| Routing is one of the network basic functional modules. The security of routing protocol was not considered when it was designed. Now, researches in routing security are focused on route source authentication and message authentication, paying little attention to the research on the establishment and authorization of specific routes, and the authentication of the routing path.This thesis analyses the Routing Information Protocol in depth. And based on it, a new scheme is proposed. By designing the algorithms in pre-processing stage, route establishment stage, trace table update stage and route trace-back stage, it can realize that the IP packets can be delivered by reliable routers. And the destination node is able to verify the route path and identify the attackers by authentication information.This thesis introduces the Pseudo Random Sequence into routing protocol. Routers can use shared security parameters to generate a 128-bits pseudo random sequence as the key of secure HMAC to validate the message integrity. In order to protect the routing information from being leaked, the scheme uses m-sequence fragment to encrypt the information in routing reply message. Moreover, all the IP address information on the route path is bound with the state of pseudo random sequence and the combined information is stored in the trace table of each router on this path.The thesis designs 3 kinds of new RIP messages and one data structure, including trace_update, trace_request, trace_reply and the trace table. Once the routing table is changed, trace table should be updated. In the tracing process, two modes are proposed.In mode 1, the destination node obtains the last hop’s address from the IP packet and sends trace request to it. After receiving its trace reply, the destination node keeps on sending trace requests until it traces to the source. What’s different in mode 2 is that the destination only needs to send one request, and other routers on the path would pass on the request and reply to the destination node at the same time.The IP packet header is changed by 33 bits to mark the information of local routers,by the methods in IP trace back, to realize the routing authentication. The destination node uses the marked information to acquire the last hop router’s IP address and initiate a route tracing authentication. The destination node can either obtain all the IP address on the route path hop by hop or identify the attackers’ addresses.The thesis designs the simulation model and realizes the Routing Information Protocol in NS-3 Simulator. Besides, the authentication algorithm is implemented in the RIP. Then the two kinds of packets are compared and analyzed using Wireshark.Moreover, the network data streams at different times are showed by using the animation tools and the reason for its distribution is illustrated. |
PDF Full Text Request