Retrofitting security into Internet infrastructure protocols

There are many different protocols that are critical to the communication of data in the Internet but are not readily visible to the end-users. These infrastructure protocols include the Domain Name System protocol, the various routing protocols, and the Simple Network Management Protocol. The infrastructure protocols were developed early in the history of the Internet, when the risk environment was much more benign, and are not protected against failure or attack. This has left the Internet vulnerable to failure resulting from attack on its infrastructure. Under DARPA sponsorship in the information survivability program, Network Associates has designed and implemented enhancements to critical infrastructure protocols, so as to enable the robust operation of the Internet. This paper describes our work on security enhancements to the domain name system, the Open Shortest Path First (OSPF) routing protocol, the Border Gateway Protocol (BGP) routing protocol, and the Simple Network Management Protocol (SNMP).

[1]  Steven M. Bellovin,et al.  Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[2]  Gary Scott Malkin,et al.  RIP Version 2 , 1998, RFC.

[3]  Gregory G. Finn,et al.  Reducing the Vulnerability of Dynamic Computer Networks , 1988 .

[4]  Bert Wijnen,et al.  Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) , 1998, RFC.

[5]  Brian Wellington,et al.  OSPF with Digital Signatures , 1997, RFC.

[6]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[7]  J.J. Garcia-Luna-Aceves,et al.  Securing the border gateway routing protocol , 1996, Proceedings of GLOBECOM'96. 1996 IEEE Global Telecommunications Conference.

[8]  Martha Steenstrup Inter-Domain Policy Routing Protocol Specification: Version 1 , 1993, RFC.

[9]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[10]  Jon Crowcroft,et al.  Integrating security in inter-domain routing protocols , 1993, CCRV.

[11]  Jeffrey D. Case,et al.  Introduction to Version 3 of the Internet-standard Network Management Framework , 1999, RFC.

[12]  Bert Wijnen,et al.  An Architecture for Describing SNMP Management Frameworks , 1998, RFC.

[13]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[14]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[15]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[16]  Paul Meyer,et al.  SNMP Applications , 1999, RFC.

[17]  Radia Perlman Interconnections: Bridges and Routers , 1992 .

[18]  Uri Blumenthal,et al.  User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) , 1998, RFC.