TY - GEN
T1 - Efficient Security Mechanisms for Routing Protocols
AU - Hu, Yih Chun
AU - Perrig, Adrian
AU - Johnson, David B.
N1 - Publisher Copyright:
© 2003 Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003. All Rights Reserved.
PY - 2003
Y1 - 2003
N2 - As our economy and critical infrastructure increasingly rely on the Internet, securing routing protocols becomes of critical importance. In this paper, we present four new mechanisms as tools for securing distance vector and path vector routing protocols. For securing distance vector protocols, our hash tree chain mechanism forces a router to increase the distance (metric) when forwarding a routing table entry. To provide authentication of a received routing update in bounded time, we present a new mechanism, similar to hash chains, that we call tree-authenticated one-way chains. For cases in which the maximum metric is large, we present skiplists, which provides more efficient initial computation cost and more efficient element verification; this mechanism is based on a new cryptographic mechanism, called MW-chains, which we also present. For securing path vector protocols, our cumulative authentication mechanism authenticates the list of routers on the path in a routing update, preventing removal or reordering of the router addresses in the list; the mechanism uses only a single authenticator in the routing update rather than one per router address. We also present a simple mechanism to securely switch one-way chains, by authenticating the next one-way chain using the previous one. These mechanisms are all based on efficient symmetric cryptographic techniques and can be used as building blocks for securing routing protocols.
AB - As our economy and critical infrastructure increasingly rely on the Internet, securing routing protocols becomes of critical importance. In this paper, we present four new mechanisms as tools for securing distance vector and path vector routing protocols. For securing distance vector protocols, our hash tree chain mechanism forces a router to increase the distance (metric) when forwarding a routing table entry. To provide authentication of a received routing update in bounded time, we present a new mechanism, similar to hash chains, that we call tree-authenticated one-way chains. For cases in which the maximum metric is large, we present skiplists, which provides more efficient initial computation cost and more efficient element verification; this mechanism is based on a new cryptographic mechanism, called MW-chains, which we also present. For securing path vector protocols, our cumulative authentication mechanism authenticates the list of routers on the path in a routing update, preventing removal or reordering of the router addresses in the list; the mechanism uses only a single authenticator in the routing update rather than one per router address. We also present a simple mechanism to securely switch one-way chains, by authenticating the next one-way chain using the previous one. These mechanisms are all based on efficient symmetric cryptographic techniques and can be used as building blocks for securing routing protocols.
UR - http://www.scopus.com/inward/record.url?scp=84982836904&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84982836904&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84982836904
T3 - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003
BT - Proceedings of the Symposium on Network and Distributed System Security, NDSS 2003
PB - The Internet Society
T2 - 10th Symposium on Network and Distributed System Security, NDSS 2003
Y2 - 6 February 2003
ER -