StealthPath: Privacy-preserving Path Validation in the Data Plane of Path-Aware Networks

Network path validation aims to give more control over the forwarding path of data packets in a path-aware network, which shields the network from security threats and allows end hosts to receive better services. Therefore, network path validation becomes a vital primitive for secure and reliable Internet services in the next generation networks. The path validation enables end hosts and intermediate router nodes to check whether a packet has followed the intended path. However, the existing solutions fail to protect path privacy and incur significant bandwidth and computation overhead on packet transferring, which degrades packet delivery performance. In this paper, we propose the StealthPath to protect path privacy and improve delivery efficiency. Firstly, StealthPath uses lightweight cryptographic primitives to generate nested proofs and ensures all nodes on the path to check the compliance of the forwarding path efficiently. Secondly, StealthPath hides the forwarding path in the proofs and reduces the proof size from linear to constant, which protects the path information and path length, and decreases the bandwidth consumption. Moreover, StealthPath allows on-path nodes to extract their proofs and the next hop address from proof without leaking on-path node index. Finally, StealthPath is proved to resist various attacks and preserves the path privacy. The experiments show that StealthPath saves nearly 60% header size and bandwidth, and is more efficient than state-of-the-art schemes.