Distributed flow detection over multi-path sessions
Computer Communications
Hi-index | 0.00 |
MPLS network architecture does not protect the confidentiality of data transmitted. This paper proposes a mechanism to enhance the security in MPLS networks by using multi-path routing combined with a modified (k, n) Threshold Secret Sharing scheme. An IP packet entering MPLS ingress router can be partitioned into n shadow (share) packets, which are then assigned to maximally-node disjoint paths across the MPLS network. The egress router at the end will be able to reconstruct the original IP packet if it receives any k share packets. The attacker must therefore tap at least k paths to be able to reconstruct the original IP packet that is being transmitted, while receiving k-1 or less of share packets makes it hard or even impossible to reconstruct the original IP packet.