Abstract:
The ARPANET (which evolved into internet) was initially developed to provide data communication services. With growth of network and increase in its application voice , video and real time data transfer services evolved. In order to support these enhanced IP services, IP networks must be capable of providing specific quality of service (OoS) and traffic segregation capabilities. The need to provide different levels of service along with VPNs via a connectionless IP network has given rise to an IP switching technology called Multiprotocol Label Switching (MPLS). As Multiprotocol Label Switching (MPLS) IS becoming a more widespread technology for providing virtual private network (VPN) services, MPLS architecture security is of increasing concern to service providers (SPs) and VPN customers. The MPLS labeling hides the real IP address and other aspects of the packet stream, it provides data protection at least as secure as other Layer 2 technologies, including frame relay and ATIVl. Indeed , MPLS-based isolation of packet streams can be viewed as the WAN equivalent to virtual LANs. MPLS without encryption and authentication doesn't provide the same level of security as IPSec-based VPNs using Triple-DES encryption .
Motivated by the security requirement of emerging MPLS-VPN technology, the research work documented in this thesis explores the various types of attacks on MPLS based VPNs. It also describes different types of attackers and attack scenarios. After a comprehensive study of existing secure Layer 3 VPN model i.e. IPSec, a mechanism for end to end authentication of MPLS is given, using digital signatures.The proposed mechanism not only provides end to end authentication but also secures Label Switch Path.
