FABRID: Flexible Attestation-Based Routing for Inter-Domain Networks


Cyrill Krähenbühl, Marc Wyss, and David Basin, ETH Zürich; Vincent Lenders, armasuisse; Adrian Perrig, ETH Zürich; Martin Strohmeier, armasuisse


In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forwarding path results in applications communicating over undesired routes, while alternative paths with more desirable properties remain unusable.

In this work, we present FABRID, a system that enables applications to forward traffic flexibly, potentially on multiple paths selected to comply with user-defined preferences, where information about forwarding devices is exposed and transparently attested by autonomous systems (ASes). The granularity of this information is chosen by each AS individually, protecting them from leaking sensitive network details, while the secrecy and authenticity of preferences embedded within the users' packets are protected through efficient cryptographic operations. We show the viability of FABRID by deploying it on a global SCION network test bed, and we demonstrate high throughput on commodity hardware.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {287109,
author = {Cyrill Kr{\"a}henb{\"u}hl and Marc Wyss and David Basin and Vincent Lenders and Adrian Perrig and Martin Strohmeier},
title = {{FABRID}: Flexible {Attestation-Based} Routing for {Inter-Domain} Networks},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {5755--5772},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/krahenbuhl},
publisher = {USENIX Association},
month = aug