Encrypted Packet Forwarding in Virtualized Networks

Virtualized networks provide a shared infrastructure platform for hosting multiple independent networks with different protocol stacks. The infrastructure and the virtual networks are operated by different entities who may not trust each other. In the authors' work, they address one of the arising security issues by providing data confidentiality for forwarding network traffic. They propose an encrypted representation of IP addresses and forwarding data structures that hides the operations of the virtual network from the infrastructure provider. They describe the cryptographic computations and data structures that forwards network traffic and discuss their space requirements.