Efficient Security Mechanisms for Routing Protocols

Yih Chun Hu, Adrian Perrig, David B. Johnson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As our economy and critical infrastructure increasingly rely on the Internet, securing routing protocols becomes of critical importance. In this paper, we present four new mechanisms as tools for securing distance vector and path vector routing protocols. For securing distance vector protocols, our hash tree chain mechanism forces a router to increase the distance (metric) when forwarding a routing table entry. To provide authentication of a received routing update in bounded time, we present a new mechanism, similar to hash chains, that we call tree-authenticated one-way chains. For cases in which the maximum metric is large, we present skiplists, which provides more efficient initial computation cost and more efficient element verification; this mechanism is based on a new cryptographic mechanism, called MW-chains, which we also present. For securing path vector protocols, our cumulative authentication mechanism authenticates the list of routers on the path in a routing update, preventing removal or reordering of the router addresses in the list; the mechanism uses only a single authenticator in the routing update rather than one per router address. We also present a simple mechanism to securely switch one-way chains, by authenticating the next one-way chain using the previous one. These mechanisms are all based on efficient symmetric cryptographic techniques and can be used as building blocks for securing routing protocols.

Original languageEnglish (US)
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 2003
PublisherThe Internet Society
ISBN (Electronic)1891562169, 9781891562167
StatePublished - 2003
Externally publishedYes
Event10th Symposium on Network and Distributed System Security, NDSS 2003 - San Diego, United States
Duration: Feb 6 2003 → …

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 2003

Conference

Conference10th Symposium on Network and Distributed System Security, NDSS 2003
Country/TerritoryUnited States
CitySan Diego
Period2/6/03 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Efficient Security Mechanisms for Routing Protocols'. Together they form a unique fingerprint.

Cite this