A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : Security Extension for OSPFv2 when using Manual Key Management
Author(s) : M. Bhatia, et al.
Filename : draft-bhatia-karp-ospf-ip-layer-protection-03.txt
Pages : 26
Date : 2011-02-14
The current OSPFv2 cryptographic authentication mechanism as defined
in the OSPF standards is vulnerable to both inter-session and intra-
session replay attacks when its uses manual keying. Additionally,
the existing cryptographic authentication schemes do not cover the IP
header. This omission can be exploited to carry out various types of
attacks.
This draft proposes an authentication scheme based on a challenge-
response mechanism that will protect OSPFv2 from both inter and intra
replay attacks when its using manual keys for securing its protocol
packets. For comparison, an approach based on making sequence
numbers unique is presented. Later we also describe some changes in
the cryptographic hash computation so that we eliminate most attacks
that result because of OSPFv2 not protecting the IP header.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-bhatia-karp-ospf-ip-layer-protection-03.txt
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-bhatia-karp-ospf-ip-layer-protection-03.txt>
-
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
