RFC 2154 (rfc2154) - Page 3 of 29
OSPF with Digital Signatures
Alternative Format: Original Text Document
RFC 2154 OSPF with Digital Signatures June 1997
The basic idea of this proposal is to add digital signatures to OSPF
LSA data, distribute certified router information and keys, and use a
neighbor-to-neighbor authentication algorithm (like keyed MD5) to
protect local protocol exchanges. The content of a Hello packet,
Link State Request, Link State Update, or Database Description will
be protected by the neighbor-to-neighbor algorithm. The LSAs that
are being flooded inside the Link State Update packets are
individually protected by a digital signature. Each LSA will be
signed by the originator of that information and the signature will
stay with the data in its travels via OSPF flooding. This will
provide end-to-end integrity and authentication for LSA data. The
digital signature attached to an LSA by the source router provides
assurance that the data comes from the advertising router. It will
also ensure that the data has not been modified by some other router
in the course of flooding. In the case where incorrect routing data
is originated by a faulty router, the signature will identify the
source of the problem.
Digital signatures are implemented using public key cryptography.
There are some good books on the subject of cryptography [6], but the
high level view of how this design uses public key cryptography is as
follows: Each router has a pair of keys, a public key and a private
key. The private key is used to generate a unique signature of a
block of data (in this case, the LSA). Each router signs its LSAs by
first running a one-way hash algorithm (like MD5 or SHA) on the data,
and then using its private key to sign the digest. The signature of
an LSA is appended to the LSA. The public key can be used by any
other router to verify the signature. The private key must be kept
secret by one router and the public key must be distributed to all
the routers that will receive link state information from the signer.
The distribution is accomplished by creating a new LSA, the Public
Key LSA (PKLSA), and distributing it via the standard OSPF flooding
procedure. Flooding will ensure that a router public key is sent
everywhere that the router's signed LSAs are sent.
Any router can send out a public key and claim to be a given router,
so the public key itself provides no assurance of the actual identity
of the sender. This assurance must be provided by a Trusted Entity.
The Trusted Entity (TE) is a system that generates certificates for
routers. A certificate is a packet of information about a router
that identifies the router and supplies a public key. Certified
router information will include the router id, its role, the address
ranges that the router may advertise, a timestamp and the router's
public key. The certificate is signed by the TE. Each router must be
configured with a certificate and a TE public key to use in verifying
other routers' certificates. A router PKLSA contains the certificate
for that router. A router receiving a PKLSA verifies the certificate
using the TE public key, and then verifies the whole LSA using the
Murphy, et. al. Experimental