Security enhancement for MPLS data-plane forwarding based on dynamic signature label calculation

Cloud service gradually becomes the main trend for online business, and the security of core ISP networks between the cloud and customers is very important. The MPLS protocol is proposed to promote the forwarding performance in ISP networks without enough security consideration. However, network sec...

Full description

Saved in:
Bibliographic Details
Published in2019 Computing, Communications and IoT Applications (ComComAp) pp. 327 - 332
Main Authors Tang, Zhu, Li, Sudan, Xun, Peng, Deng, Wenping, Wang, Baosheng
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2019
Subjects
Cloud service
Dynamic label calculation
Encryption
Heuristic algorithms
HMAC signature
IP networks
MPLS label stack
Multiprotocol label switching
Security enhancement
Switches
Online AccessGet full text

Cover

More Information
Summary:Cloud service gradually becomes the main trend for online business, and the security of core ISP networks between the cloud and customers is very important. The MPLS protocol is proposed to promote the forwarding performance in ISP networks without enough security consideration. However, network security becomes more and more important in the core and edge of Internet. In order to enhance the security of for MPLS data-plane forwarding in ISP networks, a dynamic signature label calculation method is proposed in this paper. It uses HMAC signature of MPLS packet data to calculate the dynamic label values. Every label switch router verifies the signature and recovers the original label for forwarding. Security analysis and comparison result shows that our method can defend several security attacks, such as label eavesdropping attack, packet insertion/replay attack and packet tampering attack.
DOI:10.1109/ComComAp46287.2019.9018771