Panda: Verifying and enforcing network paths

We describe a new networking primitive, called a Path Verification Mechanism (PVM). There has been much recent work about how senders and receivers express policies about the paths that their packets take. For instance, users may want to choose providers whom they trust to be discreet, or a receiver may want traffic destined to it to travel through an intrusion detection service. While the ability to express policies has been well-studied, the ability to enforce policies has not. The core challenge is: if we assume an adversarial, decentralized, and high-speed environment, then when a packet arrives at a node, how can the node be sure that the packet followed an approved path? Our solution, Panda, incorporates an optimized cryptographic construction that is compact, and requires negligible configuration state and no PKI. We demonstrate Panda’s plausibility with a NetFPGA hardware implementation. At 86% more costly than an IP router on the same platform, its cost is significant but affordable. Indeed, our evaluation suggests that Panda can scale to backbone speeds.