The statistics are maintained in newly designed oblivious data structures inside the SGX enclave and queried by data-oblivious algorithms to prevent data leakage caused by access patterns to the memory of SGX. It employs hardware enclave for secure network statistics generation and queries. In this paper, we propose OblivSketch, an oblivious network measurement service using Intel SGX. Recent studies demonstrate that leaking and abusing flow statistics can lead to severe network attacks such as DDoS, network topology manipulation and poisoning, etc. However, deploying network measurement services in third-party multi-tenant cloud service providers raises critical privacy and security concerns. Specifically, network measurement tasks such as heavy-hitter detection and flow distribution estimation serve many core network functions for improved performance and security of enterprise networks. Network function virtualisation enables versatile network functions as cloud services with reduced cost. We discuss a promising approach for mitigating such attacks. This has motivated proposals and standardization efforts for authenticating NTP communications and for securing NTP textit attacks. Unfortunately, NTP is vulnerable to so called time shifting attacks. The Network Time Protocol (NTP) synchronizes time across computer systems over the Internet and plays a crucial role in guaranteeing the correctness and security of many Internet applications. Strategic additional Peerlock-lite deployment at all large ISPs (<1% of all networks), in tandem with Peerlock within the peering clique as deployed, completely mitigates about 80% of simulated Tier 1 route leaks. These experiments reveal present Peerlock deployment restricts Tier 1 leak export to 10% or fewer networks for 40% of simulated leaks. To guide further deployment, we also quantify Peerlock’s impact on route leaks both at currently observed levels and under hypothetical future deployment scenarios via BGP simulation. Our measurements find evidence for significant Peerlock protection between Tier 1 networks in the peering clique, where 48% of potential Peerlock filters are deployed, and reveal that many other networks also deploy filters against Tier 1 leaks. We outline the Peerlock system and one variant, Peerlock-lite, and conduct live Internet experiments to measure their deployment on the control plane. Peerlock enables filtering agreements between transit providers to protect their own networks without the need for broad cooperation or a trust infrastructure. Peerlock, introduced in 2016, addresses route leaks with a new approach. These incidents have plagued the Internet for decades while deployment and usability issues cripple efforts to mitigate the problem. BGP route leaks frequently precipitate serious disruptions to inter-domain routing.