In order to communicate on the Internet at all, we must find a way to each other. I am not talking here about the path that ensures the perception of thoughts by the other party, although this is also a demanding discipline. I mean the path that ensures the delivery of packets or messages. This is based on routing algorithms that map the Internet. Or at least its immediate surroundings. Thanks to this, it is the routing protocols that govern the Internet. But their protection is currently dismal.
However, the above overview describes the principles, not the protection of the trustworthiness of the transmitted data. Therefore, the following table provides an overview of the authentication mechanisms that are used to verify the sender of this information.
| Protocol | IPv4 | IPv6 | OSI Layer | Authentization | Integrity | Comments and RFC |
| RIP v1 | Yes | No | L3 | N/A | No | RFC 1058 |
| RIP v2 | Yes | No | L3 | MD5 / plaintext | MD5 | RFC 2453, RFC 2082 |
| RIPng | No | Yes | L3 | Optional IPSec | No without IPSec | RFC 2080 |
| OSPFv2 | Yes | No | L3 | MD5 / password | MD5,HMAC-SHA | RFC 2328 |
| OSPFv3 | Yes | Yes | L3 | IPsec (ESP/AH) | IPSec | RFC 5340 |
| IS-IS | Yes | Yes | L2/L3 (CLNS) | HMAC | HMAC-SHA | RFC 1195, RFC 5304, RFC 5310 |
| IGRP | Yes | No | L3 | N/A | No | Cisco proprietary, replaced by EIGRP |
| EIGRP | Yes | Yes | L3 | MD5 / HMAC-SHA | MD5,HMAC-SHA | RFC 7868 |
| EGP | Yes | No | L3/L4 | None | No | RFC 904, replaced by BGP |
| BGP | Yes | Yes | L4 (over L3) | TCP-MD5 / TCP-AO | TCP MD5, TCP-AO | RFC 4271, RFC 2385, RFC 5925 |
| eBGP (BGP) | Yes | Yes | L4 (over L3) | TCP MD5, TCP-AO | TCP MD5, TCP-AO | RFC 4271, RFC 2385, RFC 5925, between autonomous systems |
| iBGP (BGP) | Yes | Yes | L4 (over L3) | TCP MD5, TCP-AO | TCP MD5, TCP-AO | RFC 4271, inside one autonomous system |
| mBGP/MP-BGP (BGP) | Yes | Yes | L4 (over L3) | TCP MD5, TCP-AO | TCP MD5, TCP-AO | RFC 4760, supported multiple AFI/SAFI (IPv4, IPv6, VPN, multicast aka MBGP) |
| MBGP (BGP) | Yes | Yes | L4 (over L3) | TCP MD5, TCP-AO | TCP MD5, TCP-AO | Variant of MP-BGP for multicast |
| HSRP v1 | Yes | No | L3 | Password | No | Cisco proprietary |
| HSRP v2 | Yes | Yes | L3 | MD5 (vendor dependent) | MD5 | Cisco proprietary |
| VRRP v2 | Yes | No | L3 | Plaintext / IPsec | No | RFC 3768 |
| VRRP v3 | Yes | Yes | L3 | Recommended IPSec | Recommended IPSec | RFC 5798 |
| GLBP | Yes | No | L3 | MD5 | MD5 | Cisco proprietary |
This table shows that most protocols for routing communication use the MD5 algorithm (broken in 2005), or have no protection at all. The use of HMAC-SHA, TCP-AO or IPSec is relatively rare, so it is necessary to ensure the deployment of at least basic control mechanisms at the firewall level. It is even worse with integrity control.
The following paragraphs discuss individual methods of verifying authentication mechanisms and possible comments on these technologies.
Relying on the trustworthiness of the counterparty without any evidence. No further
comments are possible.
The plaintext option is the simplest possible way of protection. The password is part of
the transmission and both sides must have the same password. Unfortunately, due to the transmission
of the password in an open form, the password is available to any user with the ability to monitor
the traffic.
The password method is usually (but not always) different from plaintext. Password control can
take various forms and some algorithms within the password method also offer the exchange
of plaintext information. In other cases, a simple form of authentication is used, where a hash
of the packet content is created, supplemented with a password. A typical example is OSPFv2. In the case
of authentication using the password option, the biggest problem is probably trust in outdated
and broken functions. In the case of MD5, it is relatively easy to find collisions that allow
falsification of routing tables. At the same time, they only provide the illusion of security.
The possible use of HMAC-MD5 will make the possibility of collision detection more difficult,
but will not completely eliminate it.
Probably the best-known and oldest method of authentication is the use of the MD5 function. Unfortunately,
this is the most complex description, which varies by protocol. The original, early forms of authentication
using password hashing have been overcome. This was followed by the use of the password as a key for
integrity checking, and before MD5 was broken, the use of HMAC. When mentioning authentication using MD5,
it is difficult to determine which method was used. Due to these inconsistencies, but mainly for security
reasons, this algorithm should no longer be used at all.
Authenticator=MD5(Password)
MAC=MD5(Password||Content)
MD5 was a valid protocol at the time of its creation, and the effort to standardize its use corresponds
to this. The algorithm does not transmit the password, but the password is used as part of an integrity check.
Although the recipient does not know whether the password is incorrect or the data content has been
compromised, the information is considered corrupted and must not be used.
MAC Algorithms:
MD5 hashes specific content and password. It does not use HMAC access, but a simple MAC. The key
is appended to the end of the text. This approach is considered outdated and risky.
Authenticator=MD5(Source IP||Destination IP|| zero padded protocol number|| segment length|| TCP header|| TCP segment data|| password)
The breaking of the MD5 function and the development of other hash functions, together with the standardization of AES, led to the use of significantly more secure methods. An example is the use of functions based on SHA2, or the use of AES. Unfortunately, for AES, there is a limitation given by the transition to PQC, which requires at least a 192b encryption key, while this algorithm only accepts 128b encryption keys.
Baseline AlgorithmsKey Derivation Functions (KDFs):
Authentication using IPSec mainly uses the use of the AH header (Authentication Header). In this case, the ability of the protocol to create a checksum of the message is used, where the key for this checksum is the password itself. That is, there is no encryption, only the ability of IPSec to delay transmission is used. Alternatively, it is possible to encrypt the entire content in order to ensure not only integrity, but also confidentiality. The advantage in this case is the use of IPSec, which provides protection and at the same time separates the individual layers from each other.
OSPF protocol version 2 came with the concept of choosing the protection of routing information
transmission. The following possible settings are part of the protocol:
| Authentication | RFC | Protection | Comments |
| None (null) | RFC 2328 | None | No passwords used |
| Plaintext | RFC 2328 | Low | Sent in the clear; protects only against accidental misconfiguration |
| Keyed-MD5 | RFC 2328 | Medium | Traditional cryptographic digest. Largely deprecated in favor of SHA.
|
| HMAC-SHA | RFC 5709 | High | Prevents unauthorized adjacencies.
|
The OSPFv3 routing protocol uses a similar protection control principle as OSPFv2, but uses the IPSec protocol for these purposes.
| Authentication | RFC | Protection | Comments |
| No security | RFC 5340 | None | IP Header||OSPFv3 Header + Data |
| Authentication only | RFC 5340 | Based on algorithm | IP Header||AH Header (Signature)||OSPFv3 Header||Data (Visible) |
| Encryption + Authentication | RFC 5340 | Based on algorithm | IP Header||ESP Header||Encrypted OSPFv3 Header||Data||ESP Tail/Auth |
A specific feature of the BGP protocol is the possibility of authentication thanks to rPKI, which is often explained as authentication based on PKI. Unfortunately, this is not true. So what is the relationship between rPKI and mutual authentication?
The own rPKI (Resource PKI, RFC 6810) is used for authentication of routing information. More precisely, it allows IP address owners to publicly declare which autonomous system (AS) is authorized to advertise their network range to the Internet using the routing protocol. The declaration of these permissions is completely different from the authentication of counterparts and has a different purpose. The goal of rPKI is to provide verification of the authorization to publish this information. The actual publication is then provided by the AS (Autonomous System) within which the specified range is used.
The own authentication of counterparts is then provided by other protocols. It occurs both at the very beginning and throughout the duration of the BGP session. The role of TCP-MD5 or TCP-AO authentication. The verification occurs when the TCP handshake (SYN, SYN-ACK, ACK) is established and then for each sent TCP segment. If a router receives a BGP packet whose MD5/AO signature does not match, the TCP layer immediately discards it and the BGP process does not know about it at all. The fact that you are talking to the correct, authorized neighbor (peer) is authenticated here.
In short, while rPKI allows you to verify that the advertised route on the Internet belongs to the correct owner, TCP-MD5 or TCP-AO ensures that the messages themselves with this routing information, transmitted in BGP, have not been forged or modified by anyone along the way. Unfortunately, in the case of TCP-MD5, this evidence is weak and the MD5 algorithm should no longer be used.
Routing algorithms currently do not use current protection methods. A large number of algorithms, operating without protection or with protection using plaintext passwords or MD5, do not contribute to the high trustworthiness of these basic services. Ensuring confidentiality, integrity and authenticity of data is usually weak here, which creates a lot of room for attackers. A partial solution is to consistently assign permissions using ACLs so that they at least partially limit where the router can receive information from. It is also advisable to switch to modern protocols where this is at least somewhat possible. Unfortunately, in addition to security problems, routing algorithms also have their own technological problems. The mutual influence of network architecture and protocol options can limit the options for choosing when designing the network structure.
1. Introductory Provisions
1.1. These General Terms and Conditions are, unless otherwise agreed in writing in the contract, an integral part of all contracts relating to training organised or provided by the trainer, Jan Dušátko, IČ 434 797 66, DIČ 7208253041, with location Pod Harfou 938/58, Praha 9 (next as a „lector“).2. Creation of a contract by signing up for a course
2.1. Application means unilateral action of the client addressed to the trainer through a data box with identification euxesuf, e-mailu with address register@cryptosession.cz or register@cryptosession.info, internet pages cryptosession.cz, cryptosession.info or contact phone +420 602 427 840.3. Termination of the contract by cancellation of the application
3.1. The application may be cancelled by the ordering party via e-mail or via a data mailbox.4. Price and payment terms
4.1. By sending the application, the ordering party accepts the contract price (hereinafter referred to as the participation fee) indicated for the course.5. Training conditions
5.1. The trainer is obliged to inform the client 14 days in advance of the location and time of the training, including the start and end dates of the daily programme.6. Complaints
6.1. If the participant is grossly dissatisfied with the course, the trainer is informed of this information.7. Copyright of the provided materials
7.1. The training materials provided by the trainer in the course of the training meet the characteristics of a copyrighted work in accordance with Czech Act No 121/2000 Coll.8. Liability
8.1. The trainer does not assume responsibility for any shortcomings in the services of any third party that he uses in the training.9. Validity of the Terms
9.1 These General Terms and Conditions shall be valid and effective from 1 October 2024.Consent to the collection and processing of personal data
According to Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "the Regulation"), the processor xxx (hereinafter referred to as "the Controller") processes personal data. Individual personal data that are part of the processing during specific activities at this web presentation and in the course of trade are also broken down.Information about the records of access to the web presentation
This website does not collect any cookies. The site does not use any analytical scripts of third parties (social networks, cloud providers). For these reasons, an option is also offered for displaying the map in the form of a link, where the primary source is OpenStreet and alternatives then the frequently used Maps of Seznam, a.s., or Google Maps of Google LLC Inc. The use of any of these sources is entirely at the discretion of the users of this site. The administrator is not responsible for the collection of data carried out by these companies, does not provide them with data about users and does not cooperate on the collection of data.Information about contacting the operator of the site
The form for contacting the operator of the site (administrator) contains the following personal data: name, surname, e-mail. These data are intended only for this communication, corresponding to the address of the user and are kept for the time necessary to fulfil the purpose, up to a maximum of one year, unless the user determines otherwise.Information about the order form
In case of an interest in the order form, the form contains more data, i.e. name, surname, e-mail and contact details for the organisation. These data are intended only for this communication, corresponding to the address of the user and are kept for one year, unless the user determines otherwise. In the event that a business relationship is concluded on the basis of this order, only the information required by Czech law on the basis of business relations (company name and address, bank account number, type of course and its price) will continue to be kept by the administrator.Information about the course completion document
Within the course, a course completion document is issued by the processor. This document contains the following data: student's name and surname, the name and date of the course completion and the employer's name. The information is subsequently used for the creation of a linear hash tree (non-modifiable record). This database contains only information about the provided names and company names, which may or may not correspond to reality and is maintained by the processor for possible re-issuance or verification of the document's issuance.Rights of the personal data subject
The customer or visitor of this website has the possibility to request information about the processing of personal data, the right to request access to personal data, or the right to request the correction or deletion of any data held about him. In the case of deletion, this requirement cannot be fulfilled only if it is not data strictly necessary in the course of business. The customer or visitor of this website also has the right to obtain explanations regarding the processing of his personal data if he finds out or believes that the processing is carried out in violation of the protection of his private and personal life or in violation of applicable legislation, and the right to request removal of the resulting situation and to ensure the correction.