Versions Compared

Old Version 1

changes.mady.by.user Lincoln Thurlow

Saved on

compared with

New Version 2

changes.mady.by.user Lincoln Thurlow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Use Case Name:

SABRES: Slice Selection, Path Validation, Post-Quantum Multi-Party Management

University of Southern California/Information Sciences Institute, Duality, Lumen

Use Case Description:Slice Selection: Enable performant and resource-efficient allocations
Path Validation: Ensure path/slice requirements without leaking topology
Multiparty Management: Encrypted Multiparty communication
Problem Statement and how is the problem solved:Slice Selection: It is a known NP-hard (1,2) problem to determine how to allocate resources in a network given a set of constraints.  This problem can also be tangentially related to the virtual machine migration problem.  Given the difficulty of the problem to quickly find a solution given potentially thousands of resources, each with a vector space of constraints, we apply our algorithm, published at ICCCN2023 iVNE-CBS, which adapts prior work in the Conflict Based Search space with a 2-tier optimization for tree splitting and pruning.  Current technologies being used in this space are OR-tools and minizinc.

Path Validation: In a multi-tenant environment that can potentially span multiple AS (Autonomous Systems), a mechanism to ensure and validate the path constraints, without leaking the path itself or the path metrics is required.  Network Topologies are often considered confidential to each entity, and therefore in peered networks, there is a necessity by an orchestrator to validate that each AS entity has conformed to the path requirements without sharing the path itself to other path members.  Our approach uses encryption with a Non-Interactive Zero Knowledge (NIZK) Proof to validate paths without leaking path information. This work is under submission to Infocom 2023.

Multiparty Management: In networks with slice spanning across AS, or more broadly, interconnected AS may want to communicate through means that are quantum-safe.  Additionally, each operator may want to operate over the data without requiring decryption of the data.  The computation of the data may be done unilaterally by a single operator, or require consensus among k of n operators.  The communications may transits through multiple domains by which Proxy Re-Encryption (PRE) is required. Our approach builds on prior work of Palisades, now OpenFHE library to solve the above problems.  This work is under submission to S&P 2024.

Users Stories

Slice Selection: A Network Operator has five POP locations across the United States, each POP connects in a full mesh, and each link has varying latency, bandwidth, jitter corresponding to each backhaul.  Each POP has 1000 Servers configured in a Clos Topology.  A  slice request comes in to span 3 POPs, one source, one sink, and one peered to a CDN.  The slice has latency and jitter networking requirements, and a 2 VNF requirements for 50 vcpu, and 1TB of memory.  Computing an optimal solution given the following constraints in a hyper-plane needs to be done within seconds in order to allow the rest of the slice pipeline (configuration, keying, validation) to ensure quick slice creation using the optimal number of resources.

Path Validation:  A slice has been computed and configured and spans across multiple authoritative domains (radio access network, transport network, and core network).  The slice orchestrator would like to ensure that the path, and the nodes along the path are secure and that slice traffic is not being diverted either outside the slice or being tampered with by a node which should not be in the slice.  The orchestrator sends a message to each node in the slice, each node sends a message to each neighbor, asking them to create and verify a proof.  Each proof, and corresponding validation is sent to the orchestrator who then computes a final proof to verify correct forwarding and determines which node is not correctly participating.

Multiparty Management:  (Quote): Alice wants to forward Charlie an encrypted video so that he can watch it. Alice is not able to decrypt and re-encrypt the video using Charlie’s public key, so she delegates the forwarding process to Bob.  She doesn’t completely trust Bob, but she wants him to forward her encrypted video, along with its encrypted decryption key, to Charlie. Delegating the secure forwarding process to Bob means that Alice does not have to decrypt and then re-encrypt the video in order for Charlie to securely receive a copy of it.

Demo Storyline (optional)


Interaction with other open source projects and components

Potential API consumers:

  • LFN ONAPLFN
  • LF ORAN-SC
  • ETSI OSM
  • ONF Aether

Links to existing documentation (Build Guide, Slideware, etc), if available (optional).


Links to existing demo/video, if available (optional).


Links to existing code/repos, if available (optional).

https://github.com/openfheorg/openfhe-development

These will be migrated and opened when published:
https://pulwar.isi.edu/sabres/cbs/cbs
https://gitlab.com/ops5g-sabres/nizk/nizkpathvalidation

...