UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7474

Security Extension for OSPFv2 When Using Manual Key Management

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 April 2015
Status: active
Page Count: 14
scope:

The current OSPFv2 cryptographic authentication mechanism as defined in RFCs 2328 and 5709 is vulnerable to both inter-session and intrasession replay attacks when using manual keying. Additionally, the existing cryptographic authentication mechanism does not cover the IP header. This omission can be exploited to carry out various types of attacks.

This document defines changes to the authentication sequence number mechanism that will protect OSPFv2 from both inter-session and intrasession replay attacks when using manual keys for securing OSPFv2 protocol packets. Additionally, we also describe some changes in the cryptographic hash computation that will eliminate attacks resulting from OSPFv2 not protecting the IP header.

Document History

IETF RFC 7474
April 1, 2015
Security Extension for OSPFv2 When Using Manual Key Management
The current OSPFv2 cryptographic authentication mechanism as defined in RFCs 2328 and 5709 is vulnerable to both inter-session and intrasession replay attacks when using manual keying. Additionally,...

References

This document references:
FIPS PUB 198-1 - The Keyed-Hash Message Authentication Code (HMAC)
Published by NTIS on July 1, 2008
INTRODUCTION Providing a way to check the integrity of information transmitted over or stored in an unreliable medium is a prime necessity in the world of open computing and communications....
This document references:
IETF RFC 3414 - User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
Published by IETF on December 1, 2002
A description is not available for this item.
This document references:
IETF RFC 4822 - RIPv2 Cryptographic Authentication
Published by IETF on February 1, 2007
This note describes a revision to the RIPv2 Cryptographic Authentication mechanism originally specified in RFC 2082. This document obsoletes RFC 2082 and updates RFC 2453. This document adds details...
This document references:
IETF RFC 5310 - IS-IS Generic Cryptographic Authentication
Published by IETF on February 1, 2009
This document proposes an extension to Intermediate System to Intermediate System (IS-IS) to allow the use of any cryptographic authentication algorithm in addition to the already-documented...
This document is referenced by:
IETF RFC 7602 - IS-IS Extended Sequence Number TLV
Published by IETF on July 1, 2015
This document defines the Extended Sequence Number TLV to protect Intermediate System to Intermediate System (IS-IS) PDUs from replay attacks.
This document is referenced by:
IETF RFC 7777 - Advertising Node Administrative Tags in OSPF
Published by IETF on March 1, 2016
This document describes an extension to the OSPF protocol to add an optional operational capability that allows tagging and grouping of the nodes in an OSPF domain. This allows simplification, ease...
This document is referenced by:
IETF RFC 8444 - OSPFv2 Extensions for Bit Index Explicit Replication (BIER)
Published by IETF on November 1, 2018
Bit Index Explicit Replication (BIER) is an architecture that provides optimal multicast forwarding through a "BIER domain" without requiring intermediate routers to maintain multicast-related, per-...
This document is referenced by:
IETF RFC 8476 - Signaling Maximum SID Depth (MSD) Using OSPF
Published by IETF on December 1, 2018
This document defines a way for an Open Shortest Path First (OSPF) router to advertise multiple types of supported Maximum SID Depths (MSDs) at node and/or link granularity. Such advertisements allow...
This document is referenced by:
IETF RFC 8510 - OSPF Link-Local Signaling (LLS) Extensions for Local Interface ID Advertisement
Published by IETF on January 1, 2019
Every OSPF interface is assigned an Interface ID that uniquely identifies the interface on the router. In some cases, it is useful to know the assigned Interface ID on the remote side of the...
This document supersedes:
RFC 2328 - OSPF Version 2
Published by IETF on April 1, 1998
A description is not available for this item.
This document supersedes:
RFC 2328 - OSPF Version 2
Published by IETF on April 1, 1998
A description is not available for this item.
View Less
View All
Advertisement