Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Light at the middle of the tunnel: middleboxes for selective disclosure of network monitoring to distrusted parties
Sultana N., Kohlweiss M., Moore A.  HotMiddlebox 2016 (Proceedings of the 2016 Workshop on Hot Topics in Middleboxes and Network Function Virtualization, Florianopolis, Brazil, Aug 22-26, 2016)1-6.2016.Type:Proceedings
Date Reviewed: Mar 30 2017

Sultana et al. tackle the problem of remotely making measurements on a network over which the party conducting the reconnaissance has no control. Such scenarios are prevalent in cloud computing, where the subscriber to a cloud service has no visibility into the networking infrastructure hosted by the provider of the cloud service. Providers are reluctant to provide subscribers with visibility inside the network because this risks privacy breach, losing trade secrets to competitors, or aiding an adversary carrying out reconnaissance. Subscribers, on the other hand, would like such information so they can enforce service-level agreements (SLA) and increase their confidence in the provider.

Their approach to conducting such reconnaissance is to use network cryptometry, which they define as employing a third-party-owned middlebox deployed by the service provider and trusted by the subscriber. They require that the service provider, the subscriber, and the third-party-owned middlebox communicate over channels that preserve confidentiality and integrity. Using techniques that tag network traffic with additional data related to the type of query the subscriber wants (reachability, path length, and so on), they craft a system that uses middleboxes to answer these queries and log the answers in a privacy-preserving manner to a global audit log file. The subscribers can subsequently audit the global log file to police SLAs.

In my opinion, the system designed by Sultana et al. has the following drawbacks. One, it introduces middleboxes in networks where clients and servers are increasingly using opportunistic end-to-end encryption; upon encountering such an end-to-end encrypted stream, the middlebox may not be able to add the required tags. Second, there appears to be alternate standardized protocols like application-layer traffic optimization (ALTO) [1] that are designed exactly to expose the network state to applications (subscribers) in a privacy-preserving manner for the network providers (that is, the subscribers cannot glean the internals of the network). ALTO is used in data center networks, peer-to-peer networks, and enterprise networks.

Finally, the solution proposed by Sultana et al. will require capital expenditure to host these middleboxes. Leaving technical issues aside, business strategy dictates that because all parties (service provider, subscriber, middlebox vendor) benefit from such an arrangement, the cost is borne equivalently among them. Would subscribers be amenable to paying more money to independently verify the network telemetry of the provider? Or is the SLA itself enough?
Reviewer:  Vijay Gurbani Review #: CR145156 (1706-0376)
1) Application-layer traffic optimization (ALTO). IETF Datatracker, https://datatracker.ietf.org/wg/alto/charter/ (11/06/2016).
Bookmark and Share
 
Network Monitoring (C.2.3 ... )
 
 
Cloud Computing (C.2.4 ... )
 
 
Protocol Architecture (C.2.2 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Network Monitoring": Date
Network monitoring explained: design and application
Chiu D., Sudama R., Ellis Horwood, Upper Saddle River, NJ, 1992. Type: Book (9780136147107)		 Jun 1 1993
The art of testing network systems
Robert W. J., John Wiley & Sons, Inc., New York, NY, 1996. Type: Book (9780471132233)		 Aug 1 1997
RMON
Perkins D., Prentice Hall PTR, Upper Saddle River, NJ, 1999. Type: Book (9780130961631)		 Oct 1 1999
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy