Sengupta, B., & Lakshminarayanan, A. (2022). SERVNET: Path Validation with Authenticated Packet Modification in Service Function Chains. ICC 2022 - IEEE International Conference on Communications. https://doi.org/10.1109/icc45855.2022.9839174
A sequence of composable network functions constitutes a service function chain (SFC). Network function virtualization and software-defined networking have made SFCs feasible. With SFCs, a fundamental security requirement is that traffic, directed to traverse a path of network functions, actually follows the specified path. Current path validation enables path enforcement and verification, with on-path nodes able to verify that packets have indeed traversed the specified path. However, there is a problem — on-path service nodes, that implement network functions, might modify packets, whereas current path validation techniques do not allow packet modification.
We propose SERVNET, a path validation scheme which supports authenticated packet modification. SERVNET uses a cryptographic primitive called chameleon hash function which allows packet modification without changing its associated hash value. To the best of our knowledge, SERVNET is the first work on path validation that allows authenticated packet modification by designated nodes.
This research / project is supported by the A*STAR - IAF-PP
Grant Reference no. : A20F8a0044