Seagull: Privacy preserving network verification system

TL;DR

This paper presents Seagull, a privacy-preserving system using multiparty computation to verify BGP configurations, ensuring correctness and security without exposing sensitive routing data, thus enhancing Internet routing reliability.

Contribution

Introduces a novel MPC-based framework for privacy-preserving BGP verification that scales efficiently across large networks.

Findings

Achieves strong privacy guarantees for BGP verification.

Demonstrates practical scalability in large network scenarios.

Ensures correctness and convergence of BGP configurations.

Abstract

The Internet relies on routing protocols to direct traffic efficiently across interconnected networks, with the Border Gateway Protocol (BGP) serving as the core mechanism managing routing between autonomous systems. However, BGP configurations are largely manual, making them susceptible to human errors that can lead to outages or security vulnerabilities. Verifying the correctness and convergence of BGP configurations is therefore essential for maintaining a stable and secure Internet. Yet, this verification process faces two key challenges: preserving the privacy of proprietary routing information and ensuring scalability across large, distributed networks. This paper introduces a privacy-preserving verification framework that leverages multiparty computation (MPC) to validate BGP configurations without exposing sensitive routing data. Our approach overcomes both privacy and scalability challenges by ensuring that no information beyond the verification outcome is revealed. Through formal analysis, we show that the proposed method achieves strong privacy guarantees and practical scalability, providing a secure and efficient foundation for verifying BGP-based routing in the Internet backbone.