NetHide: Secure and Practical
Network Topology Obfuscation

NetHide obfuscates network topologies in order to mitigate Link-Flooding Attacks (LFAs) while preserving the practicality of path tracing tools. The key idea behind NetHide is to formulate network obfuscation as a multi-objective optimization problem that allows for a flexible tradeoff between security (encoded as hard constraints) and usability (encoded as soft constraints). While solving this problem exactly is hard, we show that NetHide can obfuscate topologies at scale by only considering a subset of the candidate solutions and without reducing obfuscation quality. In practice, NetHide obfuscates the topology by intercepting and modifying path tracing probes directly in the data plane. We show that this process can be done at line-rate, in a stateless fashion, by leveraging the latest generation of programmable network devices.

We fully implemented NetHide and evaluated it on realistic topologies. Our results show that NetHide is able to obfuscate large topologies (> 150 nodes) while preserving near-perfect debugging capabilities. In particular, we show that operators can still precisely trace back >90% of link failures despite obfuscation.

Read the paper

Overview

NetHide operates in two steps: First, it computes a secure and usable virtual topology; and second, it deploys the obfuscated topology in the physical network.

NetHide overview
Topology obfuscation

NetHide produces an obfuscated virtual topology which: (i) prevents the attacker(s) from determining a set of flows to congest any link; while (ii) still allowing non-malicious users to perform network diagnosis. A key insight behind NetHide is to formulate this task as a multi-objective optimization problem that allows for a flexible tradeoff between security and usability of the virtual topology.

NetHide pre-computes a random set of secure candidate solutions and, computes the usefulness of each of them and selects the one with maximal usefulness.

Topology deployment

NetHide obfuscates the topology at runtime by modifying tracing packets (e.g. packets sent by traceroute).

NetHide intercepts and processes such packets without impact on the network performance, directly in the data plane, by leveraging programmable network devices. Specifically, NetHide intercepts and possibly alters tracing packets at the edge of the network before sending them to the pretended destination in the physical network. That way, NetHide ensures that tracing packets traverse the corresponding physical links, and preserves the utility of traceroute-like tools.

Publications

NetHide Paper

NetHide: Secure and Practical Network Topology Obfuscation

Roland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, Martin Vechev

USENIX Security 2018. Baltimore, MD, USA (August 2018).

Presentations

NetHide

NetHide: Secure and Practical Network Topology Obfuscation

Roland Meier

USENIX Security 2018. Baltimore, MD, USA (August 2018).

People

Roland Meier

ETH Zürich

Petar Tsankov

ETH Zürich

Vincent Lenders

armasuisse

Laurent Vanbever

ETH Zürich

Martin Vechev

ETH Zürich