SINT: Toward a Blockchain-Based Secure In-Band Network Telemetry Architecture

Abstract

The foundation of network management is to timely, accurately, and flexibly monitor the status of a managed network. Recently, In-band Network Telemetry (INT) has presented its unique capabilities in acquiring the insights of a network and thus has been adopted in many production networks. However, less attention was put on the potential threats on INT (e.g., the man-in-the-middle attacks, Trojan horse injection) that may falsify network measurements resulting in catastrophic consequences. In this paper, we propose a secure INT architecture called <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">SINT</i> that can effectively mitigate INT vulnerabilities and can be implemented using ’chiplet’ based multi-modal network processors (MNP). SINT adopts blockchain technology into INT, in which a network status snapshot acquired via INT is viewed as a block and added into a network telemetry blockchain to prevent arbitrary access and malicious modification. To minimize the intrusiveness of the INT and blockchain operations, SINT is designed to be a lightweight protocol and uses improved RAFT consensus mechanisms to reduce its network and computing overhead. The design of the chiplet MNP system makes SINT highly flexible and adaptive to facilitate INT convergence and related blockchain updates. In the SINT architecture, INT tasks and blockchain operations are dispatched to different chips to achieve an optimal trade-off among measurement accuracy, security requirements, and computing resource on the data plane. Experiments and simulations show that SINT can alleviate most cyberattacks on INT and retain 97% of bandwidth utilization for other users’ normal traffic in a complex scenario with 500 nodes. Furthermore, SINT converges the INT results quickly and accurately with minor overhead compared to that of the state-of-art INT methods.