This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.
[1]
Radia J. Perlman,et al.
Network layer protocols with Byzantine robustness
,
1988
.
[2]
Ram Ramanathan,et al.
Nimrod Functionality and Protocol Specifications, Version 1
,
1996
.
[3]
J. Noel Chiappa,et al.
The Nimrod Routing Architecture
,
1996,
RFC.
[4]
Sandra L. Murphy,et al.
Digital signature protection of the OSPF routing protocol
,
1996,
Proceedings of Internet Society Symposium on Network and Distributed Systems Security.
[5]
Theodore Y. Ts'o,et al.
Kerberos: an authentication service for computer networks
,
1994,
IEEE Communications Magazine.
[6]
Naganand Doraswamy,et al.
Combined 3DES-CBC, HMAC and Replay Prevention Security Transform
,
1996
.