TERENA Networking Conference 2000    

Security Issues in Control, Management and Routing Protocols

Madalina Baltatu, Antonio Lioy, Fabio Maino and Daniele Mazzocchi, Politecnico di Torino, Italy

Nowadays, the need for security in network infrastructure is stronger than ever. The main requirements are data origin authentication and data integrity for IP, control, and routing protocols.

As long as Internet is based on TCP/IP, its "insecurity" is inherent. IP was not designed with security in mind, and neither were its routing, control, and management protocols. Some of the most serious security flaws of the TCP/IP protocol suite exist because hosts rely on IP source address for authentication. Others exist because network control mechanisms and routing protocols have minimal or non-existent authentication. During the last few years, many IETF working groups have made considerable efforts for introducing security mechanisms based on cryptography at different layers of the TCP/IP stack. One of the most significant work is the definition of the security architecture for the Internet Protocol (IPsec). In this work the use of IPsec is analyzed as a possible solution to various attacks at the network infrastructure.

The goal of the work is to outline important security aspects of the protocols which play fundamental roles in the Internet architecture. The presentation begins with an analysis of the ICMP protocol together with an updated list of protocol attacks. Possible solutions to hinder these attacks are then presented. A brief description of IGMP, together with its potential security risks follows. The presentation continues with an analysis of various security mechanisms for routing protocols. Basically, we discuss the security extensions defined for two commonly used intra-domain routing protocols, RIP and OSPF.

Full Paper (PDF - 238KB) - Slides (83KB)



Return to SessionReturn to Index