ABSTRACT
Routers and routing protocols are critical parts of a network infrastructure. OSPF is one of the most important routing protocols, and therefore its vulnerabilities can be very destructive. This makes its security analysis critical. There are many reported and potential vulnerabilities in OSPF protocol. Considering the complexity and the ambiguity of its description in RFC 2328, it is very valuable to design a formal model of the protocol and analyze the vulnerabilities of its critical parts. In this paper, some challenging parts of OSPF protocol along with attack scenarios are modeled by means of Colored Petri Net in CPN Tools environment. Then, the reported vulnerabilities are analyzed by a behavioral property of Petri net, and the existence of the vulnerabilities is verified by the property checking. Moreover, a new potential vulnerability is presented and verified by both formal and experimental methods.
- J. Moy. OSPF Version 2. RFC 2328 (INTERNET STANDARD), Apr 1998.Google Scholar
- W. Feiyi and W. Felix. On the Vulnerabilities and Protection of OSPF Routing Protocol. In Proceedings of 7th International Conference on Computer Communications and Networks, pages 148--152, Louisiana, USA, 1998. Google ScholarDigital Library
- F. Wang. Vulnerability Analysis, Intrusion Prevention and Detection for Link State Routing Protocols. PhD thesis, North Carolina State University, Raleigh, NC, 2000. Google ScholarDigital Library
- M. Tadao. Petri nets: Properties, Analysis and Applications. Proceedings of the IEEE, 77(4): 541--580, 1989.Google Scholar
- K. Jensen and L. M. Kristensen. Coloured Petri Nets - Modelling and Validation of Concurrent Systems. Springer, 2009. Google ScholarDigital Library
- CPN Tools Home Page. http://www.cpntools.org/.Google Scholar
- J. Kurt, K. Lars Michael, and W. Lisa. Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems. International Journal on Software Tools for Technology Transfer, 9(3--4): 213--254, 2007. Google ScholarDigital Library
- K. Ishiguro. Quagga, a Routing Software Package for TCP/IP Networks. Technical report, Quagga Development Team, http://www.nongnu.org/quagga/, 2012.Google Scholar
- P. Biondi. Scapy: Explore the Net with New Eyes. Technical report, EADS Corporate Research Center, http://www.secdev.org, 2005.Google Scholar
- D. Obradovic. Formal Analysis of Routing Protocols. PhD thesis, University of Pennsylvania, Pennsylvania USA, 2000. Google ScholarDigital Library
- M. Saif Ur Rehman, S. Sudarshan K, K. Samee U, and W. Lizhe. A Methodology for OSPF Routing Protocol Verification. In 12th International Conference on Scalable Computing and Communications (ScalCom), China, 2012.Google Scholar
- A. Salah and K. Mustafa. Protocol Verification and Analysis using Colored Petri Nets. Technical report, DePaul University, Chicago USA, 2004.Google Scholar
- V. Brain, W. Feiyi, and W. S. Felix. An Experimental Study of Insider Attacks for OSPF Routing Protocol. In Proceedings of International Conference on Network Protocols, pages 293--300, Atlanta, USA, 1997. Google ScholarDigital Library
- G. Nakibly, A. Kirshon, D. Gonikman, and D. Boneh. Persistent OSPF Attacks. In Proceedings of the 19th Annual Network and Distributed System Security Symposium, San Diego, California, Feb 2012.Google Scholar
- S. Murphy, M. Badger, and B. Wellington. OSPF with Digital Signatures. RFC 2154, Jun 1997. Google ScholarDigital Library
Index Terms
- Verification of OSPF vulnerabilities by colored Petri net
Recommendations
An experimental study of insider attacks for OSPF routing protocol
ICNP '97: Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)It is critical to protect the network infrastructure (e.g., network routing and management protocols) against security intrusions, yet dealing with insider attacks are probably one of the most challenging research problems in network security. We study ...
Research of BPEL Modeling Technique Based on Colored Petri Net
ETCS '11: Proceedings of the 2011 Third International Workshop on Education Technology and Computer Science - Volume 01Web Services Business Process Execution Language (BPEL) modeling technique based on colored Petri net is proposed in this paper. Introduce a BPEL modeling principle based on colored Petri net, and a method of generating BPEL code from the colored Petri ...
Research of System Modeling and Verification Method Combine with UML Formalization Analysis and Colored Petri Net
IITA '09: Proceedings of the 2009 Third International Symposium on Intelligent Information Technology Application - Volume 03Because of complexity of CTCS-3 train control system, interworking testing and function evaluation could not be operated directly on the system, which means that deep research on modeling and simulation of train operation control system should be ...
Comments