Advertisement

A Novel Security Protocol for Resolving Addresses in the Location/ID Split Architecture

  • Mahdi Aiash
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)

Abstract

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP uses two different numbering spaces to separate the device identifier from its location. In other words, the LISP separates the ’where’ and the ’who’ in networking and uses a mapping system to couple the location and identifier. This paper analyses the security and functionality of the LISP mapping procedure using a formal methods approach based on Casper/FDR tool. The analysis points out several security issues in the protocol such as the lack of data confidentiality and mutual authentication. The paper addresses these issues and proposes changes that are compatible with the implementation of the LISP.

Keywords

Location/ID Split Protocol Casper/FDR Future Internet Address Resolving 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ishiyama, I., Uehara, K., Esaki, H., Teraoka, F.: LINA: A New Approach to Mobility in Wide Area Networks. IEICE Trans. Commun. E84-B(8) (August 2001)Google Scholar
  2. 2.
    Atkinson, R.J.: ILNP Concept of Operations, internet Draft (July 27, 2011)Google Scholar
  3. 3.
    Mapp, G., Aiash, M., Crestana Guardia, H., Crowcroft, J.: Exploring Multi-homing Issues in Heterogeneous Environments. In: 1st International Workshop on Protocols and Applications with Multi-Homing Support (PAMS 2011), Singapore (2010)Google Scholar
  4. 4.
    Aiash, M., Mapp, G., Lasebae, A., Phan, R., Augusto, M., Vanni, R., Moreira, E.: Enhancing Naming and Location Services to support Multi-homed Devices in Heterogeneous Environments. In: Proc. The CCSIE 2011, London, UK, July 25-27 (2011)Google Scholar
  5. 5.
    Cisco Nexus 7000 Series Switches, Cisco Nexus 7000 LISP Overview Video, http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps10800/LISP_VDS.html (last accessed on January 13, 2013)
  6. 6.
    Locator/ID Separation Protocol (lisp) Working Group, http://datatracker.ietf.org/wg/lisp/charter/ (last accessed on January 13, 2013)
  7. 7.
    Cisco Locator/ID Separation Protocol Security At-A-Glance, http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps10800/at_a_glance_c45-645204.pdf (last accessed on January 13, 2013)
  8. 8.
    Maino, F., Ermagan, V., Cabellos, A., Saucez, A., Bonaventure, O.: LISP-Security (LISP-SEC). Internet-Draft (September 12, 2012)Google Scholar
  9. 9.
    Cisco Locator/ID Separation Protocol Revolutionary Network Architecture to Power the Network, http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps10800/aag_c45-635298.pdf (last accessed on January 13, 2013)
  10. 10.
    Farinacci, D., Fuller, V., Meyer, D., Lewis, D.: Locator/ID Separation Protocol (LISP). Internet-Draft (November 13, 2012)Google Scholar
  11. 11.
    Farinacci, D., Fuller, V.: LISP Map Server Interface. Internet-Draft (March 4, 2012)Google Scholar
  12. 12.
    Aiash, M., Al-Nemrat, A., Preston, D.: Securing Address Registration in Location/ID Split Protocol Using ID-Based Cryptography. In: Tsaoussidis, V., Kassler, A., Koucheryavy, Y., Mellouk, A. (eds.) WWIC 2013. LNCS, vol. 7889, pp. 129–139. Springer, Heidelberg (2013)Google Scholar
  13. 13.
    Goldsmith, M., Lowe, G., Roscoe, A.W., Ryan, P., Schneider, S.: The modelling and analysis of security protocols. Pearson Ltd. (2010)Google Scholar
  14. 14.
    Formal Systems, Failures-divergence refinement. FDR2 user manual and tutorial, Version 1.3 (June 1993)Google Scholar
  15. 15.
    Lowe, G., Broadfoot, P., Dilloway, C., Hui, M.L.: Casper: A compiler for the analysis of security protocols, 1.12 edn. (September 2009)Google Scholar
  16. 16.
    Aiash, M., Mapp, G., Lasebae, A., Phan, P., Loo, J.: Casper: A formally verified AKA protocol for vertical handover in heterogeneous environments using Casper/FDR. EURASIP Journal on Wireless Communications and Networking 2012, 57 (2012)Google Scholar
  17. 17.
    Aiash, M., Mapp, G., Lasebae, A., Phan, P., Loo, J.: A Formally Verified Device Authentication Protocol Using Casper/FDR. In: 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), June 25-27 (2012)Google Scholar
  18. 18.
    Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). Request for Comments: 2409 (November 1998)Google Scholar
  19. 19.
    Kent, S., Atkinson, R.: IP Encapsulating Security Payload (ESP). Request for Comments: 2406 (November 1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Mahdi Aiash
    • 1
  1. 1.School of Science and TechnologyMiddlesex UniversityLondonUK

Personalised recommendations