Abstract

Network monitoring is vital to the administration and operation of networks, but it requires privileged access that only highly trusted parties are granted. This severely limits opportunities for external parties, such as service or equipment providers, auditors, or even clients, to measure the health or operation of a network in which they are stakeholders, but do not have access to its internal structure. In this position paper we propose the use of middleboxes to open up network monitoring to external parties using techniques from privacy-preservation research. This would allow distrusted parties to make more inferences about the network state than currently possible, without learning any precise information about the network or data that crosses it. Thus the state of the network would be more transparent to external stakeholders, who would be empowered to verify claims made by network operators. Network operators would be able to provide more information about their network without compromising security or privacy.

Paper: http://www.cl.cam.ac.uk/~ns441/files/hmb16.pdf