| Routing security includes two aspects, the security of router itself and the security of routing protocol. Due to the lack of authentication in routing protocol, bogus routers can easily take various attacks into reality through dropping, modify or replay routing messages, which can cause great damage to the routing security.Nevertheless, routing authentication can greatly improve the routing security by using authentication for the routing messages and the routers to transmit the datagram. Thus, routing authentication technology has significant research values. This thesis researches on the nodes chain authentication technology based on the SEND protocol proposed in RFC 3971. The main contributions of this thesis are summarized as follows.A new concept of routing authentication is proposed by analyzing the existing method of routing authentication. Three stages of secure routing authentication algorithm is designed, including the pre-authentication stage, the communication path establishment stage and the back-tracing validation stage, for datagram to be transferred by trusted routers. The communication receiving end nodes can also verify the routers which have transferred the datagram earlier before independently without a third party, and obtain the information of routers on the communication path in order to decide whether an illegal node has joined the communication path.A novel one-turn challenge and response mechanism is proposed by adding corresponding routing authentication operation to the neighbor solicitation and advertisement process of SEND. All the IP addresses of routers on the communication path are binded with the state transition structure of pseudo-random sequence by recording the sequence information at each router on the path. An authenticated nodes chain is formed in this way and the routing authentication algorithm of the communication path establishment stage is build.Another two turns of challenge and response are proposed in the authentication algorithm for the back-tracing validation stage. It starts from the communication receiving node. Each router can obtain the IP address of its last hop in turn by reading the binding information inside. Hop by hop, we get all the IP addresses of the routers on the communication path until reaching the communication sending node.The simulation model of the communication path establishment stage is established to simulate the process of the routing authentication by using the NS-3 network simulator. The routing message is analyszed as well by using wireshark. The simulation outcomes of the original SEND and the new protocol are compared to calculate the extra time delay causing by the authentication.To draw a conclusion, the routing authentication algorithm proposed by this thesis can achieve the goal which has been set up at the beginning. |
PDF Full Text Request