An intrinsic secure open shortest path first protocol based on identity cryptography

Abstract

Abstract: Routing protocols like Open Shortest Path First Version 2(OSPFV2) TCP/IP internet routing protocol play a crucial role in the connectivity and secure transmission of information within networks. However, traditional OSPFV2 lacks the capability to defend against source route spoofing or route information tampering, making networks vulnerable to attacks. Existing security strategies are often add-on solutions, which can lead to new security issues or have low security effectiveness. To address this, a novel OSPFV2 protocol based on identity-based cryptography is proposed. This protocol embeds identity-based cryptography within the routing exchange process, enabling networks to efficiently defend against route tampering and spoofing attacks internally. Furthermore, considering various limitations in deploying secure OSPFV2 protocols on a large scale, an operational mechanism supporting incremental deployment is designed using opaque link state advertisements. Simulation experiments demonstrate that the proposed internally secure OSPFV2 protocol possesses the capability to resist source route spoofing and data tampering while minimizing convergence delay.

Key words: OSPFV2 protocol(open shortest path first version 2 protocol), source routing information modification, intrinsic security, identity cryptography

XUN Peng, CHEN Hong-yan, WANG Yong-zhi, LI Shi-jie. An intrinsic secure open shortest path first protocol based on identity cryptography[J]. Computer Engineering & Science, 2024, 46(06): 1022-1031.

References ［20］

［1］	Moy J. OSPF version 2:RFC 2328［S］. US: Network Working Group, 1998-10-11.
［2］	Song Y B, Gao S,Hu A Q,et al.Novel attacks in OSPF networks to poison routing table ［C］∥Proc of 2017 IEEE International Conference on Communications,2017:1-6.
［3］	Nakibly G, Sosnovich A,Menahem E,et al.OSPF vulnerabi- lity to persistent poisoning attacks:A systematic analysis ［C］∥Proc of the 30th Annual Computer Security Applications Conference,2014:336-345.
［4］	Kasemsuwan P,Visoottiviseth V.OSV:OSPF vulnerability checking tool ［C］∥Proc of 2017 14th International Joint Conference on Computer Science and Software Engineering,2017:1-6.
［5］	Cohen R,Hess-Green R,Nakibly G.Small lies,lots of damage:A partition attack on link-state routing protocols ［C］∥Proc of 2015 IEEE Conference on Communications and Network Security,2015:397-405.
［6］	Song Y B,Gao S,Hu A Q,et al.Novel attacks in OSPF networks to poison routing table ［C］∥Proc of 2017 IEEE International Conference on Communications,2017:1-6.
［7］	Shaikh A,Greenberg A G.OSPF monitoring:Architecture,design,and deployment experience ［C］∥Proc of the 1st Symposium on Networked Systems Design and Implementation,2004:57-70.
［8］	Qu D H, Vetter B M, Wang F Y, et al.Statistical anomaly detection for link-state routing protocols ［C］∥Proc of the 6th International Conference on Network Protocols,1998:62-70.
［9］	韩挺.基于行为可信的安全OSPF协议研究［D］.西安:西安电子科技大学,2013.
	Han Ting.Research on security OSPF protocol based on behaviour trust ［D］.Xi’an:Xidian University,2013.
［10］	Am A,Pb B,Mfh A,et al.Identifying OSPF LSA falsification attacks through non-linear analysis ［J］.Computer Networks,2020,167:1-13.
［11］	朱绪全,江逸茗,马海龙，等.拟态防御体系OSPF协议研究及分析［J］.计算机工程与科学,2023,45(2):204-214.
	Zhu Xu-quan,Jiang Yi-ming,Ma Hai-long,et al.Research and analysis of OSPF protocol in mimic defense system ［J］.Computer Engineering & Science,2023,45(2):204-214.
［12］	Murphy S L,Badger M R.Digital signature protection of the OSPF routing protocol ［C］∥Proc of the Internet Society Symposium on Network and Distributed Systems Security,1996:93-102.
［13］	梁洪泉,吴巍.利用节点可信度的安全链路状态路由协议［J］.西安电子科技大学学报,2016,43(5):121-127.
	Liang Hong-quan,Wu Wei.Secure link status routing protocol based on node trustworthiness ［J］.Journal of Xidian University,2016,43(5):121-127.
［14］	Zeng H,Wang B S,Deng W S,et al.CENTRA:Centrally trusted routing validation for IGP ［C］∥Proc of 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery,2017:21-24.
［15］	Li Q. A V2V identity authentication and key agreement scheme based on identity-based cryptograph ［J］.Future Internet,2023,15(1):25-42.
［16］	左志斌.基于密码标识的软件定义网络数据面安全关键技术研究［D］.郑州：战略支援部队信息工程大学,2020.
	Zuo Zhi-bin.Research on key issues of software-defined networking data plane security based on cipher identifier ［D］.Zhengzhou:PLA Strategic Support Force Information Engineering University,2020.
［17］	孙铭玮.SM9标识密码算法关键技术研究［D］.哈尔滨：哈尔滨理工大学,2022.
	Sun Ming-wei.Research on key technologies of SM9 identification cipher algorithm ［D］.Harbin:Harbin University of Science and Technology,2022.
［18］	Berger L,Bryskin I, Zinin A. The OSPF opaque LSA option:RFC 5250［S］. US: Network Working Group, 2008.
［19］	Lynn B.PBC library ［EB/OL］.［2023-12-30］.https://crypto.stanford.edu/pbc/.
［20］	李鲁冰.SM2算法在数字证书系统上的实现与应用［D］.西安:西安电子科技大学,2020.
	Li Lu-bing.Implementation and application of SM2 algorithm in digital certificate system ［D］.Xi’an:Xidian University,2020.

An intrinsic secure open shortest path first protocol based on identity cryptography

PDF

Knowledge

Abstract

Cite this article

share this article

References ［20］

Related Articles 0

Recommended Articles

Metrics

Comments