Skip to main content

SPINE: Surveillance Protection in the Network Elements

Author(s): Datta, Trisha; Feamster, Nick; Rexford, Jennifer; Wang, Liang

To refer to this page use:
Abstract: Internet Protocol (IP) addresses can reveal information about communicating Internet users and devices, even when the rest of the traffic between them is encrypted. At the same time, IP addresses serve as endpoints for network-layer communication and, as a result, are typically visible to the intermediate routers to allow them to forward traffic to its ultimate destination. Previous approaches to obfuscate the IP addresses of the sender and receiver commonly depend on either custom user software (e.g., Tor browser) or significant modifications to network hardware along the end-to-end path (which has proved to be a major roadblock). SPINE, on the other hand, conceals IP addresses and relevant TCP fields from intermediate—and potentially adversarial—autonomous systems (ASes) but requires only two participating ASes and no cooperation from end hosts. To demonstrate SPINE’s practicality, we have implemented it on commodity programmable switches using the P4 programming language. Our evaluation shows that SPINE can run at hardware rates on commodity switches, paving the way to real-world deployment.
Publication Date: 2019
Citation: Datta, Trisha, Nick Feamster, Jennifer Rexford, and Liang Wang. "SPINE: Surveillance Protection in the Network Elements." In 9th USENIX Workshop on Free and Open Communications on the Internet (2019).
Type of Material: Conference Article
Journal/Proceeding Title: 9th USENIX Workshop on Free and Open Communications on the Internet
Version: Final published version. This is an open access article.

Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.