I-D Action: draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
internet-drafts@ietf.org Wed, 29 February 2012 14:07 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E6E21F86F3 for <i-d-announce@ietfa.amsl.com>; Wed, 29 Feb 2012 06:07:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.546
X-Spam-Level:
X-Spam-Status: No, score=-102.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M61Z0qgkY1Km for <i-d-announce@ietfa.amsl.com>; Wed, 29 Feb 2012 06:07:07 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85C121F86BE for <i-d-announce@ietf.org>; Wed, 29 Feb 2012 06:07:06 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120229140704.20429.94222.idtracker@ietfa.amsl.com>
Date: Wed, 29 Feb 2012 06:07:04 -0800
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 14:07:08 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Preventing spoofing attacks in BGP-MPLS-VPN Inter-Provider Model-C
Author(s) : Bhargav Bhikkaji
Balaji Venkat Venkataswami
Filename : draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
Pages : 15
Date : 2012-02-29
In certain models of inter-provider Multi-Protocol-Label-Switching
based Virtual Private Networks (MPLS-VPNs), spoofing attacks against
VPN sites is a key concern. Unidirectional attacks towards VPN sites
can compromise servers at the VPN sites and cause Denial-of-Service
(DoS) situations. Currently, the inner labels associated with VPN
sites are not encrypted during transmission. The Provider Edge (PE)
router at the end to which the VPN customer is attached accepts any
data packet with a valid label. This enables a man-in-the-middle
attacker to spoof a packet to a specific site of a VPN. In this
paper, we propose some secure techniques which provide security
against such label-spoofing. These techniques ensure that an attacker
would not be able to spoof labeled data packets. In order to make the
proposed scheme robust, some additional steps are proposed over and
above the initial steps specified. This makes the attacker to spend
non-linear time to guess the right label for his unidirectional
attacks to succeed. Our proposed technique can be applied to a
specific type of inter-provider Border Gateway Protocol(BGP) based
MPLS VPN and other existing variant where Multi-Protocol exterior-
BGP (MP-eBGP) multi-hop is used. In future, if any other variant is
proposed to use MP-eBGP multi-hop, our scheme can be used to protect
against spoofing attacks.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
This Internet-Draft can be retrieved at:
ftp://ftp.ietf.org/internet-drafts/draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
- I-D Action: draft-bhargav-l3vpn-inter-provider-op… internet-drafts