Mitigating Spoofing Attacks in MPLS-VPNs Using Label-Hopping

In certain models of inter-provider Multi-Protocol Label Switching (MPLS) based Virtual Private Networks (VPNs) spoofing attack against VPN sites is a key concern. For example, MPLS-based VPN inter-provider model “C” is not favoured, owing to security concerns in the dataplane, even though it can scale with respect to maintenance of routing state. Since, the inner labels associated with VPN sites are not encrypted during transmission, a man-in-the-middle attacker can spoof packets to a specific VPN site. In this paper, the authors propose a label-hopping technique which uses a set of randomized labels and a method for hopping amongst these labels using the payload of the packet.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Provided by:
IARIA
Topic:
Security
Format:
PDF