Consent Routing: Towards Bilaterally Trusted Communication Paths.

In today's Internet, the security of data transfers largely depends on the forwarding path: on-path adversaries can launch powerful attacks against the confidentiality, integrity, and availability of Internet communication. Moreover, current routing protocols give little path control to end hosts; at best, a multi-homed host can choose the first hop of the forwarding path. In short, communicating hosts are facing the problem that they need to trust the entities which forward their packets but can barely choose the forwarding path. Recent research in networking has shown that path-aware network architectures can give the sender control over the path selection while increasing the overall efficiency and security of the network. Still, only half of the trust problem is solved: in these architectures, path selection is up to the sender's judgment, even though the sender and the receiver have the same vital interest in choosing the forwarding path for their communication. In this paper, we introduce consent routing, a new routing paradigm in which the consent of both the sender and the receiver is required prior to using a forwarding path. The novelty of consent routing is to make path selection a cooperative process between the distributed communicating parties, enabling new opportunities for security and trust, e.g., mitigation of surveillance, censorship, and traffic analysis. Our implementation shows that consent routing is feasible in practice and can be incrementally deployed without changes to the underlying network architecture.