Home // International Journal On Advances in Networks and Services, volume 5, numbers 3 and 4, 2012 // View article

Mitigating Some Security Attacks in MPLS-VPN Model “C”

Authors:
Shankar Raman
Balaji Venkat
Gaurav Raina

Keywords: MPLS; VPN; Model “C”; Label-hopping; Spoof- ing attack; Replay attack.

Abstract:
In certain models of inter-provider Multi-Protocol Label Switching (MPLS) based Virtual Private Networks (VPNs), spoofing and replay attacks against VPN sites are two key concerns. MPLS VPN model “C” can scale well with respect to maintenance of routing state when compared with models “A” and “B”. But this deployment model is not favoured due to the aforementioned security concerns in the data-plane. The inner labels associated with VPN sites are not encrypted during data transmission. Therefore it is possible for an attacker to spoof or replay data packets to a specific VPN site. We propose a label- hopping technique which uses a set of randomised labels and a method for hopping amongst these labels to address these type of attacks. To reduce the computation time complexity for such algorithms, we propose the use of Timing over Internet Protocol connection and Transfer of Clock (TicToc) based Precision Time Protocol. Simulations show that by using the TicToc protocol, along with the label-hopping technique, we can mitigate spoofing and replay attacks at line-rate. As we address key security and performance concerns, we make a plausible case for the deployment of MPLS based VPN inter-provider model “C”.

Pages: 304 to 314

Copyright: Copyright (c) to authors, 2012. Used with permission.

Publication date: December 31, 2012

Published in: journal

ISSN: 1942-2644