In its current state, the Internet does not provide end users with transparency and control regarding on-path forwarding devices. In particular, the lack of network device information reduces the trustworthiness of the forwarding path and prevents end-user applications requiring specific router capabilities from reaching their full potential. Moreover, the inability to influence the traffic's forwarding path results in applications communicating over undesired routes, while alternative paths with more desirable properties remain unusable. In this work, we present FABRID, a system that enables applications to forward traffic flexibly, potentially on multiple paths selected to comply with user-defined preferences, where information about forwarding devices is exposed and transparently attested by autonomous systems (ASes). The granularity of this information is chosen by each AS individually, protecting them from leaking sensitive network details, while the secrecy and authenticity of preferences embedded within the users' packets are protected through efficient cryptographic operations. We show the viability of FABRID by deploying it on a global SCION network test bed, and we demonstrate high throughput on commodity hardware.

翻译：当前互联网并未向终端用户提供关于路径上转发设备的透明性与控制能力。具体而言，网络设备信息的缺失降低了转发路径的可信度，阻碍了需要特定路由器能力的终端应用充分发挥其潜力。此外，用户无法影响流量转发路径，导致应用通过非预期路径通信，而具有更优属性的替代路径仍无法使用。本文提出FABRID系统，该系统允许应用灵活转发流量，可基于用户定义偏好选择多条路径，同时路径中转发设备信息被自治系统（AS）公开透明地认证。每个AS可自主选择所公开信息的粒度，既能防止敏感网络细节泄露，又通过高效密码学运算保护用户数据包中嵌入的偏好信息的机密性与真实性。我们通过在全球SCION网络测试床上部署FABRID验证其可行性，并在商用硬件上展示了高吞吐量性能。