VeriFLo: Verifiable Provenance with Fault Localization for Inter-domain Routing
摘要
Modern digital infrastructure demands reliable data delivery across networks. While data plane provenance verification can attest to a packet’s origin and path, it is susceptible to packet drops and malicious corruption of verification data, leaving the receiver unable to discern the cause of the fault. We propose a lightweight data plane provenance scheme with fault localization. By appending short, symmetric key marks at each hop and cumulatively reporting traffic counts, VeriFLo enables identification of links responsible for misbehavior in routing. Unlike existing fault localization schemes, the VeriFLo protocol does not require a path-aware network, and provides stronger security guarantees than BGPsec for inter-domain routing. We present security proofs for path unforgeability and fault localization, showing that either link of a misbehaving router can be identified with overwhelming probability even with a few bytes of marginal communication overhead per intermediary.