[Thesis offer] Verifiable data plane

Par François Michel Publié le 25/04/2017 Editer la news

While standardization effort is ongoing to secure the control plane of the Internet, there is little effort in securing the data plane.

Verifiable data plane

While standardization effort [IETF SIDR and KARP Working Groups] is ongoing to secure the control plane of the Internet, there is little effort in securing the data plane. The control plane ensures that sources and intermediate nodes know how to reach a destination. If route origins and paths are validated in BGP, and if the interior gateway protocols are secure, one can trust the routes learned. What is missing is insurance that these routes are the ones that are followed by data packets.


Malicious routers may send traffic along a different path than the one they advertise. They can also drop or corrupt the traffic. Today there are no deployed techniques to securely check what happens on the data plane. The state of the art tools for checking the path and delay along that path are traceroute and ping but these tools can be tampered with, responding with false information, or treated preferentially, in order to respond quicker than the delay experienced by regular packets.

The potential threats in traffic being sent along an undesired route are that the traffic may be stored and analyzed by untrusted parties. While end-to-end encryption like IPsec can provide some protection against on-the-fly analysis, it can be broken given enough time and horse power. In addition, traffic may be sent along poorer performing routes, be dropped, or corrupted on purpose. An untrusted party can also do traffic analysis to know who is in communication. "Tor" aims to protect the anonymity of the entities in communications. It is however a costly alternative in terms of network performance. It has further been shown that since most Tor traffic crosses a few Internet Service Providers, these are consequently able to de-anonymize communications [Sun 2015].

Objectives In this project, we will provide solutions, relying on existing cryptographic tools, to verify the path taken by data packets, the quality and modifications that could be experienced by data packets along the way to the destination. Our solutions are orthogonal to end-to-end encryption. The challenge is that these solutions should work at line-rate. They should be easily deployable (no zero-day). If verification is not performed for all packets, malicious routers should not be able to distinguish "verification packets" from normal traffic in order for our sample to be representative of the whole flow of packets. We will deploy some of our solutions and measure the discrepancy between the control and the data plane. In addition, our proposals can be used to determine net-neutrality violations as well as the effect of middleboxes.

[Sun 2015] Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal. RAPTOR: Routing Attacks on Privacy in Tor. USENIX Security 2015. Washington, D.C., USA (August 2015).

Thesis director(s)

Cristel Pelsser, Pascal Mérindol, Stéphane Cateloin


University of Strasbourg, ICube

Our collaborators on this project are Pr. Olaf Maennel at Tallinn University of Technology, Estonia and Pr. Matthias Wählisch at Freie Universität Berlin, Germany.


The candidate must hold a master or equivalent degree from a non-French establishment or else, have followed a full undergraduate program outside of France.


The thesis will take place at the university of Strasbourg, France. It is funded for 3 years. The scholarship comes with a stipend to attend 1 conference and 1 summer school per year.

To apply

Send a resume, a motivation letter, copies of your grades and 2 reference letters to pelsser@unistra.fr. The deadline for the applications is May 13th , 2017. We will hold interviews between May 22nd and 26th.