Security Enhancements to Routing Protocols for Backbone Networks

The basic problem in enhancing the security of a routing protocol is how to verify the correctness of the information a router exchanges with its peers, i.e., to feasibly protect the authenticity and integrity of the routing traffic and provide the means to verify the authority of the participating routers. In this paper, we present some enhancements to the routing protocols that have been used in large-scale backbone networks. First, by using limited key distribution and double message hashing, the routing protocols have improved computational efficiency and the ability to verify the authenticity and integrity of a routing message. Second, we propose a novel algorithm that can detect Byzantine attacks as well as other internal attacks, by using both message and route redundancy during route discovery. Third, we also propose an optimal routing algorithm with routing metrics combining both requirements on a node´s trustworthiness and performance. In this way, each node makes secure routing decision based on its trust on its neighboring nodes and the performance provided by these nodes. The proposed enhancements can be applied to both distance-vector and link-state routing protocols, such as RIP, OSPF and BGP.