PKI-enabled OSPFv3 for Reliable IP Traceback
In investigations for incidents, it is important to identify a user or a router from source IP addresses. However, in OSPFv3, each router only performs message authentication with pre-sharing key for security. Therefore, each router can claim arbitrary IP prefixes. This point makes difficult to associate a prefix with a router with some authorization. In this paper, we propose a new method that enables reliable IP traceback in OSPFv3 networks. Our proposal is to construct PKI on OSPFv3 and to associate each router with prefixes by the router’s certificate. This proposal makes possible to identify the source of a packet from its source IP address directly. In this paper, we implement our proposal and confirm it can associate a router to prefixes.
- There are currently no refbacks.