A Trust OSPF Protocol Based On Trust Certificate Management

The existing OSPF protocol is widely used but there are many security flaws. An attacker could exploit some loopholes to forge a router or intrusion to a normal router for various attacks. In order to solve the above problems, this paper proposes a new trust OSPF protocol based on a trusted third party TMS. Each AS domain has a TMS as the trust management center, and TMS is responsible for maintaining trust certificates of all routers in the domain. Our solution also adds firewalls, vulnerability scanners, virus database and other safety equipment to each AS domain. These equipments could measure various network parameters required, as well as detect various attacks in a timely manner.TMS issues update trust certificate on a regular basis to all routers in the AS domain to maintain the trust level of routers in a certain period of time. This paper also introduces the concept of trust value. The trust values include the following:objective trust value, subjective trust value, integrated trust value, total trust value. These trust values represent the trust evaluation of the routers by the entities associated with these routers.Based on the above introduces, OSPF protocol was modified to trust OSPF as follows:adding the registration process of routers, adding new Hello packet with trust certificate, adding the judgment of the hello packet when receiving a neighbor’s hello packet and the process of handling the received hello packet with trust certificate, adding the calculation of the subjective trust value and the total trust value, adding the process of reporting the neighbors’subjective trust value to TMS, adding the transformation of total trust value to replace the cost in the original OSPF protocol and the metric field of the Router-LSA is filled with the cost after transformation.Recently a trust management system according to the above modification has been developed. The system includes a small AS domain with one TMS, an intrusion detection system, a vulnerability scanner, a firewall, a virus database and seven software routers based on Quagga. Through simulation, the trust OSPF protocol can effectively prevents illegal registration and attacks of routers after registration.