Abstract
With the evolution of Internet infrastructure and network services, multilayer in-band network telemetry (ML-INT) and data analytics (DA) have been considered as key enabling techniques to realize real-time and fine-grained network monitoring, especially for backbone IP-over-Optical networks. However, the existing ML-INT&DA systems have privacy and security issues, because plaintext ML-INT data is reported from the data plane and gets analyzed in the control plane. In this work, we address these issues by designing a privacy-preserving ML-INT&DA system for IP-over-Optical networks. We first leverage vector homomorphic encryption (VHE) to design a lightweight encryption scheme, which overcomes the security breaches due to eavesdropping and preserves the delicate correlations buried in multi-dimensional ML-INT data. Then, we develop an effective data compression scheme to further encode the encrypted ML-INT data and make the results suitable for hash-based signature. The signature is for data certification and enables the DA in the control plane to verify the integrity of received ML-INT data. Hence, the threats from data tampering are removed. Next, we architect a deep learning (DL) model that can directly operate on encrypted ML-INT data for anomaly detection. Finally, we implement the proposed ML-INT&DA system, and experimentally demonstrate its effectiveness in a real IP over elastic optical network (IP-over-EON) testbed, whose key elements, i.e., optical line system (OLS), bandwidth-variable wavelength-selective switches (BV-WSS’) and programmable data plane (PDP) switches, are all commercial products.
PDF Article
More Like This
Cited By
You do not have subscription access to this journal. Cited by links are available to subscribers only. You may subscribe either as an Optica member, or as an authorized user of your institution.
Contact your librarian or system administrator
or
Login to access Optica Member Subscription
Add to BibSonomy