Abstract
Software-defined networking (SDN), network functions virtualization (NFV) and network virtualization (NV) build a mini-cosmos inside data centers, cloud providers, and enterprises.
The network virtualization allows new on-demand management capabilities, in this work we demonstrate such a service, namely, on-demand efficient monitoring or anonymity. The proposed service is based on network virtualization of expanders or sparsifiers over the physical network. The defined virtual (or overlay) communication graphs coupled with a multi-hop extension of Valiant randomization based routing lets us monitor the entire traffic in the network, with a very few monitoring nodes.
In particular, we show that using overlay network with expansion properties and Valiant randomized load balancing it is enough to place O(m) monitor nodes when the length of the overlay path (number of intermediate nodes chosen by Valiant’s routing procedure) is O(n/m).
We propose two randomized routing methods to implement policies for sending messages, and we show that they facilitate efficient monitoring of the entire traffic, such that the traffic is distributed uniformly in the network, and each monitor has an equiprobable view of the network flow. In terms of complex networks, our result can be interpreted as a way to enforce the same betweenness centrality to all nodes in the network.
Additionally, we show that our results are useful in employing anonymity services. Thus, we propose monitoring or anonymity services, which can be deployed and shut down on-demand. Our work is the first, as far as we know, to bring such on-demand infrastructure structuring using the cloud NV capability to existing monitoring or anonymity networks. We propose methods that theoretically improve services provided by existing anonymity networks, and optimize the degree of anonymity, in addition to providing robustness and reliability to system usage and security.
At last, we believe, that our constructions of overlay expanders and sparsifiers weighted network, that use several random walk trees, are of independent interest.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We thank Noga Alon for drawing our attention to this observation.
References
Alon, N., Avin, C., Koucky, M., Kozma, G., Lotker, Z., Tuttle, M.R.: Many random walks are faster than one. In: Proceedings of the Twentieth Annual Symposium on Parallelism in Algorithms and Architectures, SPAA 2008, NY, USA, pp. 119–128. ACM, New York (2008)
Alon, N., Spencer, J.H.: The Probabilistic Method. Wiley, New York (2004)
Altshuler, Y., Dolev, S., Elovici, Y.: TTLed random walks for collaborative monitoring in mobile and social networks. In: Thai, M.T., Pardalos, P.M. (eds.) Handbook of Optimization in Complex Networks. Springer Optimization and Its Applications, vol. 57, pp. 507–538. Springer, New York (2012)
Beimel, D.: Buses for anonymous message delivery. J. Cryptology 16(1), 25–39 (2002)
Borgatti, S.P.: Centrality and network flow. Soc. Netw. 27(1), 55–71 (2005)
Boubendir, A., Bertin, E., Simoni, N.: NaaS architecture through SDN-enabled NFV: network openness towards web communication service providers. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 722–726 (2016)
Boubendir, A., Bertin, E., Simoni, N.: On-demand dynamic network service deployment over NaaS architecture. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 1023–1024. IEEE (2016)
Broder, A.: Generating random spanning trees. In: 30th Annual Symposium on Foundations of Computer Science 1989, pp. 442–447. IEEE (1989)
Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptology 1, 65–75 (1988)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)
Chung, F.: Spectral Graph Theory. Series in Mathematics, vol. 92. American Mathematical Society, Washington, DC (1996)
Danezis, G.: Mix-networks with restricted routes. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 1–17. Springer, Heidelberg (2003). doi:10.1007/978-3-540-40956-4_1
DĂaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 54–68. Springer, Heidelberg (2003). doi:10.1007/3-540-36467-6_5
Diaz, C., Murdoch, S.J., Troncoso, C.: Impact of network topology on anonymity and overhead in low-latency anonymity networks. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 184–201. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14527-8_11
Dolev, S., Elovici, Y., Puzis, R.: Routing betweenness centrality. J. ACM 57(4), 25:1–25:27 (2010)
Dolev, S., Khankin, D.: Monitorability bounds via expander, sparsifier and random walks. The interplay between on-demand monitoring and anonymity arXiv:1612.02569 [cs] (2016)
Dolev, S., Ostrobsky, R.: Xor-trees for efficient anonymous multicast and reception. ACM Trans. Inf. Syst. Secur. 3(2), 63–84 (2000)
Dolev, S., Tzachar, N.: Spanders: distributed spanning expanders. In: Proceedings of the 2010 ACM Symposium on Applied Computing, SAC 2010, NY, USA, pp. 1309–1314. ACM, New York (2010)
Dubhashi, D., Ranjan, D.: Balls and bins: a study in negative dependence. Random Struct. Algorithms 13(2), 99–124 (1998)
Erdin, E., Zachor, C., Gunes, M.H.: How to find hidden users: a survey of attacks on anonymity networks. IEEE Commun. Surv. Tutorials 17(4), 2296–2316 (2015)
Freeman, L.C.: A set of measures of centrality based on betweenness. Sociometry 40(1), 35–41 (1977)
Freeman, L.C., Borgatti, S.P., White, D.R.: Centrality in valued graphs: a measure of betweenness based on network flow. Soc. Netw. 13(2), 141–154 (1991)
Fundation, O.N: Software-defined networking: the new norm for networks. ONF White Paper (2012)
Fung, W.S., Hariharan, R., Harvey, N.J., Panigrahi, D.: A general framework for graph sparsification. In: Proceedings of the Forty-third Annual ACM Symposium on Theory of Computing, STOC 2011, NY, USA, pp. 71–80. ACM, New York (2011)
Goh, K.I., Kahng, B., Kim, D.: Universal behavior of load distribution in scale-free networks. Phys. Rev. Lett. 87(27 Pt 1), 278701 (2001)
Goldreich, O.: Basic facts about expander graphs. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 451–464. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22670-0_30
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 137–150. Springer, Heidelberg (1996). doi:10.1007/3-540-61996-8_37
Goyal, N., Rademacher, L., Vempala, S.: Expanders via random spanning trees. In: Proceedings of the Twentieth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2009, pp. 576–585. Society for Industrial and Applied Mathematics, Philadelphia, PA, USA (2009)
Hermoni, O., Gilboa, N., Felstaine, E., Dolev, S.: Rendezvous tunnel for anonymous publishing. Peer-to-Peer Networking Appl. 8(3), 352–366 (2014)
Hoory, S., Linial, N., Wigderson, A.: Expander graphs and their applications. Bull. Am. Math. Soc. 43(4), 439–561 (2006)
Motiwala, M., Elmore, M., Feamster, N., Vempala, S.: Path splicing. In: Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication, SIGCOMM 2008, NY, USA, pp. 27–38. ACM, New York (2008)
Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity — a proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001). doi:10.1007/3-540-44702-4_1
Rao, S.K.: SDN and its use-cases-NV and NFV. Network 2, H6 (2014)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003). doi:10.1007/3-540-36467-6_4
Snell, J.L.: Topics in Contemporary Probability and Its Applications. CRC Press, Boca Raton (1995)
Troncoso, C., Danezis, G.: The bayesian traffic analysis of mix networks. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, NY, USA, pp. 369–379. ACM, New York (2009)
Valiant, L.G.: A scheme for fast parallel communication. SIAM J. Comput. 11(2), 350–361 (1982)
Wright, M.K., Adler, M., Levine, B.N., Shields, C.: The predecessor attack: an analysis of a threat to anonymous communications systems. ACM Trans. Inf. Syst. Secur. 7(4), 489–522 (2004)
Acknowledgment
The research was partially supported by the Rita Altura Trust Chair in Computer Sciences; The Lynne and William Frankel Center for Computer Science; the grant of the Ministry of Science, Technology and Space, Israel, and the National Science Council (NSC) of Taiwan; the Ministry of Foreign Affairs, Italy; the Ministry of Science, Technology and Space, Infrastructure Research in the Field of Advanced Computing and Cyber Security; and the Israel National Cyber Bureau. We thank Noga Alon for the elaborate discussion and valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Dolev, S., Khankin, D. (2017). Monitorability Bounds via Expander, Sparsifier and Random Walks. In: El Abbadi, A., Garbinato, B. (eds) Networked Systems. NETYS 2017. Lecture Notes in Computer Science(), vol 10299. Springer, Cham. https://doi.org/10.1007/978-3-319-59647-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-59647-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59646-4
Online ISBN: 978-3-319-59647-1
eBook Packages: Computer ScienceComputer Science (R0)