Programmable In-Network Obfuscation of Traffic [article]

Liang Wang, Hyojoon Kim, Prateek Mittal, Jennifer Rexford
<span title="2020-05-29">2020</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
Recent advances in programmable switch hardware offer a fresh opportunity to protect user privacy. This paper presents PINOT, a lightweight in-network anonymity solution that runs at line rate within the memory and processing constraints of hardware switches. PINOT encrypts a client's IPv4 address with an efficient encryption scheme to hide the address from downstream ASes and the destination server. PINOT is readily deployable, requiring no end-user software or cooperation from networks other
more &raquo; ... han the trusted network where it runs. We implement a PINOT prototype on the Barefoot Tofino switch, deploy PINOT in a campus network, and present results on protecting user identity against public DNS, NTP, and WireGuard VPN services.
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="">arXiv:2006.00097v1</a> <a target="_blank" rel="external noopener" href="">fatcat:qh4vrnzaejd3pozgw4jjt7pqtu</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="" title=" access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> </button> </a>