A message source authentication scheme for inter-domain routing protocols

This paper proposes a message source authentication scheme for inter-domain routing protocols in which the initiator and the responder have no pre-established trust relationship. They use their cryptographically generated IPv6 addresses as source addresses for routing protocol, and sign routing protocol messages using their own private keys. Therefore, their IPv6 addresses are bound to their public-private key pair. After the initial message exchange, the initiator and the responder reach a shared key, and the routing protocol messages exchanged between them are authenticated using that shared key.

[1]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[2]  Manav Bhatia,et al.  OSPFv2 HMAC-SHA Cryptographic Authentication , 2009, RFC.

[3]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[4]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[5]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[6]  Steven M. Bellovin,et al.  Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification , 2006, RFC.

[7]  Gregory Lebovitz Roadmap for Cryptographic Authentication of Routing Protocol Packets on the Wire , 2009 .

[8]  Paul E. Hoffman,et al.  Determining Strengths For Public Keys Used For Exchanging Symmetric Keys , 2004, RFC.

[9]  Lixia Zhang,et al.  Report from the IAB workshop on Unwanted Traffic March 9-10, 2006 , 2007, RFC.

[10]  Matthew J. Fanto,et al.  RIPv2 Cryptographic Authentication , 2007, RFC.

[11]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[12]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[13]  Steven M. Bellovin,et al.  Standards Maturity Variance Regarding the TCP MD5 Signature Option (RFC 2385) and the BGP-4 Specification , 2006, RFC.

[14]  Eric Rescorla,et al.  Diffie-Hellman Key Agreement Method , 1999, RFC.

[15]  Stephen E. Deering,et al.  Internet Protocol Version 6 (IPv6) Addressing Architecture , 2003, RFC.

[16]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.