Preserving Privacy at IXPs

TitlePreserving Privacy at IXPs
Publication TypeConference Paper
Year of Publication2018
AuthorsHu, X., Gupta A., Feamster N., Panda A., & Shenker S.
Published inProceedings of the 2nd Asia-Pacific Workshop on Networking APNet '18
KeywordsBGP, IXP, Policy, privacy

Autonomous systems (ASes) on the Internet increasingly rely on Internet Exchange Points (IXPs) for peering. A single IXP may interconnect several 100s or 1000s of participants (ASes) all of which might peer with each other through BGP sessions. IXPs have addressed this scaling challenge through the use of route servers. However, route servers require participants to trust the IXP and reveal their policies, a drastic change from the accepted norm where all policies are kept private. In this paper we look at techniques to build route servers which provide the same functionality as existing route servers without requiring participants to reveal their policies thus preserving the status quo and enabling wider adoption of IXPs. Prior work has looked at secure multi-party computation (SMPC) as a means of implementing such route servers however this affects performance and reduces policy flexibility. In this paper we take a different tack and build on trusted execution environments (TEEs) such as Intel SGX to keep policies private and flexible. We present results from an initial route server implementation that runs under Intel SGX and show that our approach has 20× better performance than SMPC based approaches. Furthermore, we demonstrate that the additional privacy provided by our approach comes at minimal cost and our implementation is at worse 2.1× slower than a current route server implementation (and in some situations up to 2× faster).


We thank APNet reviewers for their helpful feedback. This work was funded in part by NSF-1420064, NSF-1704941, and Intel corporation. 

ICSI Research Group

Networking and Security