The Threat Analysis and Requirements for Cryptographic Authentication of Routing Protocols' Transports
draft-karp-threats-reqs-00

Abstract

In the March of 2006 the IAB held a workshop on the topic of "Unwanted Internet Traffic". The report from that workshop is documented in RFC 4948 [RFC4948]. Section 8.2 of RFC 4948 calls for "[t]ightening the security of the core routing infrastructure." Four main steps were identified for improving the security of the routing infrastructure. One of those steps was "securing the routing protocols' packets on the wire," also called the routing protocol transport. One mechanism for securing routing protocol transports is the use of per-packet cryptographic message authentication, providing both peer authentication and message integrity. Many different routing protocols exist and they employ a range of different transport subsystems. Therefore there must necessarily be various methods defined for applying cryptographic authentication to these varying protocols. Many routing protocols already have some method for accomplishing cryptographic message authentication. However, in many cases the existing methods are dated, vulnerable to attack, and/or employ cryptographic algorithms that have been deprecated. The "Keying and Authentication for Routing Protocols" (KARP) effort aims to overhaul and improve these mechanisms. This document has two main parts. The first describes the threat analysis for attacks against routing protocols' transports. The second enumerates the requirements for addressing the described threats. This document, along with the KARP Design Guide and KARP Framework documents, will be used by KARP design teams for specific protocol review and overhaul. This document reflects the input of both the IETF's Security Area and Routing Area in order to form a jointly agreed upon guidance.

Authors

Gregory M. Lebovitz

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)