FABRID: Flexible Attestation-Based Routing for Inter-Domain Networks

TL;DR

FABRID is a system that enhances inter-domain routing by providing transparent, attested device information and flexible path selection, empowering applications with greater control and trust in the forwarding process.

Contribution

It introduces a novel routing framework that combines attested device information with user-defined preferences, implemented and tested on a global SCION network test bed.

Findings

High throughput achieved on commodity hardware

Effective protection of network and user privacy

Feasibility demonstrated on a global test bed

Abstract

In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forwarding path results in applications communicating over undesired routes, while alternative paths with more desirable properties remain unusable. In this work, we present FABRID, a system that enables applications to forward traffic flexibly, potentially on multiple paths selected to comply with user-defined preferences, where information about forwarding devices is exposed and transparently attested by autonomous systems (ASes). The granularity of this information is chosen by each AS individually, protecting them from leaking sensitive network details, while the secrecy and authenticity of preferences embedded within the users' packets are protected through efficient cryptographic operations. We show the viability of FABRID by deploying it on a global SCION network test bed, and we demonstrate high throughput on commodity hardware.