workshop on Hot Topics in Networks, October 2012, pp.37-42.
[13] Asharov G, Demmler D, Schapira M, Schneider T, Segev G, Shenker S, Zohner M. Privacy-preserving interdomain routing at Internet scale. Proceedings on Privacy Enhancing Technologies, 2017, 2017(3):147-167.
[14] Dethise A, Chiesa M, Canini M. Prelude:Ensuring interdomain loop-freedom in SDN-enabled networks. In Proc. the 2nd Asia-Pacific Workshop on Networking, August 2018, pp.50-56.
[15] Kukkala V B, Saini J S, Iyengar S. Secure multiparty computation of a social network. https://eprint.iacr.org/2015/817.pdf, May 2020.
[16] Boshrooyeh S T, Küpçü A, Özkasap Ö. Privado:Privacy-preserving group-based advertising using multiple independent social network providers. https://eprint.iacr.org/2019/372.pdf, May 2020.
[17] Demmler D, Schneider T, Zohner M. Ad-hoc secure twoparty computation on mobile devices using hardware tokens. In Proc. the 23rd USENIX Security Symposium, August 2014, pp.893-908.
[18] Oleshchuk V. Internet of Things and privacy preserving technologies. In Proc. the 1st International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology, May 2009, pp.336-340.
[19] von Maltitz M, Carle G. Leveraging secure multiparty computation in the Internet of Things. In Proc. the 16th Annual International Conference on Mobile Systems, Applications, and Services, June 2018, pp.508-510.
[20] Chiesa M, di Lallo R, Lospoto G, Mostafaei H, Rimondini M, di Battista G. PrIXP:Preserving the privacy of routing policies at Internet eXchange points. In Proc. the 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, May 2017, pp.435-441.
[21] Chiesa M, Demmler D, Canini M, Schapira M, Schneider T. SIXPACK:Securing internet exchange points against curious onlookers. In Proc. the 13th International Conference on Emerging Networking Experiments and Technologies, December 2017, pp.120-133.
[22] Cho C, El Defrawy K, Kim H T J, Lampkins J D. Privacy-preserving multi-client and cloud computation with application to secure navigation. U.S. Patent, 2019. http://www.freepatentsonline.com/20190042788.pdf, May 2020.
[23] Kreutz D, Ramos F M, Veríssimo P, Rothenberg C E, Azodolmolky S, Uhlig S. Software-defined networking:A comprehensive survey. Proceedings of the IEEE, 2015, 103(1):14-76.
[24] Hazay C, Lindell Y. Efficient Secure Two-Party Protocols:Techniques and Constructions. Springer-Verlag Berlin Heidelberg, 2010.
[25] Schneider T. Engineering Secure Two-Party Computation Protocols:Design, Optimization, and Applications of Efficient Secure Function Evaluation. Springer-Verlag Berlin Heidelberg, 2012.
[26] Shamir A. How to share a secret. Communications of the ACM, 1979, 22(11):612-613.
[27] Rabin M O. How to exchange secrets with oblivious transfer. https://eprint.iacr.org/2005/187.pdf, May 2020.
[28] Beaver D. Efficient multiparty protocols using circuit randomization. In Proc. the 11th Annual International Cryptology Conference, August 1991, pp.420-432.
[29] Coolen F P, Coolen-Maturi T. The structure function for system reliability as predictive (imprecise) probability. Reliability Engineering & System Safety, 2016, 154:180-187.
[30] Rausand M, Høyland A. System Reliability Theory:Models, Statistical Methods and Applications (2nd edition). Wiley-Interscience, 2003.
[31] Gertsbakh I, Shpungin Y. Network Reliability and Resilience. Springer, 2011.
[32] Konak A, Coit D W, Smith A E. Multi-objective optimization using genetic algorithms:A tutorial. Reliability Engineering & System Safety, 2006, 91(9):992-1007.
[33] Yusoff Y, Ngadiman M S, Zain A M. Overview of NSGAII for optimizing machining process parameters. Procedia Engineering, 2011, 15:3978-3983.
[34] Marichal J L. Structure functions and minimal path sets. IEEE Transactions on Reliability, 2016, 65(2):763-768.
[35] Goldreich O. Foundations of Cryptography:Volume 2, Basic Applications (1st edition). Cambridge University Press, 2009.
[36] Deb K. Multi-objective optimization using evolutionary algorithms (1st edition). Wiley, 2001.
[37] Heller B, Sherwood R, McKeown N. The controller placement problem. In Proc. the 1st Workshop on Hot Topics in Software Defined Networks, August 2012, pp.7-12.
[1] William Croft, Jörg-Rüdiger Sack, and Wei Shi. Differential Privacy via a Truncated and Normalized Laplace Mechanism [J]. Journal of Computer Science and Technology, 2022, 37(2): 369-388.
[2] Jian-Zhe Zhao, Xing-Wei Wang, Ke-Ming Mao, Chen-Xi Huang, Yu-Kai Su, and Yu-Chen Li. Correlated Differential Privacy of Multiparty Data Release in Machine Learning [J]. Journal of Computer Science and Technology, 2022, 37(1): 231-251.
[3] Paul Marillonnet, Maryline Laurent, Mikaël Ates. Personal Information Self-Management: A Survey of Technologies Supporting Administrative Services [J]. Journal of Computer Science and Technology, 2021, 36(3): 664-692.
[4] Lie-Huang Zhu, Bao-Kun Zheng, Meng Shen, Feng Gao, Hong-Yu Li, Ke-Xin Shi. Data Security and Privacy in Bitcoin System: A Survey [J]. Journal of Computer Science and Technology, 2020, 35(4): 843-862.
[5] Yubin Duan, Guo-Ju Gao, Ming-Jun Xiao, Jie Wu. Cloaking Region Based Passenger Privacy Protection in Ride-Hailing Systems [J]. Journal of Computer Science and Technology, 2020, 35(3): 629-646.
[6] Chong Wang, Nasro Min-Allah, Bei Guan, Yu-Qi Lin, Jing-Zheng Wu, Yong-Ji Wang. An Efficient Approach for Mitigating Covert Storage Channel Attacks in Virtual Machines by the Anti-Detection Criterion [J]. Journal of Computer Science and Technology, 2019, 34(6): 1351-1365.
[7] Naveen Kumar, Ashutosh Kumar Singh, Abdul Aleem, Shashank Srivastava. Security Attacks in Named Data Networking: A Review and Research Directions [J]. Journal of Computer Science and Technology, 2019, 34(6): 1319-1350.
[8] Xiang Chen, Dun Zhang, Zhan-Qi Cui, Qing Gu, Xiao-Lin Ju. DP-Share: Privacy-Preserving Software Defect Prediction Model Sharing Through Differential Privacy [J]. Journal of Computer Science and Technology, 2019, 34(5): 1020-1038.
[9] Zi-Peng Zhang, Ming Fu, Xin-Yu Feng. A Lightweight Dynamic Enforcement of Privacy Protection for Android [J]. Journal of Computer Science and Technology, 2019, 34(4): 901-923.
[10] Lei Cui, Youyang Qu, Mohammad Reza Nosouhi, Shui Yu, Jian-Wei Niu, Gang Xie. Improving Data Utility Through Game Theory in Personalized Differential Privacy [J]. Journal of Computer Science and Technology, 2019, 34(2): 272-286.
[11] Yifan Wu, Fan Yang, Yong Xu, Haibin Ling. Privacy-Protective-GAN for Privacy Preserving Face De-Identification [J]. Journal of Computer Science and Technology, 2019, 34(1): 47-60.
[12] Jianjun Zheng, Akbar Siami Namin. A Survey on the Moving Target Defense Strategies: An Architectural Perspective [J]. Journal of Computer Science and Technology, 2019, 34(1): 207-233.
[13] Rong Wang, Yan Zhu, Tung-Shou Chen, Chin-Chen Chang. Privacy-Preserving Algorithms for Multiple Sensitive Attributes Satisfying t-Closeness [J]. Journal of Computer Science and Technology, 2018, 33(6): 1231-1242.
[14] Rui Yuan, Yu-Bin Xia, Hai-Bo Chen, Bin-Yu Zang, Jan Xie. ShadowEth: Private Smart Contract on Public Blockchain [J]. , 2018, 33(3): 542-556.
[15] Bao-Kun Zheng, Lie-Huang Zhu, Meng Shen, Feng Gao, Chuan Zhang, Yan-Dong Li, Jing Yang. Scalable and Privacy-Preserving Data Sharing Based on Blockchain [J]. , 2018, 33(3): 557-567.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] Zhou Di;. A Recovery Technique for Distributed Communicating Process Systems[J]. , 1986, 1(2): 34 -43 .
[2] Chen Shihua;. On the Structure of Finite Automata of Which M Is an(Weak)Inverse with Delay τ[J]. , 1986, 1(2): 54 -59 .
[3] Chen Shihua;. On the Structure of (Weak) Inverses of an (Weakly) Invertible Finite Automaton[J]. , 1986, 1(3): 92 -100 .
[4] Gao Qingshi; Zhang Xiang; Yang Shufan; Chen Shuqing;. Vector Computer 757[J]. , 1986, 1(3): 1 -14 .
[5] Pan Qijing;. A Routing Algorithm with Candidate Shortest Path[J]. , 1986, 1(3): 33 -52 .
[6] Wang Jianchao; Wei Daozheng;. An Effective Test Generation Algorithm for Combinational Circuits[J]. , 1986, 1(4): 1 -16 .
[7] Chen Zhaoxiong; Gao Qingshi;. A Substitution Based Model for the Implementation of PROLOG——The Design and Implementation of LPROLOG[J]. , 1986, 1(4): 17 -26 .
[8] Huang Heyan;. A Parallel Implementation Model of HPARLOG[J]. , 1986, 1(4): 27 -38 .
[9] Zheng Guoliang; Li Hui;. The Design and Implementation of the Syntax-Directed Editor Generator(SEG)[J]. , 1986, 1(4): 39 -48 .
[10] Min Yinghua; Han Zhide;. A Built-in Test Pattern Generator[J]. , 1986, 1(4): 62 -74 .

ISSN 1000-9000(Print)

         1860-4749(Online)
CN 11-2296/TP

Home
Editorial Board
Author Guidelines
Subscription
Journal of Computer Science and Technology
Institute of Computing Technology, Chinese Academy of Sciences
P.O. Box 2704, Beijing 100190 P.R. China
Tel.:86-10-62610746
E-mail: jcst@ict.ac.cn
 
  Copyright ©2015 JCST, All Rights Reserved