Skip to main content

Technical Reports: CMU-CyLab-07-013

Title:SNAPP: Stateless Network-Authenticated Path Pinning
Authors:Bryan Parno, Adrian Perrig, David Andersen
Publication Date:September 19, 2007


This paper examines a new building block for next-generation networks: SNAPP, or Stateless Network-Authenticated Path Pinning. SNAPP-enabled routers securely embed their routing decisions in the packet headers of a stream of traffic, effectively pinning a flow’s path between sender and receiver. A sender can use the pinned path (even if routes subsequently change) by including the path embedding in later packet headers. This architectural building block decouples routing from forwarding, which greatly enhances the availability of a path in the face of routing misconfigurations or malicious attacks. To demonstrate the extreme flexibility of SNAPP, we show how it can support a wide range of applications, including sender-controlled paths, expensive route lookups, sender anonymity, and sender accountability. Our analysis shows that SNAPP’s overhead is low, and the system is easily implemented in hardware. We believe that SNAPP is a worthy addition to the network architect’s toolbox, enabling a variety of new designs and trade-offs.

Full Report: CMU-CyLab-07-013