TY - GEN
T1 - Securing the LISP map registration process
AU - Montero, D.
AU - Siddiqui, M. S.
AU - Serral-Gracia, R.
AU - Masip-Bruin, X.
AU - Yannuzzi, M.
PY - 2013
Y1 - 2013
N2 - The motivation behind the Locator/Identifier Separation Protocol (LISP) has shifted over time from routing scalability issues in the core Internet to a set of use cases for which LISP stands as a technology enabler. Among these are the mobility of physical and virtual appliances without breaking their TCP connections, seamless migration and fast deployments of IPv6, multihoming, and data-center applications. However, LISP was born without security, and therefore is susceptible to attacks in its control-plane. The IETF's LISP working group has recently started to work in this direction, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system. In this paper, we address this issue and propose a solution that counters the attacks. We have deployed LISP in a real testbed, and compared the performance of our proposal with current LISP implementations, in terms of both messaging and packet size overhead. Our preliminary results prove that our solution offers much higher security with minimum overhead.
AB - The motivation behind the Locator/Identifier Separation Protocol (LISP) has shifted over time from routing scalability issues in the core Internet to a set of use cases for which LISP stands as a technology enabler. Among these are the mobility of physical and virtual appliances without breaking their TCP connections, seamless migration and fast deployments of IPv6, multihoming, and data-center applications. However, LISP was born without security, and therefore is susceptible to attacks in its control-plane. The IETF's LISP working group has recently started to work in this direction, but the protocol still lacks end-to-end mechanisms for securing the overall registration process on the mapping system. In this paper, we address this issue and propose a solution that counters the attacks. We have deployed LISP in a real testbed, and compared the performance of our proposal with current LISP implementations, in terms of both messaging and packet size overhead. Our preliminary results prove that our solution offers much higher security with minimum overhead.
KW - Internet
KW - LISP
KW - Loc/ID split
KW - routing
KW - security
UR - https://www.scopus.com/pages/publications/84904112580
U2 - 10.1109/GLOCOM.2013.6831392
DO - 10.1109/GLOCOM.2013.6831392
M3 - Contribución a la conferencia
AN - SCOPUS:84904112580
SN - 9781479913534
SN - 9781479913534
T3 - Proceedings - IEEE Global Communications Conference, GLOBECOM
SP - 2145
EP - 2151
BT - 2013 IEEE Global Communications Conference, GLOBECOM 2013
T2 - 2013 IEEE Global Communications Conference, GLOBECOM 2013
Y2 - 9 December 2013 through 13 December 2013
ER -