From: Adrian Perrig (adrian@ece.cmu.edu)
Date: 02/03/03
Tomorrow (Tuesday) at 4pm in Hamerschlag A306,
Yih-Chun Hu is giving a cool practice talk for his upcoming NDSS talk.
The talk describes neat security constructions that are useful for efficiently
securing routing protocols.
Title: Efficient Security Mechanisms for Routing Protocols
Authors:
Yih-Chun Hu, Adrian Perrig
Carnegie Mellon University
David B. Johnson
Rice University
Abstract:
As our economy and critical infrastructure increasingly rely on the Internet,
securing routing protocols becomes of critical importance. In this paper, we
present four new mechanisms as tools for securing distance vector and path
vector routing protocols. For securing distance vector protocols, our hash tree
chain mechanism forces a router to increase the distance (metric) when
forwarding a routing table entry. To provide authentication of a received
routing update in bounded time, we present a new mechanism, similar to hash
chains, that we call tree-authenticated one-way chains. For cases in which the
maximum metric is large, we present skiplists, which provides more efficient
initial computation cost and more efficient element verification; this mechanism
is based on a new cryptographic mechanism, called MW-chains, which we also
present. For securing path vector protocols, our cumulative authentication
mechanism authenticates the list of routers on the path in a routing update,
preventing removal or reordering of the router addresses in the list; the
mechanism uses only a single authenticator in the routing update rather than one
per router address. We also present a simple mechanism to securely switch
one-way chains, by authenticating the next one-way chain using the previous one.
These mechanisms are all based on efficient symmetric cryptographic techniques
and can be used as building blocks for securing routing protocols.
This archive was generated by hypermail 2.1.5 : 02/03/03 EST