Secure In-packet Bloom Filter Based Forwarding on a Reusable Network Hardware Design

Abstract

In-packet Bloom filters allow one to forward source-routed packets with minimal forwarding tables, the Bloom filter encoding the identities of the links the packet needs to be forwarded over. If the link identities are made content dependent, e.g. by computing the next-hop candidate link identifiers by applying a cryptographic function over some information carried in the packet header, the Bloom filters differ pseudo-randomly from packet-to-packet, making the forwarding fabric resistant towards unauthorized traffic.

The implementation and testing of in-packet bloom filter forwarding node that uses cryptographically computed link identifiers are discussed in this thesis. Two different cryptographic techniques are tested for the link-identity computation and thereby for making the forwarding decision. The algorithms have been implemented and tested on the Stanford NetFPGA. The performance and efficiency of the algorithms is also briefly discussed.