Today’s large-scale enterprise networks, data center networks, and wide area net-works can be decomposed into multiple administrative or geographical domains. Do-mains may be owned by different administrative units or organizations. Hence pro-tecting domain information is an important concern. Existing general-purpose Secure Multi-Party Computation (SMPC) methods that preserves privacy for domains are ex-tremely slow for cross-domain routing problems. In this paper we present PYCRO, a cryptographic protocol specifically designed for privacy-preserving cross-domain rout-ing optimization in Software Defined Networking (SDN) environments. PYCRO pro-vides two fundamental routing functions, policy-compliant shortest path computing and bandwidth allocation, while ensuring strong protection for the private information of domains. We rigorously prove the privacy guarantee of our protocol. To improve time efficiency we design the QuIck Pathing (QIP) technique. QIP only requires one-time offline preprocessing and very fast online computation. We have implemented a proto-type system that runs PYCRO and QIP on servers in a campus network. Experimental results using real ISP network topologies show that PYCRO and QIP are very efficient in computation and communication costs. |