Abstract
As the Internet continues to grow, it faces an increasingly hostile environment and consequently, the need for security in network infrastructure is stronger than ever. In this scenario the Multi-Protocol Label Switching (MPLS) emerging paradigm, seems to be the cornerstone for developing most of the next generation network infrastructure-level services in the Internet. Unfortunately, due to the lack of a scalable means of verifying the authenticity and legitimacy of the control plane traffic in an MPLS domain, almost all the existing MPLS control and signaling protocols are extremely vulnerable to a variety of malicious attacks both in theory and in practice and communication between peer routers speaking the above common protocols is subject to active and passive forgery, hijacking and wiretapping activities. In this paper, we propose a robust framework for MPLS-based network survivability against security threats, by making the MPLS control and signaling protocols more secure. Our design goals include integrity safeguarding, protection against replay attacks, and gradual deployment, with routers not supporting authentication breaking the trust chain but operating undisturbed under any other respect.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Perlman, R.: Interconnections: Bridges and Routers. Addison-Wesley, Reading Mass (1992)
Behringer, M., Analysis of the Security of the MPLS Architecture, Internet Draft < draft-behringer-mpls-security-10.txt>, IETF Network Working Group (February 2001)
Senevirathne, T., Paridaens, O.: Secure MPLS – Encryption and Authentication of MPLS Payloads, Internet Draft, IETF Network Working Group (February 2001)
Rosen, E., Viswanathan, A., Callon, R.: Multiprotocol Label Switching Architecture, IETF RFC 3031 (January 2001)
Andersson, L., Doolan, P., Feldman, N., Fredette, A., Thomas, B.: LDP Specification, IETF RFC 3036 (January 2001)
Jamoussi, B., Andersson, L., Callon, R., et al.: Constraint-Based LSP Setup using LDP, IETF RFC 3212 (January 2002)
Awduche, D., Berger, L., et al.: RSVP-TE: Extensions to RSVP for LSP Tunnels, IETF RFC 3209 (December 2001)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Maughan, D., Schertler, M., Schneider, M., Turner, J.: Internet Security Association and Key Management Protocol (ISAKMP), IETF RFC 2408 (1998)
Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, IETF RFC 2560 (1999)
Adams, C., Sylvester, P., Zolotarev, M., Zuccherato, R.: Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols, IETF RFC3029 (2001)
Stinson, D.R.: Cryptography Theory and Practice. CRC Press, Boca Raton (1995)
Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile, IETF RFC 2459 (1999)
Wahl, M., Howes, T., Kille, S.: Lightweight Directory Access Protocol (v3), IETF RFC 2251 (December 1997)
Murphy, S., Badger, M.: Digital signature protection of the OSPF routing protocol. In: Proceedings of the Symposium on Network and Distributed System Security (SNDSS 1996) (February 1996)
Heffernan, A.: Protection of BGP Sessions via the TCP MD5 Signature Option, IETF RFC 2385 (August 1998)
Klima, V.: Finding MD5 Collisions - a Toy For a Notebook ( ) (March 2005), http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
Baker, F., Lindell, B., Talwar, M.: RSVP Cryptographic Authentication, IETF RFC 2747 (January 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Palmieri, F., Fiore, U. (2005). Securing the MPLS Control Plane. In: Yang, L.T., Rana, O.F., Di Martino, B., Dongarra, J. (eds) High Performance Computing and Communications. HPCC 2005. Lecture Notes in Computer Science, vol 3726. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11557654_60
Download citation
DOI: https://doi.org/10.1007/11557654_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29031-5
Online ISBN: 978-3-540-32079-1
eBook Packages: Computer ScienceComputer Science (R0)