Home // ICN 2012, The Eleventh International Conference on Networks // View article

Mitigating Spoofing Attacks in MPLS-VPNs using Label-hopping

Authors:
Shankar Raman
Gaurav Raina

Keywords: MPLS; VPN; Model C; Spoofing attacks; Label- hopping;

Abstract:
In certain models of inter-provider Multi- Protocol Label Switching (MPLS) based Virtual Private Networks (VPNs) spoofing attack against VPN sites is a key concern. For example, MPLS-based VPN inter-provider model “C” is not favoured, owing to security concerns in the data-plane, even though it can scale with respect to maintenance of routing state. Since the inner labels associated with VPN sites are not encrypted during transmission, a man-in-the- middle attacker can spoof packets to a specific VPN site. In this paper, we propose a label-hopping technique which uses a set of randomized labels and a method for hopping amongst these labels using the payload of the packet. To prevent the attacker from identifying the labels in polynomial time, we also use an additional label. The proposed technique can be applied to other variants of inter-provider MPLS based VPNs where Multi-Protocol exterior-BGP (MP-eBGP) multi-hop is used. As we address a key security concern, we can make a case for the deployment of MPLS based VPN inter-provider model “C”.

Pages: 241 to 245

Copyright: Copyright (c) IARIA, 2012

Publication date: February 29, 2012

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-183-0

Location: Saint Gilles, Reunion

Dates: from February 29, 2012 to March 5, 2012