Blind Packet Forwarding in a Hierarchical Level-based Locator/Identifier Split

Abstract

Network Address Confidentiality (NAC) classifies all network nodes as adversaries and limits access to the network packet addresses in cleartext exclusively to the communicating endpoints. In our model, an adversary can control a single network node as well as a part or all of the network nodes on the route of a packet. Moreover, an adversary can observe and exploit network packet addresses. NAC implies certain anonymity properties, namely sender/recipient and relationship unlinkabilities. In contrast to the existing approaches related to NAC and its unlinkability properties with regard to our strong adversary model, Blind Packet Forwarding (BPF) tackles this issue in a clean-slate manner by redesigning the packet forwarding and its associated services to blind ones transferring and processing packet addresses in end-to-end encrypted form. This paper proposes a BPF architecture combining two approaches being based on the Locator/Identifier Split principle for a future network architecture. This BPF design introduces a fine-grained, flexible and dynamic blindness providing multiple NAC and unlinkability levels classified into two blindness taxonomies. In the first taxonomy, the higher the masking rank being applied to an address, the bigger is the radius of network domains within which NAC applies to the address, beginning with the top-level network domain. By applying higher masking ranks in the second blindness taxonomy, an endpoint can mask its address within higher network domains in direction of the top-level network domain. This paper also adapts OpenFlow in order to achieve a BPF implementation which provides high performance and can thus support multiple real-time media communications each with a high sending rate.