Security implementation at routing protocols level

Mouhcine Chliah, Ghizlane Orhanou, Said El Hajji

Mathematics, Computer Science and Applications Laboratory
Faculty of Science Rabat
University Mohammed V Agdal
[email protected], [email protected], [email protected]

The first approach is: The threat can be everywhere, that is

Abstract: In the present paper we propose to study some to say, it is possible to have a hacker on each section of the
advantages of security implementation at routing protocol network, even intranet sections, so we should not send
level; so first, we will locate security mechanism within segments from same packet via the same path.
Open Systems Interconnection (OSI) Levels, then we’ll give
a brief description of routing protocols and routing tables, Second, we have to put infected devices, sub-network and
at the end we’ll check how routers with notion of security routes into Quarantine.
can easily detect and help stopping a Man-in-the-Middle [1]
attacks. Let’s discuss in more details protocol routers used till now
and how routing tables are built.
I. PROBLEMATIC:
II. INTRODUCTION TO METRIC USED BY ROUTING
PROTOCOLS AND ROUTING TABLES.
Majority of solutions proposed till now for security are
located at User Application Level (Anti-Virus, Intrusion
detector…) or at most between Layer 4 and 7 “Fig. 1” like: A routing protocol specifies how routers communicate
Firewall (Access Control List), IPsec, Transport Layer with each other, disseminating information that enables them
Security … to select routes between any two nodes on a computer
network, the choice of the route being done by routing
algorithms based on some parameters (Metrics) to build the
routing table.

There are two techniques for updating the routing table—

Security solutions: static routing and dynamic routing. Static routing is the
process by which a network administrator manually creates
routing table entries using a program designed for this
purpose. Dynamic routing is the process by which routing
table entries are automatically created by specialized routing
protocols that run on the router systems. Two examples of
these protocols are the Routing Information Protocol (RIP [2])
and the Open Shortest Path First (OSPF [3]) protocol. Routers
use these protocols to exchange messages containing routing
information with other nearby routers. Each router is, in
essence, sharing its routing table with other routers.

Figure 1: Security implementation on different OSI Layers.

III. ROUTING BASED ON SECURITY

So let’s imagine that security is also implemented on

Network Layer (OSI Layer 3), which means that routers will Before going in details let’s see with a small description
also take into consideration security when building routing what’s a MIM [4] technique.
table or routing messages, in that case less resources will be The man-in-the-middle attack (often abbreviated MITM,
used by the end devices such as PC, Smartphone, Tablet…, MitM , MIM , MiM , is a form of active eavesdropping in
and even some devices without anti-virus which are sources of which the attacker makes independent connections with the
vulnerability to the whole network will be armed –indirectly- victims and relays messages between them, making them
with some security implemented on routers. believe that they are talking directly to each other over a
private connection, when in fact the entire conversation is
controlled by the attacker. The attacker must be able to In the following section, we will present MiM attack used
intercept all messages going between the two victims and inject to by-pass https.
new ones, which is straightforward in many circumstances (for
example, an attacker within reception range of an un-encrypted IV. REAL CASES STUDY.
Wi-Fi wireless access point, can insert himself as a man-in-the-
middle). During the Black Hat DC 2009 [5], Moxie Marlinspike
demonstrates a New Techniques for Defeating SSL/TLS that
As explained above, the hacker using this technique must
allow attackers to silently alter, inject, and log traffic intended
be positioned in the middle and sniff the traffic, but with
for secure transmission by SSL/TLS in common web
routing protocol having notion of security capable to send
applications such as online banking or secure webmail logins
segments for same packet on different path “Fig. 2” then the
“Fig. 4”.
hacker will not be able to gather all the pieces of the puzzle.

Figure 4: Passive routing with no security notion

Figure 2: Segments of same packet shared via different path

Taking the same demonstration in a different environment

Also once a threat has been detected normally the router with router having a notion of security (i.e two segments for
should block any traffic coming from or going to that segment same packet will be shared using different path), the MiM will
of the network –Put in Quarantine “Fig. 3”-, then he needs to not have all the information needed in order to act as the
send some messages or SNMP trap to warn the administrator Server or the client for this communication, but the worse
about the threat or vulnerable devices for that segment of the think for him is that such information can be used by the
network. router or other devices to detect the threat and put him in a
Later, the administrator can check the content of the quarantine “Fig. 5”
quarantine in order to upgrade devices with latest patch
against virus, or adjust the policies.

Figure 5: routing with security notion

Let’s take an example of https (http over TLS/SSL “Fig. 6”)

[6] for which a client is trying to access his bank account.

Figure 3: Segment/Route put in Quarantine.

Client/Server and the one generated by the MoM, hence the
detection can be made based on this.

Step5: Routers will update their own routing tables and share
it with others routers.

Step6: The routers will put in Quarantine the infected path.

Step7: Routers will warn the administrator.

V. CONCLUSION

Routing protocols can be used in order to enhance security in

Figure 6: Application protocols over TLS/SSL. the network, we saw how MiM attack can be avoided with
segments of same packets shared via different path giving the
Step1: The client will try to establish a connection with the possibility to the devices to detect such threat and surround it,
Web Server (TLS HandShake) “Fig. 7”. this mechanisms can be also useful again other attack such as
sniffing.
VI. ABBREVIATIONS AND DESCRIPTION.

MTU: Maximum Transmission Unit.

ACL: Access Control List.
OSI: Open Systems Interconnection
PK: Public Key
Http: Hypertext Transfer Protocol
TLS: Transport Layer Security
SSL: Secure Sockets Layer

VII. REFERENCES

[1] ISO/IEC 7498-1:1994, Information technology—Open Systems

Interconnection—Basic Reference Model: The Basic Model
Figure 7: TLS handshake protocol. [2] RIP v2 : RFC 2453.
[3] OSPF v3 RFC 2740
Step2: The direct router will split the packet into several [4] "Network Forensic Analysis of SSL MITM Attacks". NETRESEC
Network Security Blog. Retrieved March 27, 2011.
segments and share them with the Server via different path.
[5] http://www.blackhat.com/html/bh-dc-09/bh-dc-09-
speakers.html#Marlinspike
Step3: The MiM will get some segments, and he’ll start [6] RFC 2818: HTTP over TLS ;
emulating the Server by replying to the Client and sending [7] IEEE 1363: Standard Specifications for Public-Key Cryptography
same packet (Passive MiM) or modified one (Active MiM) to Todd Lammle, CCNA Cisco Certified Network Associate Study Guide, 7th
the Server, but keep in mind he’ll not received all the Edition, [ISBN: 978-1-1180-8805-0]
pieces. TCP : RFC 793 / UDP : RFC 768.
IGRP : http://docwiki.cisco.com/wiki/Interior_Gateway_Routing_Protocol
Step4: During the handshake process the Client/Server will get EIGRP:
more than one Public-key [7], the correct one coming from the http://docwiki.cisco.com/wiki/Enhanced_Interior_Gateway_Routing_Protocol