Light at the middle of the tunnel: Middleboxes for selective disclosure of network monitoring to distrusted parties

Abstract

Network monitoring is vital to the administration and operation of networks, but it requires privileged access that only highly trusted parties are granted. This severely limits opportunities for external parties, such as service or equipment providers, auditors, or even clients, to measure the health or operation of a network in which they are stakeholders, but do not have access to its internal structure. In this position paper we propose the use of middleboxes to open up network monitoring to external parties using techniques from privacy-preservation research. This would allow distrusted parties to make more inferences about the network state than currently possible, without learning any precise information about the network or data that crosses it. Thus the state of the network would be more transparent to external stakeholders, who would be empowered to verify claims made by network operators. Network operators would be able to provide more information about their network without compromising security or privacy.Engineering and Physical Sciences Research Council (Grant ID: EP/K034723/1 (“Networks as a Service”))This is the author accepted manuscript. The final version is available from the Association for Computing Machinery via http://dx.doi.org/10.1145/2940147.294015