Route-aware channels

Route-aware channels combine multi-path communication and route monitoring.

Multi-path communication consists in dividing the data sent over a network across two or more paths, spreading at the source and sinking at the destination. This idea may provide data confidentiality even if the attacker can break cryptographic protocols like TLS. In the SafeCloud project, we developed a multi-path communication scheme called Machete that leverages multihoming (a gateway being connected to more than one Internet provider), application-layer routing (routing controlled by servers in several geolocations), and multi-path TCP (which allows dividing TCP flows over several network interfaces).

Route monitoring aims at detecting if traffic is being diverted using an attack designated as route hijacking. The problem is that there have been some recent cases in which traffic is diverted intentionally by exploiting vulnerabilities in which the BGP protocol operates. Such an attack can be used to eavesdrop on communication, something that we aim to prevent in SafeCloud. We are designing a service called Darshana that combines a set of passive and active monitoring mechanisms to detect such hijackings.

Premium is the up-to-date version of the multi-path communication and monitoring, that integrates Machete and Darshana.

Get it here

Premium GitHub page

See README for instructions.

Related publications

MACHETE: Multi-path Communication for Cloud Security

DARSHANA: Detecting Route Hijacking For Communication Confidentiality

D1.1 - Private communication middleware architecture

D1.2 - First version of the private communication middleware components

D1.3 - Final version of the private communication middleware