CENTRA: CENtrally Trusted Routing vAlidation for IGP
Title | CENTRA: CENtrally Trusted Routing vAlidation for IGP |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Zeng, H., Wang, B., Deng, W., Gao, X. |
Conference Name | 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) |
ISBN Number | 978-1-5386-2209-4 |
Keywords | anomalous routing blockage, anomalous routing detection, anomaly detection, authentication, CENTRA, Centrally Controlling, CENtrally Trusted Routing vAlidation framework, communication protocol, composability, computer network security, Data Model, IGP, interior gateway protocols, Internet, Internet service providers, internetworking, ISP, knowledge base-this, Monitoring, Neighbor, NETCONF, Network security, OSPF, PKI, practical Internet, pubcrawl, public key cryptography, public key infrastructure, Real-time Systems, resilience, Resiliency, Routing, routing monitoring systems, routing policies, Routing protocols, Scalability, SDN, secure routing mechanism, secure routing policy, Software Defined Network, software defined networking, Trust Routing, trusted routing, YANG |
Abstract | Trusted routing is a hot spot in network security. Lots of efforts have been made on trusted routing validation for Interior Gateway Protocols (IGP), e.g., using Public Key Infrastructure (PKI) to enhance the security of protocols, or routing monitoring systems. However, the former is limited by further deployment in the practical Internet, the latter depends on a complete, accurate, and fresh knowledge base-this is still a big challenge (Internet Service Providers (ISPs) are not willing to leak their routing policies). In this paper, inspired by the idea of centrally controlling in Software Defined Network (SDN), we propose a CENtrally Trusted Routing vAlidation framework, named CENTRA, which can automated collect routing information, centrally detect anomaly and deliver secure routing policy. We implement the proposed framework using NETCONF as the communication protocol and YANG as the data model. The experimental results reveal that CENTRA can detect and block anomalous routing in real time. Comparing to existing secure routing mechanism, CENTRA improves the detection efficiency and real-time significantly. |
URL | https://ieeexplore.ieee.org/document/8250330/ |
DOI | 10.1109/CyberC.2017.75 |
Citation Key | zeng_centra:_2017 |
- routing policies
- PKI
- practical Internet
- pubcrawl
- public key cryptography
- public key infrastructure
- real-time systems
- resilience
- Resiliency
- Routing
- routing monitoring systems
- OSPF
- Routing protocols
- Scalability
- SDN
- secure routing mechanism
- secure routing policy
- Software Defined Network
- software defined networking
- Trust Routing
- trusted routing
- YANG
- IGP
- anomalous routing detection
- Anomaly Detection
- authentication
- CENTRA
- Centrally Controlling
- CENtrally Trusted Routing vAlidation framework
- communication protocol
- composability
- computer network security
- Data Model
- anomalous routing blockage
- interior gateway protocols
- internet
- Internet service providers
- internetworking
- ISP
- knowledge base-this
- Monitoring
- Neighbor
- NETCONF
- network security