DocumentCode
1508016
Title
Preserving Confidentiality in PCE-based Multi-domain Networks
Author
Paolucci, Francesco ; Gharbaoui, Molka ; Giorgetti, Alessio ; Cugini, Filippo ; Martini, Barbara ; Valcarenghi, Luca ; Castoldi, Piero
Author_Institution
Scuola Superiore Sant´´Anna, Pisa, Italy
Volume
3
Issue
5
fYear
2011
fDate
5/1/2011 12:00:00 AM
Firstpage
465
Lastpage
474
Abstract
The path computation element (PCE) architecture has been proposed to effectively enable multi-domain traffic engineering (TE) in generalized multiprotocol label switching (GMPLS) networks while providing an adequate level of confidentiality among domains. However, a malicious utilization of the procedures defined within the PCE architecture might affect the confidentiality of network domain information in a multi-domain multi-carrier network scenario. This paper discusses the critical issues of the PCE architecture in terms of confidentiality. A two-step authorization scheme, named the behavior-based PCE authorization policy (BPAP), is proposed. The BPAP includes a novel add-on PCE component and a central authorization policy server to protect against confidentiality breaking. The scheme is based on the PCE protocol (PCEP) client behavior analysis and includes attack pattern detection procedures and possible partial information filtering of the reply message. The applicability of the BPAP scheme is validated in wavelength switched optical networks (WSONs) through simulations focusing on the exchange of a restricted set of available resources. Finally, a BPAP implementation is experimentally evaluated, showing the efficiency of the two-step scheme in terms of scalability, capability to limit the discovery of critical information, and reactivity to confidential attacks.
Keywords
optical fibre networks; protocols; telecommunication security; BPAP; GMPLS networks; PCE-based multidomain networks; PCEP; WSON; behavior-based PCE authorization policy; generalized multiprotocol label switching networks; multidomain traffic engineering; path computation element protocol; pattern detection procedures; two-step authorization scheme; wavelength switched optical networks; Authorization; Bandwidth; Computer architecture; Context; Measurement; Multiprotocol label switching; Peer to peer computing; Authorization policy; Confidentiality; Generalized multiprotocol label switching; Multi-domain; PCE protocol; Path computation element; Security;
fLanguage
English
Journal_Title
Optical Communications and Networking, IEEE/OSA Journal of
Publisher
ieee
ISSN
1943-0620
Type
jour
DOI
10.1364/JOCN.3.000465
Filename
5759822
Link To Document