Secure Availability Monitoring Using Stealth Probes
IP routing protocols naively assume that routers are trusted, egregiously failing when routers become adversarial. Because of the significant power they give to adversaries, routers are an increasingly attractive target for subversion attacks. In this paper, we present the design, implementation, and evaluation of stealth probing, a secure path-availability monitor that prevents on-path adversaries from degrading user performance. Stealth probing selects data packets to serve as implicit probes that should be explicitly acknowledged. The probes are concealed, preventing adversaries from treating them preferentially. Secure monitoring enables failure recovery by signaling when networks should reroute traffic to alternate paths. Testbed measurements of our software prototype demonstrate that stealth probing has practical overhead comparable to destination-based forwarding.