SNAPP: Stateless Network-Authenticated Path Pinning

Bryan Parno, Adrian Perrig, and David Andersen

Abstract

This paper examines a new building block for next-generation networks: SNAPP, or Stateless Network-Authenticated Path Pinning. SNAPP-enabled routers securely embed their routing decisions in the packet headers of a stream of traffic, effectively pinning a flow's path between sender and receiver. A sender can use the pinned path (even if routes subsequently change) by including the path embedding in later packet headers. This architectural building block decouples routing from forwarding, which greatly enhances the availability of a path in the face of routing misconfigurations or malicious attacks. To demonstrate the extreme flexibility of SNAPP, we show how it can support a wide range of applications, including sender-controlled paths, expensive route lookups, sender anonymity, and sender accountability. Our analysis shows that SNAPP's overhead is low, and the system is easily implemented in hardware. We believe that SNAPP is a worthy addition to the network architect's toolbox, enabling a variety of new designs and trade-offs.

Details

Publication typeInproceedings
Published inProceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS)
PublisherAssociation for Computing Machinery, Inc.
> Publications > SNAPP: Stateless Network-Authenticated Path Pinning