Abstract
Multi-Protocol Label Switching (MPLS) network architecture does not protect the confidentiality of data transmitted. This paper proposes a mechanism to enhance the security in MPLS networks by using multi-path routing combined with a modified (k, n) threshold secret sharing scheme. An Internet Protocol (IP) packet entering MPLS ingress router can be partitioned into n shadow (share) packets, which are then assigned to maximally node disjoint paths across the MPLS network. The egress router at the end will be able to reconstruct the original IP packet if it receives any k share packets. The attacker must therefore tap at least k paths to be able to reconstruct the original IP packet that is being transmitted, while receiving k − 1 or less of share packets makes it hard or even impossible to reconstruct the original IP packet. In this paper, we consider the multicast case in addition to the unicast. To our best knowledge, no work has been published for MPLS multicast security. We have implemented our model and measured its time complexity on variable packets size.
Similar content being viewed by others
References
Andersson L, Doolan P, Feldman N, Fredette A, Thomas B (2001) “LDP Specification”, IETF, RFC 3036, 2001
Asmuth C (1983) A modular approach to key safeguarding. IEEE Transactions on Information Theory IT-29(2)
Awduche D, Malcolm (1999) J Requirements for Traffic Engineering over MPLS RFC 2702
Barlow D, Vassilio V, Owen H (2003) A cryptographic protocol to protect MPLS Labels. Proceeding of IEEE Workshop of Information Assurance
Behringer M, Morrow MJ (2005) MPLS VPN-Security. Cisco, Indianapolis
Blakley GR (1979) Safeguarding cryptographic keys. Proceedings of the National Computer Conference, 1979, American Federation of Information Processing Societies 48:
Blesa M, Blum C (2004) Ant colony optimization for the- maximum edge-disjoint paths problem. In: Raidl et al. (ed). 1st (EvoCOMNET'04), volume 3005f of Lecture Notes in Computer Science, pages 160–169, Coimbra
Chung J, Panguluru S, Garcia R (2002) Multiple LSP routing network security for MPLS networking. IEEE-MWSCAS
GMP “GNU Multiple Precision Arithmetic Library”, http://www.swox.com/gmp/.
Lou W, Fang Y (2001) A multipath routing approach for secure data delivery. IEEE Milcom’01, 2001
Lewis M (2005) Troubleshooting any transport over MPLS based VPNs. Cisco Press article
MPLS World Congress (’2006, ’2007).
Ramaswamy R, Weng N, Wolf T (2003) Considering processing cost in network simulations”, Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research, Germany
Rosen E, Viswanathan A, Callon R (2001) Multi-protocol label switching architecture. IETF, RFC 3031
Ren R, Feng D, Ma K (2004) A detailed implement and analysis of MPLS VPN based on IPSEC”, Proceeding of the IEEE Third International Conference on Machine Learning and Cybernetics, Shanghai
Saad T, Alawieh B, Mouftah H (2006) Tunneling techniques for end-to-end VPNs: Generic deployment in an optical testbed environment. IEEE Communication Magazine
Shamir A (1979) How to share a secret. Commun ACM 24:612–613
Schneier B (1996) Applied cryptography, 2nd edn. Chapters 3 and 23. Wiley, New York
Sidhu D, Nair R, Abdallah S (1991) Finding disjoint paths in networks”, proceeding ACM-SIGCOMM’91 Symposium,
Bhandari R (1999) Survivable networks. algorithms for diverse routing, Kluwer, New York
Shiloach Y (1980) A polynomial solution to the undirected two paths problem. JACM 27(3):445–456
Lee H, Hwang J, Kang B, Jun K (2000)End-to-end QoS architecture for VPNs: MPLS VPN deployment in a backbone network. Proceedings the International Workshops on Parallel Processing, Canada pp. 479–483
Iwaki M, Toraichi K, Ishii R (1993) Fast polynomial interpolation for Remez exchange method. IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 411–414, 1993
Palmieri F (2007) Fiore U (2007) Enhanced security strategies for MPLS signaling. J Netw 2(5):1–13
Palmieri F, Fiore U (2005) Securing the MPLS Control Plane. HPCC 2005, LNCS 3726, Springer, pp. 511–523
Finite Field Arithmetic, http://www.springer.com/?SGWID=2-102-45-110359-4, Chapter 2, (last time accessed May, 2008).
Harman B, Burness L, Corliano G, Murgu A, El-moussa F, He L (2006) Securing network availability. BT Technol J 24:65–71
S. Avallone, V. Manetti, M. Mariano, S. Romano (2007) A splitting infrastructure for load balancing and security in an MPLS network”, 3rd international conference on testbeds and research infrastructure for the development of networks and communities, pp. 1–6
Author information
Authors and Affiliations
Corresponding author
Additional information
Abdeslam En-Nouaary is on leave from ECE Dept., Concordia University, Montreal, Canada.
Rights and permissions
About this article
Cite this article
Alouneh, S., En-Nouaary, A. & Agarwal, A. MPLS security: an approach for unicast and multicast environments. Ann. Telecommun. 64, 391–400 (2009). https://doi.org/10.1007/s12243-009-0089-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12243-009-0089-y