Sultana et al. tackle the problem of remotely making measurements on a network over which the party conducting the reconnaissance has no control. Such scenarios are prevalent in cloud computing, where the subscriber to a cloud service has no visibility into the networking infrastructure hosted by the provider of the cloud service. Providers are reluctant to provide subscribers with visibility inside the network because this risks privacy breach, losing trade secrets to competitors, or aiding an adversary carrying out reconnaissance. Subscribers, on the other hand, would like such information so they can enforce service-level agreements (SLA) and increase their confidence in the provider.
Their approach to conducting such reconnaissance is to use network cryptometry, which they define as employing a third-party-owned middlebox deployed by the service provider and trusted by the subscriber. They require that the service provider, the subscriber, and the third-party-owned middlebox communicate over channels that preserve confidentiality and integrity. Using techniques that tag network traffic with additional data related to the type of query the subscriber wants (reachability, path length, and so on), they craft a system that uses middleboxes to answer these queries and log the answers in a privacy-preserving manner to a global audit log file. The subscribers can subsequently audit the global log file to police SLAs.
In my opinion, the system designed by Sultana et al. has the following drawbacks. One, it introduces middleboxes in networks where clients and servers are increasingly using opportunistic end-to-end encryption; upon encountering such an end-to-end encrypted stream, the middlebox may not be able to add the required tags. Second, there appears to be alternate standardized protocols like application-layer traffic optimization (ALTO) [1] that are designed exactly to expose the network state to applications (subscribers) in a privacy-preserving manner for the network providers (that is, the subscribers cannot glean the internals of the network). ALTO is used in data center networks, peer-to-peer networks, and enterprise networks.
Finally, the solution proposed by Sultana et al. will require capital expenditure to host these middleboxes. Leaving technical issues aside, business strategy dictates that because all parties (service provider, subscriber, middlebox vendor) benefit from such an arrangement, the cost is borne equivalently among them. Would subscribers be amenable to paying more money to independently verify the network telemetry of the provider? Or is the SLA itself enough?