Visible to the public CENTRA: CENtrally Trusted Routing vAlidation for IGP

TitleCENTRA: CENtrally Trusted Routing vAlidation for IGP
Publication TypeConference Paper
Year of Publication2017
AuthorsZeng, H., Wang, B., Deng, W., Gao, X.
Conference Name2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
ISBN Number978-1-5386-2209-4
Keywordsanomalous routing blockage, anomalous routing detection, anomaly detection, authentication, CENTRA, Centrally Controlling, CENtrally Trusted Routing vAlidation framework, communication protocol, composability, computer network security, Data Model, IGP, interior gateway protocols, Internet, Internet service providers, internetworking, ISP, knowledge base-this, Monitoring, Neighbor, NETCONF, Network security, OSPF, PKI, practical Internet, pubcrawl, public key cryptography, public key infrastructure, Real-time Systems, resilience, Resiliency, Routing, routing monitoring systems, routing policies, Routing protocols, Scalability, SDN, secure routing mechanism, secure routing policy, Software Defined Network, software defined networking, Trust Routing, trusted routing, YANG
Abstract

Trusted routing is a hot spot in network security. Lots of efforts have been made on trusted routing validation for Interior Gateway Protocols (IGP), e.g., using Public Key Infrastructure (PKI) to enhance the security of protocols, or routing monitoring systems. However, the former is limited by further deployment in the practical Internet, the latter depends on a complete, accurate, and fresh knowledge base-this is still a big challenge (Internet Service Providers (ISPs) are not willing to leak their routing policies). In this paper, inspired by the idea of centrally controlling in Software Defined Network (SDN), we propose a CENtrally Trusted Routing vAlidation framework, named CENTRA, which can automated collect routing information, centrally detect anomaly and deliver secure routing policy. We implement the proposed framework using NETCONF as the communication protocol and YANG as the data model. The experimental results reveal that CENTRA can detect and block anomalous routing in real time. Comparing to existing secure routing mechanism, CENTRA improves the detection efficiency and real-time significantly.

URLhttps://ieeexplore.ieee.org/document/8250330/
DOI10.1109/CyberC.2017.75
Citation Keyzeng_centra:_2017