Research And Analysis Of The Security Mechanism In OSPF

With the rapid development of Internet, the network size is increasing, and topology has also become more and more complex. It makes the dependence of network infrastructure increase substantially. Routing protocol is the core of Internet infrastructure. Under the provisions of the routing protocols, routing information is distributed and updated. Routers provide packet forwarding services according to the routing table that built by the collected and integrated routing information. If there is no correct routing information, the data transmitted in the network is facing the threat of inefficiency and failing.OSPF (Open Shortest Path First) routing protocol is a kind of interior gateway protocol, which has been supported and deployed as the most widely used intra-domain routing protocols by the major network equipment manufacturers. With the increasing emphasis on network security, routing protocols as the basis for network transmission is vitally important for network security. Although the design of OSPF provides security measures, there are also hidden troubles under the protocol mechanisms. In this paper, the standard OSPF routing protocol security mechanisms are analyzed. According to the analysis, security vulnerabilities that under the standard OSPF routing protocol's mechanism is proposed in the paper. And then, by using these security vulnerabilities, this paper gives the attack methods and explains how every type of OSPF protocol packet realize the attack. For different attack methods, there is different impact for the network. For the security vulnerabilities of standard OSPF routing protocol, this paper presents an improved OSPF routing protocol based on digital signature. By using digital signature mechanisms, Signature-based OSPF routing protocol improves the security of OSPF routing protocol effectively. But on the other hand, key management, key maintenance, and complexity of signature algorithm require higher system costs. This paper proposes optimized flooding algorithm to improve the performance. Firstly, by limiting the flooding of Network Summary LSA in the non-backbone network, area border routers keep listening to the service requests for the outside network, according to the requests only the corresponding Network Summary LSA is flooded; Secondly, by the introduction of the AS adjustable factors, the external routing information whose external path cost is further higher than its internal path cost is no longer flooded into the network, the packets accessing external network are directly forwarded to the AS boundary router. From these two aspects, the improved OSPF routing protocol based on digital signature Improved achieve the goal that lower computational complexity, lower storage overhead and lower bandwidth consumption.