Abstract
In this paper we propose a new solution to increase the security of BGP/MPLS IP VPNs established across multiple domains. In general, layer 3 VPNs already present a number of security risks when used in single domain scenarios, since they are vulnerable to attacks originated inside the provider backbone. In order to overcome these risks, IPSec tunnels are recommended. In multi-domain scenarios, however, the safe establishment of such IPSec tunnels is much more difficult, due to need to set up proper Security Associations in an open environment. The solution we present in this paper not only solves this problem but also improves the dynamic composition of multi-domain VPNs, thus reducing the effort and time required to provide such VPNs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Rosen, E., et al.: BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4364 (2006)
Matos, A.V., Matos, F.M., Simões, P., Monteiro, E.: A Framework for the Establishment of Inter-Domain, On-Demand VPNs. In: 11th IEEE/IFIP Network Operations and Management Symposium – NOMS, pp. 232–239 (2008)
Behringer, M.: Analysis of the Security of BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4381 (2006)
Rekhter, Y., Bonica, R., Rosen, E.: Use of Provider Edge to Provider Edge (PE-PE) Generic Routing Encapsulation (GRE) or IP in BGP/MPLS IP Virtual Private Networks. RFC 4797 (2007)
Rosen, E.: Applicability Statement for BGP/MPLS IP Virtual Private Networks (VPNs). RFC 4365 (2006)
Alateras, J. (ed.): IPsphere Framework Technical Specification – Release 1 (2007), http://www.ipsphereforum.org/Files/IPSF_R1_Spec.pdf
Ren, R., Feng, D., Ma, K.: A detailed implement and analysis of MPLS VPN based on IPSec. In: Proceedings of International Conference on Machine Learning and Cybernetics, vol. 5, pp. 2779–2783 (2004)
Pezeshki, J., et al.: Performance Implications of Instantiating IPsec over BGP Enabled RFC 4364 VPNs. In: IEEE Military Communications Conference - MILCOM, pp. 1–7 (2007)
Li, Q., Xu, M., Xu, K.: Toward A Practical Scheme for IPSec Management. In: International Conference on Information Networking - ICOIN, pp. 1–5 (2008)
Blaze, M., Ioannidis, J., Keromytis, A.: Trust Management for IPSec. ACM Transactions on Information and System Security 5(2), 95–188 (2002)
Masmoudi, K., Afifi, H.: Building identity-based security associations for provider-provisioned virtual private networks. Journal of Telecommunication Systems 39(3), 215–222 (2008)
Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). OASIS Standard Specification (2006)
Apache WSS4J, http://ws.apache.org/wss4j/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Matos, A., Matos, F., Simões, P., Monteiro, E. (2009). An IPSec Mediation Approach for Safe Establishment of Inter-domain VPNs. In: Nunzi, G., Scoglio, C., Li, X. (eds) IP Operations and Management. IPOM 2009. Lecture Notes in Computer Science, vol 5843. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04968-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-04968-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04967-5
Online ISBN: 978-3-642-04968-2
eBook Packages: Computer ScienceComputer Science (R0)