Securing the LISP map registration process

Abstract

The motivation behind the Locator/Identifier Separation Protocol (LISP) has shifted over time from routing scalability issues in the core Internet to a set of use cases for which LISP stands as a technology enabler. Among these are the mobility of physical and virtual appliances without breaking their TCP connections, seamless migration and fast deployments of IPv6, multihoming, and data-center applications. However, LISP was born without security, and therefore is susceptible to attacks in its control-plane. The IETF's LISP working group has recently started to work in this direction, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system. In this paper, we address this issue and propose a solution that counters the attacks. We have deployed LISP in a real testbed, and compared the performance of our proposal with current LISP implementations, in terms of both messaging and packet size overhead. Our preliminary results prove that our solution offers much higher security with minimum overhead.Atlant

    Similar works

    Full text

    thumbnail-image