Title :
Securing the Nimrod routing architecture
Author :
Sirois, Karen E. ; Kent, Stephen T.
Author_Institution :
BBN Corp., Cambridge, MA, USA
Abstract :
This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal
Keywords :
protocols; security of data; telecommunication network reliability; telecommunication network routing; telecommunication traffic; Nimrod routing architecture; attack scenarios; communication availability security; countermeasures; hybrid approach; network subscribers; protocol; routing system; security requirements; sequence integrity mechanisms; shared secret establishment; subscriber traffic protection; top-down requirements generation; Algorithm design and analysis; Bandwidth; Communication system traffic control; Computer crime; Control systems; Degradation; Delay; Protection; Routing; Security;
Conference_Titel :
Network and Distributed System Security, 1997. Proceedings., 1997 Symposium on
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-7767-8
DOI :
10.1109/NDSS.1997.579223
