I-D Action: draft-mjsraman-l3vpn-tictoc-label-hop-00.txt
internet-drafts@ietf.org Mon, 26 March 2012 05:48 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B6C21F8549 for <i-d-announce@ietfa.amsl.com>; Sun, 25 Mar 2012 22:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.299
X-Spam-Level:
X-Spam-Status: No, score=-102.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vrOlIaBJMpjU for <i-d-announce@ietfa.amsl.com>; Sun, 25 Mar 2012 22:48:54 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79E6121F853C for <i-d-announce@ietf.org>; Sun, 25 Mar 2012 22:48:54 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-mjsraman-l3vpn-tictoc-label-hop-00.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120326054854.18739.12698.idtracker@ietfa.amsl.com>
Date: Sun, 25 Mar 2012 22:48:54 -0700
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Mar 2012 05:48:55 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Securing Model-C Inter-Provider VPNs with Label Hopping and TicToc Author(s) : Shankar Raman Balaji Venkat Venkataswami Gaurav Raina Filename : draft-mjsraman-l3vpn-tictoc-label-hop-00.txt Pages : 17 Date : 2012-03-25 In certain models of inter-provider Multi- Protocol Label Switching (MPLS) based Virtual Private Networks (VPNs) spoofing attack against VPN sites is a key concern. For example, MPLS-based VPN inter- provider model "C" is not favoured, owing to security concerns in the dataplane, even though it can scale with respect to maintenance of routing state. Since the inner labels associated with VPN sites are not encrypted during transmission, a man-in-themiddle attacker can spoof packets to a specific VPN site. In this paper, we propose a label-hopping technique which uses a set of randomized labels and a method for hopping amongst these labels using the time instant the packet leaves the port from a sending Provider Edge Router. To prevent the attacker from identifying the labels in polynomial time, we also use an additional label. The proposed technique can be applied to other variants of inter-provider MPLS based VPNs where Multi-Protocol exterior-BGP (MP-eBGP) multi-hop is used. As we address a key security concern, we can make a case for the deployment of MPLS based VPN inter-provider model "C". Specifically we use the TicToc based Precision Time Protocol LSP to provide the timing for determining the time instant at which the packet is sent from the remote end Provider Edge Router and for calculating when it must have left the that peer at the Provider Edge Router at the near end / receiving end. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-mjsraman-l3vpn-tictoc-label-hop-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-mjsraman-l3vpn-tictoc-label-hop-00.txt
- I-D Action: draft-mjsraman-l3vpn-tictoc-label-hop… internet-drafts