Open Shortest Path First Protocol (OSPF)

[Guest mo_dashti1]

OSPF is a link state routing protocol used within one autonomous system (AS) or routing domain. Some

inherent properties of OSPF as a routing protocol make it very robust to failures and some attacks .

OSPF uses flooding for the dissemination of link state advertisements (LSA). This makes sure that

within the same area, all routers have the identical topological database. Even if a router goes down,

other routers can still exchange their link state information provided th~t an alternate path exists.

Furthermore, the link state information propagated in the network is the raw message generated by the

original router instead of the summarized information from neighbors as in distance vector routing. This

makes it easy to protect the authenticity of the information.

Also, OSPF is a two-level routing protocol with intra-area routing and inter-area routing. Area Border

Routers (ABR) connect to the backbone and exchange summarized area information. Since intra-area

routing depends only on information from within that area, it is not vulnerable to problems out of the

area. Also, problems in one area do not influence the intra-area routing of other areas and inter-area

routing among other areas. So hierarchy routing has a security advantage. The latest version of this

protocol includes two authentication methods. The first is a simple password scheme wherein the OSPF

header carries a plaintext password so that the routers within the routing domain can share a secret for

authentication. This is not secure since the password is transmitted in the clear. Another much stronger

authentication algorithm is cryptographic message digest, e.g., keyed MDS,22 with the assumption' that

routers on a common network share a secret key. This is a symmetric cryptographic scheme. If all the

routers share the same secret key, then the security level is low. If each pair of routers shares a secret key,

it requires a O(N2) set of secret keys. So the key distribution process will be very complex.

Murphy and Badger have proposed a digital signature scheme to protect the OSPF routing protocol

.Since digital signature is a public key scheme, the number of keys is on the order of O(N). The

basic idea of this scheme is to add a digital signature to the OSPF LSA packet and use message digest

(such as keyed MDS) to protect all exchanged messages. The originator of the LSA will sign the message,

and the signature will stay with the data during the"OSPF flooding process, thus protecting the message

integrity and providing authentication for LSA data. The key management and distribution also make

use of a type of signed LSA. The digital signature scheme can prevent external attackers. Since external

attackers cannot generate correct signature for LSAs, if they intercept the LSA and modify it or inject

some malicious information into the system, they can be detected. However, some disadvantages still

remain, including the following:

1. MaxAge problem: The age field is the only element of LSA that is not protected by digital signature.

The attacker can modify the age field to the maximum value.

2. Area Border Routers (ABR): ABRs run a distance vector routing-like protocol. Even with this

protocol, the ABRs can generate false information in the summary LSAs about their attached area

and inject into the backbone. They can also inject false information about the backbone into their

attached areas.

3. AutOnomous System Boundary Routers (ASBR): The ASBRs can generate false routing information.

It is impossible to double-check the information as the ABRs do.

4. Internal routers: Internal routers can generate incorrect routing information because of faulty

configuration or bugs. If an internal router is compromised, then the attacker can control the

router. This kind of faulty information and attack is difficult to prevent because the digital signature

is correctly generated. An internal attacker can also generate bogus information, for example,

announcing a nonexiste,:t link.

5. High cost: One drawback of the algorithm is that public key cryptography is very expensive, and

it will slow performance of the router, which should be fast.

[cluberti]

Why do people copy and paste posts off of the internet? Closing. Warning handed out.