Lowering security overhead in link state routing

doi:10.1016/S1389-1286(98)00022-X

Computer Networks

Volume 31, Issue 8, 23 April 1999, Pages 885-894

https://doi.org/10.1016/S1389-1286(98)00022-X Get rights and content

Abstract

Security services in routing protocols are at the same time very important and very costly. This paper examines the cost of security in link state routing and develops techniques for efficient and secure processing of link state updates. Different approaches are recommended for stable and volatile network environments. Applications to mobile ad hoc networks are also considered.

Section snippets

Introduction: security of routing protocols

As both the complexity and diversity of today's networks and internetworks grow, so does the need for new, more versatile and more efficient routing protocols. Since routing is a critical network function, security of routing protocols is naturally very important. This has been widely recognized by the designers of many routing protocols both past and present. Sound security, however, comes at a high price which translates into processing, bandwidth and storage overhead. Consequently, it is

Secure link state routing

Network routing has received a lot of attention in the last three decades as evidenced by the enormous amount of literature in the field. Dijkstra's Shortest Path [7] and Ford/Fulkerson's Max Flow algorithms [6] gave rise to link state and distance vector routing protocols, respectively. In distance vector protocols, nodes keep tables of the best paths and associated metrics for all possible destinations and periodically exchange the contents of the tables with neighbors. In contrast, link

Requirements

Before attempting to construct solutions we briefly examine the requirements for LSU security:

1.
Origin authentication,
2.
Non-repudiation,⁶
3.
Data integrity,
4.
Timeliness and ordering.

The first two go hand-in-hand: every LSU must be unambiguously associated with, and, traceable to, the router that generated it. Data integrity is required to detect any tampering with the LSUs. Finally, timeliness and ordering are

Building blocks

We use two basic tools in our construction of secure LSU distribution: public key-based digital signatures and one-way hash functions. Signatures can be computed using any well-known public key cryptosystem: RSA, DSS, El Gamal, Schnorr, etc. A number of (conjectured) strong one-way functions have been proposed, e.g., MD4, MD5, 8-pass SNEFRU and SHA 1, 2, 5, 12.

We also take advantage of a simple and elegant technique of constructing hash chains similar to that utilized in S/KEY one-time

Stable link state

In this section we describe a simple technique for reducing cryptographic costs associated with LSU processing. This scheme, referred to as SLS (Stable Link State), is effective when network links and nodes are fairly stable and LSUs are triggered either by time or by explicit requests.

It has been observed that a large percentage (50%, by some estimates) of LSUs are simply re-statements of previous LSUs. In other words, an LSU often carries no new information other than its timing since links

Fluctuating link state

The SLS scheme is not very effective if links and nodes fluctuate. However, it is precisely under such conditions when the cost of processing LSUs is particularly felt. In this section we outline a technique called FLS (Fluctuating Link State) aimed at a more dynamic routing environment.

The basic technique in FLS is similar to that in SLS. However, instead of one, each router generates $(n× k× 2)$ distinct hash chains forming a hash table. (Where n is the number of steps in the chain and k is the

Applications in ad hoc networks

It has been one of our implicit assumptions thus far that the underlying network is fixed. Obviously, any kind of node mobility complicates not only SLS/FLS but, much more importantly, the functioning of the routing protocol itself. Therefore, it might seem that techniques such as SLS/FLS are much less suitable for mobile networks than for their fixed counterparts. Surprisingly, this is not the case for at least some mobile networks.

At the extreme of mobility are the networks often referred to

Summary and future directions

In conclusion, this paper presented two techniques for efficient and secure generation and processing of updates in link state routing protocols. The first technique (SLS) is geared towards relatively stable network environments where node and link outages are infrequent. The second, more involved, technique (FLS) is designed with more volatile environments in mind. However, neither technique is particularly suitable for the worst-case scenario of arbitrary failures. Work is on-going to

Acknowledgements

The authors would like to acknowledge Michael Steiner, Hilarie Orman, Kannan Varadhan, Michael Waidner and anonymous referees for their valuable comments on the earlier drafts of this paper.

Ralf Hauser is currently a Senior Associate with McKinsey & Company. Before joining McKinsey in 1995 he was a Researcher at IBM Research (Zurich Laboratory) since 1992. He obtained his Ph.D. (1995) from the University of Zurich and M.S. in Computer Science (1992) from the University of Toronto, and B.S./B.B.A (1990) from the University of Zurich. Ralf Hauser has published in the areas of computer security and electronic commerce and his research interests include network security, electronic

References (19)

R. Rivest, The MD5 Message-Digest Algorithm, Internet RFC 1321, April...
R. Rivest, The MD4 Message-Digest Algorithm, Internet RFC 1320, April...
J. Moy, OSPF Version 2, Internet RFC 2178, July...
R. Perlman, Network layer protocols with byzantine robustness, Ph.D. Dissertation, MIT LCS TR-429, October...
R. Merkle, One-way hash functions and DES, Proc. CRYPTO 89, August...
L. Ford, D. Fulkerson, Flows in Networks, Princeton University Press, Princeton, NJ,...
E. Dijkstra, Self-stabilization in spite of distributed control, Communications of the ACM, November...
N. Asokan, G. Tsudik, M. Waidner, Server-supported signatures, 1996 European Symp. on Research in Computer Security,...
R. Hauser, G. Tsudik, On shopping incognito, 2nd USENIX Workshop on Electronic Commerce, November...

There are more references available in the full text version of this article.

Cited by (36)

Routing path authentication in link-state routing protocols
2012, Network Security
The rapid growth of the Internet has meant that many services are regarded as critical – such as web applications, including email and e-commerce, and real-time applications, such as video conferencing and Voice over IP (VoIP). These rely on the Internet infrastructure to provide them with reliable, efficient and secure communications. However, the routing protocols that the Internet is based on were originally designed to operate in a completely trusted and open environment, assuming no malicious nodes or behaviour. The routing infrastructure was not constructed with security in mind.1, 2 As a result, routers are subject to malicious attacks targeting not only a single subnet or individual users, but also the overall network performance.³ Therefore the need to secure the Internet has become a significant issue.
Evaluation of efficient security for BGP route announcements using parallel simulation
2004, Simulation Modelling Practice and Theory
Citation Excerpt :
In the following section we propose an optimization that offers the hope of achieving nearly the convergence of ordinary BGP, but without the overhead and uncertainty of caching. Questions related to reducing the cost of cryptography in the routing context have been raised before, e.g. [9,35]. Such methods typically work to reduce the cost by reducing the dependence on public-key methods, i.e. develop different ways of authentication.
The Border Gateway Protocol (BGP) determines how Internet traffic is routed throughout the entire world; malicious behavior by one or more BGP speakers could create serious security issues. Since the protocol depends on a speaker honestly reporting path information sent by previous speakers and involves a large number of independent speakers, the Secure BGP (S-BGP) approach uses public-key cryptography to ensure that a malicious speaker cannot fabricate this information. However, such public-key cryptography is expensive: S-BGP requires a digital signature operation on each announcement sent to each peer, and a linear (in the length of the path) number of verifications on each receipt. We use simulation of AS models derived from the Internet to evaluate the impact that the processing costs of cryptography have on BGP convergence time. As the size of these models grows, inherent memory requirements grow beyond what is normally available in serial computers, motivating us to use distributed memory cluster computers, just to hold the model state. We find that under heavy load the convergence time using ordinary S-BGP is significantly larger than BGP. We examine the impact of highly aggressive caching and pre-computation optimizations for S-BGP, and find that convergence time is much closer to BGP. However, these optimizations may be unrealistic, and are certainly expensive of memory. We consequently use the structure of BGP processing to design optimizations that reduce cryptographic overhead by amortizing the cost of private-key signatures over many messages. We call this method Signature-Amortization (S-A). We find that S-A provides as good or better convergence times as the highly optimized S-BGP, but without the cost and complications of caching and pre-computation. These experiments––whose memory demands easily exceed 10Gb––are made possible using parallel simulation. They show that it is is possible therefore to minimize the impact route validation has on convergence, by being careful with signatures, rather than consumptive of memory.
DAPV: Diagnosing Anomalies in MANETs Routing with Provenance and Verification
2019, IEEE Access
A formal treatment of efficient byzantine routing against fully byzantine adversary
2018, NCA 2018 - 2018 IEEE 17th International Symposium on Network Computing and Applications
Quality of Service in Mobile Ad Hoc Networks
2017, The Handbook of Ad Hoc Wireless Networks
Cryptanalysis of secure routing among authenticated nodes in MANETs
2017, Advances in Intelligent Systems and Computing

View all citing articles on Scopus

Antoni Przygienda is currently a Research Staff Member at High Speed Networks Research at Bell Labs, Lucent where he is working on architecture and implementation of IP routing protocols. Before coming to Bell Labs, he was with Fore Systems, Inc. working on PNNI and other ATM related standards and their implementation since 1995, and with IBM Research (Zurich Laboratory) as a Research Staff Member since 1992. He obtained his Ph.D. (1995) and M.S. in Computer Science (1992) from Swiss Federal Institute of Technology. Antoni Przygienda has published in the areas of quality-of-service routing, security and directory services. Email: [email protected]

Gene Tsudik is currently a Project Leader and Senior Research Scientist at the University of Southern California, Information Sciences Institute (USC/ISI). Before coming to USC/ISI in 1996 he was a Research Staff Member at IBM Research (Zurich Laboratory) since 1991. He obtained his Ph.D. (1991) and M.S. (1987) from the University of Southern California, and B.S. (1985) from the University of Houston. Gene Tsudik has published in the areas of internetworking and computer security and his research interests include network security, multicast communication, electronic commerce, mobile computing, fault-tolerant protocols and internetwork routing. Email: [email protected]

¹: An earlier version of this paper [19] was presented at the ISOC (Symposium on Network and Distributed System Security), February 1997, San Diego, CA, USA.

²: E-mail: [email protected].

³: E-mail: [email protected].

View full text

Lowering security overhead in link state routing1