Skip to main content
SpringerLink
Log in

MPLS security: an approach for unicast and multicast environments

  • Published:
annals of telecommunications - annales des télécommunications Aims and scope Submit manuscript

Abstract

Multi-Protocol Label Switching (MPLS) network architecture does not protect the confidentiality of data transmitted. This paper proposes a mechanism to enhance the security in MPLS networks by using multi-path routing combined with a modified (k, n) threshold secret sharing scheme. An Internet Protocol (IP) packet entering MPLS ingress router can be partitioned into n shadow (share) packets, which are then assigned to maximally node disjoint paths across the MPLS network. The egress router at the end will be able to reconstruct the original IP packet if it receives any k share packets. The attacker must therefore tap at least k paths to be able to reconstruct the original IP packet that is being transmitted, while receiving k − 1 or less of share packets makes it hard or even impossible to reconstruct the original IP packet. In this paper, we consider the multicast case in addition to the unicast. To our best knowledge, no work has been published for MPLS multicast security. We have implemented our model and measured its time complexity on variable packets size.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Andersson L, Doolan P, Feldman N, Fredette A, Thomas B (2001) “LDP Specification”, IETF, RFC 3036, 2001

  2. Asmuth C (1983) A modular approach to key safeguarding. IEEE Transactions on Information Theory IT-29(2)

  3. Awduche D, Malcolm (1999) J Requirements for Traffic Engineering over MPLS RFC 2702

  4. Barlow D, Vassilio V, Owen H (2003) A cryptographic protocol to protect MPLS Labels. Proceeding of IEEE Workshop of Information Assurance

  5. Behringer M, Morrow MJ (2005) MPLS VPN-Security. Cisco, Indianapolis

    Google Scholar 

  6. Blakley GR (1979) Safeguarding cryptographic keys. Proceedings of the National Computer Conference, 1979, American Federation of Information Processing Societies 48:

  7. Blesa M, Blum C (2004) Ant colony optimization for the- maximum edge-disjoint paths problem. In: Raidl et al. (ed). 1st (EvoCOMNET'04), volume 3005f of Lecture Notes in Computer Science, pages 160–169, Coimbra

  8. Chung J, Panguluru S, Garcia R (2002) Multiple LSP routing network security for MPLS networking. IEEE-MWSCAS

  9. GMP “GNU Multiple Precision Arithmetic Library”, http://www.swox.com/gmp/.

  10. Lou W, Fang Y (2001) A multipath routing approach for secure data delivery. IEEE Milcom’01, 2001

  11. Lewis M (2005) Troubleshooting any transport over MPLS based VPNs. Cisco Press article

  12. MPLS World Congress (’2006, ’2007).

  13. Ramaswamy R, Weng N, Wolf T (2003) Considering processing cost in network simulations”, Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, Germany

  14. Rosen E, Viswanathan A, Callon R (2001) Multi-protocol label switching architecture. IETF, RFC 3031

  15. Ren R, Feng D, Ma K (2004) A detailed implement and analysis of MPLS VPN based on IPSEC”, Proceeding of the IEEE Third International Conference on Machine Learning and Cybernetics, Shanghai

  16. Saad T, Alawieh B, Mouftah H (2006) Tunneling techniques for end-to-end VPNs: Generic deployment in an optical testbed environment. IEEE Communication Magazine

  17. Shamir A (1979) How to share a secret. Commun ACM 24:612–613

    Article  MathSciNet  Google Scholar 

  18. Schneier B (1996) Applied cryptography, 2nd edn. Chapters 3 and 23. Wiley, New York

    Google Scholar 

  19. Sidhu D, Nair R, Abdallah S (1991) Finding disjoint paths in networks”, proceeding ACM-SIGCOMM’91 Symposium,

  20. Bhandari R (1999) Survivable networks. algorithms for diverse routing, Kluwer, New York

    Google Scholar 

  21. Shiloach Y (1980) A polynomial solution to the undirected two paths problem. JACM 27(3):445–456

    Article  MATH  MathSciNet  Google Scholar 

  22. Lee H, Hwang J, Kang B, Jun K (2000)End-to-end QoS architecture for VPNs: MPLS VPN deployment in a backbone network. Proceedings the International Workshops on Parallel Processing, Canada pp. 479–483

  23. Iwaki M, Toraichi K, Ishii R (1993) Fast polynomial interpolation for Remez exchange method. IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 411–414, 1993

  24. Palmieri F (2007) Fiore U (2007) Enhanced security strategies for MPLS signaling. J Netw 2(5):1–13

    Google Scholar 

  25. Palmieri F, Fiore U (2005) Securing the MPLS Control Plane. HPCC 2005, LNCS 3726, Springer, pp. 511–523

  26. Finite Field Arithmetic, http://www.springer.com/?SGWID=2-102-45-110359-4, Chapter 2, (last time accessed May, 2008).

  27. Harman B, Burness L, Corliano G, Murgu A, El-moussa F, He L (2006) Securing network availability. BT Technol J 24:65–71

    Article  Google Scholar 

  28. S. Avallone, V. Manetti, M. Mariano, S. Romano (2007) A splitting infrastructure for load balancing and security in an MPLS network”, 3rd international conference on testbeds and research infrastructure for the development of networks and communities, pp. 1–6

Download references

Author information

Authors and Affiliations

  1. German-Jordanian University, Amman, Jordan

    Sahel Alouneh

  2. Institut National des Postes et Telecommunications (INPT), Rabat, Morocco

    Abdeslam En-Nouaary

  3. Concordia University, Montreal, QC, Canada

    Anjali Agarwal

Authors
  1. Sahel Alouneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdeslam En-Nouaary
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anjali Agarwal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sahel Alouneh.

Additional information

Abdeslam En-Nouaary is on leave from ECE Dept., Concordia University, Montreal, Canada.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Alouneh, S., En-Nouaary, A. & Agarwal, A. MPLS security: an approach for unicast and multicast environments. Ann. Telecommun. 64, 391–400 (2009). https://doi.org/10.1007/s12243-009-0089-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-009-0089-y

Keywords

Search

Navigation