PathSec: Path-Aware Secure Routing with Native Path Verification and Auditability

Selecting and verifying network paths for packet flows are fundamental for creating secure and efficient network architectures. These processes are essential for detecting and addressing anomalies, misconfigurations, or malicious activities, yet they remain challenging to implement effectively, even within a single administrative domain. To support a secure routing framework, it is necessary to: (i) select specific paths for packet flows, enabling "path awareness"; (ii) verify that packets follow the specified routes, ensuring adherence to the routing promise; and (iii) maintain tamper-proof audit records of path verification data. This paper introduces a novel path-aware secure routing approach based on Residue Number System (RNS) primitives, which enables both native path verification and auditability. Our method employs a lightweight multi-signature scheme built on simplified hash chain signatures, leveraging RNS-based native routing mechanisms. These signatures, which provide proofs of packet forwarding, are verified and recorded on a blockchain to ensure data integrity and prevent unauthorised tampering. A P4-based prototype demonstrates that our solution represents a viable hardware implementation for modern programmable switches. (AU)