Securing Communication Against Leaky Switches

Internet providers are expected to provide trustable networks for their users. However, this task is becoming increasingly difficult to achieve as network devices become more complex and prone to malicious software and hardware that can be installed on such devices at various stages of the supply chain or after deployment. Herein, we consider the problem of secure communication when an adversary surreptitiously exfiltrates part of transmissions from within the network. We model the leakage as probabilistic sampling of traffic at switches and propose a novel scheme for transmitting user messages that uses secret sharing to disperse shares of a message over multiple network paths such that the leakage probability of the message is bounded by a required leakage threshold, while link bandwidths are respected. To respect the link bandwidth, the proposed scheme dynamically computes the number of shares generated for each message and the number of shares sent on each path while allowing the use of non-disjoint paths and sending more than one share of a message on a path. These features distinguish our scheme from the previous work. The security guarantee of our scheme is information theoretic (hence post-quantum). To validate our theoretical results and show the efficacy of the proposed scheme to reduce the packet drop rate and its impact on communication latency, we evaluate it using both Mininet and discrete-event simulations. The experiments show that message transmission using our scheme achieves higher goodput compared to baseline schemes that (i) exclude leaky switches, and (ii) use only node-disjoint paths.