A Novel Security Protocol for Resolving Addresses in the Location/ID Split Architecture

The Locator/ID Separation Protocol (LISP) is a routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP uses two different numbering spaces to separate the device identifier from its location. In other words, the LISP separates the ’where’ and the ’who’ in networking and uses a mapping system to couple the location and identifier. This paper analyses the security and functionality of the LISP mapping procedure using a formal methods approach based on Casper/FDR tool. The analysis points out several security issues in the protocol such as the lack of data confidentiality and mutual authentication. The paper addresses these issues and proposes changes that are compatible with the implementation of the LISP.

[1]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[2]  Hiroshi Esaki,et al.  LINA: A New Approach to Mobility Support in Wide Area Networks , 2001 .

[3]  Aboubaker Lasebae,et al.  Enhancing naming and location services to support multi-homed devices in heterogeneous environments , 2011 .

[4]  Mahdi Aiash,et al.  Exploring Multi-homing Issues in Heterogeneous Environments , 2011, 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications.

[5]  Jonathan Loo,et al.  A formally verified AKA protocol for vertical handover in heterogeneous environments using Casper/FDR , 2012, EURASIP J. Wirel. Commun. Netw..

[6]  Dino Farinacci,et al.  Locator/ID Separation Protocol (LISP) Map-Server Interface , 2013, RFC.

[7]  R. Atkinson ILNP Concept of Operations , 2011 .

[8]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[9]  Dino Farinacci,et al.  The Locator/ID Separation Protocol (LISP) , 2009, RFC.

[10]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[11]  Michael Goldsmith,et al.  Modelling and analysis of security protocols , 2001 .

[12]  Mahdi Aiash,et al.  Securing Address Registration in Location/ID Split Protocol Using ID-Based Cryptography , 2013, WWIC.

[13]  Jonathan Loo,et al.  A Formally Verified Device Authentication Protocol Using Casper/FDR , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[14]  Perry Metzger,et al.  Encapsulating Security Payload (ESP) , 1995 .

[15]  Richard H. Thayer,et al.  Concept of Operations , 2001 .