Browse Prior Art Database

Secure MPLS Fast Re-authentication for LSP Setup

IP.com Disclosure Number: IPCOM000145157D
Original Publication Date: 2007-Jan-09
Included in the Prior Art Database: 2007-Jan-09
Document File: 5 page(s) / 379K

Publishing Venue

Motorola

Related People

Chiew Seng Sean, Tan: AUTHOR

Abstract

This paper describes the process for secure fast re-authentication during new LSP setup for MPLS routers/switches. This process is also applicable for performing fast re-authentication on network without AAA and HLR/HSS servers, or deployment as secondary (backup) re-authentication system. A novel Dynamic Label Searching Mechanism is described for efficient searching and provisioning of paths for new LSP setup. Network Security Analyzer is also introduced as security feature to distribute digitally signed packets and to eliminate malicious path in the LSP tables.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 29% of the total text.

Secure MPLS Fast Re-authentication for LSP Setup

By Chiew Seng Sean, Tan

 

ABSTRACT

This paper describes the process for secure fast re-authentication during new LSP setup for MPLS routers/switches. This process is also applicable for performing fast re-authentication on network without AAA and HLR/HSS servers, or deployment as secondary (backup) re-authentication system. A novel Dynamic Label Searching Mechanism is described for efficient searching and provisioning of paths for new LSP setup. Network Security Analyzer is also introduced as security feature to distribute digitally signed packets and to eliminate malicious path in the LSP tables. 

PROBLEM

Presently, there are no framework and protocol to address the fast re-authentication and security issue for MPLS routers/switches, MotoMESH/MEA products, non SIM/Smartcard-based devices and the like.

Although the concept of fast re-authentication has been used currently in mobile handover, UMA version for fast re-authentication [1, 2] utilizes EAP-SIM/EAP-AKA both requiring AAA and HLR/HSS servers. Also, the lack of Secure Association establishment for MPLS session necessitates the security protection and authentication for a trusted network.

SOLUTION

MPLS fast re-authentication during LSP setup is intended for demanding mobile broadband users and Mobile Stations (MS) that have high mobility with no fixed infrastructure on the networks or “Zero Infrastructure” networks. (See figure 1). The MS is able to connect to any MPLS LER and establish a VPN connection.

Figure 1 Overview of Secure MPLS Fast Re-authentication

 The MS include mobile handsets (not limited to GSM, CDMA, UMTS, UMA, etc), PDAs, laptops and the like. To overcome the dependency of AAA and HLR/HSS servers, the MPLS fast re-authentication utilizes the MAC address value, instead of the session/symmetric key value from SIM. The MAC addresses of authenticated devices are provisioned into the Global MAC Database. Since the MPLS fast re-authentication setup is different from mobile re-authentication, it can be deployed as secondary (backup) fast re-authentication system.

One advantage of MPLS fast re-authentication is reduction of time and network traffic from frequent authentication process for connected MPLS session by re-using their identities and identity management.

Another advantage of the MPLS fast re-authentication is the anticipation for highly survival connection for MS roving across different wireless areas. The LSP shall be duplicated to the nearest proximity or adjacent MPLS nodes to ensure High Availability as well as fast re-authentication when required.  As MS move back in the same or adjacent wireless area, fast re-authentication will ensure that high

SLA

and QoS level are guaranteed, without disruption to real-time packet routing/streaming.

Introducing fast re-authentication to M...