IETF Logo Mail Archive

I-D Action: draft-mjsraman-l3vpn-tictoc-label-hop-01.txt

internet-drafts@ietf.org Fri, 17 August 2012 14:54 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE1011E80DE for <i-d-announce@ietfa.amsl.com>; Fri, 17 Aug 2012 07:54:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.526
X-Spam-Level:
X-Spam-Status: No, score=-102.526 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id quGRCRKfMYKF for <i-d-announce@ietfa.amsl.com>; Fri, 17 Aug 2012 07:54:09 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13F8C11E80DC for <i-d-announce@ietf.org>; Fri, 17 Aug 2012 07:54:09 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-mjsraman-l3vpn-tictoc-label-hop-01.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.33
Message-ID: <20120817145409.4747.11763.idtracker@ietfa.amsl.com>
Date: Fri, 17 Aug 2012 07:54:09 -0700
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 14:54:09 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : Securing Model-C Inter-Provider VPNs with Label Hopping and TicToc
	Author(s)       : Shankar Raman
                          Balaji Venkat Venkataswami
                          Gaurav Raina
	Filename        : draft-mjsraman-l3vpn-tictoc-label-hop-01.txt
	Pages           : 18
	Date            : 2012-08-17

Abstract:
   In certain models of inter-provider Multi- Protocol Label Switching
   (MPLS) based Virtual Private Networks (VPNs) spoofing attack against
   VPN sites is a key concern. For example, MPLS-based VPN inter-
   provider model "C" is not favoured, owing to security concerns in the
   dataplane, even though it can scale with respect to maintenance of
   routing state. Since the inner labels associated with VPN sites are
   not encrypted during transmission, a man-in-themiddle attacker can
   spoof packets to a specific VPN site. In this paper, we propose a
   label-hopping technique which uses a set of randomized labels and a
   method for hopping amongst these labels using the time instant the
   packet leaves the port from a sending Provider Edge Router. To
   prevent the attacker from identifying the labels in polynomial time,
   we also use an additional label. The proposed technique can be
   applied to other variants of inter-provider MPLS based VPNs where
   Multi-Protocol exterior-BGP (MP-eBGP) multi-hop is used. As we
   address a key security concern, we can make a case for the deployment
   of MPLS based VPN inter-provider model "C". Specifically we use the
   TicToc based Precision Time Protocol LSP to provide the timing for
   determining the time instant at which the packet is sent from the
   remote end Provider Edge Router and for calculating when it must have
   left the that peer at the Provider Edge Router at the near end /
   receiving end.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-mjsraman-l3vpn-tictoc-label-hop

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-mjsraman-l3vpn-tictoc-label-hop-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-mjsraman-l3vpn-tictoc-label-hop-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

v2.23.0 | Report a Bug | By Email