Router authentication, key management, and adjacency management for securing inter-router control messages

To build secure network-based systems, it is important to ensure the authenticity and integrity of the inter-router control message exchanges. Authenticating neighbors and ensuring the legitimacy of the neighbor relationships is essential. Current manual keying methods used to secure router control messages are error prone, not scalable, and result in keys being changed infrequently (or not at all) due to lack of authorized personnel. We propose an automated key management system to automatically generate, distribute and update keys for a collection of ‘keying groups’, each of which is the subset of routers sharing the same key. The proposed protocol for key management ensures security in the form of authentication, integrity, confidentiality, protection against replay attacks, and robustness across reboots. It has been designed to handle a wide variety of keying groups. In addition, it makes provision for adjacency management. In this paper, we describe the threat model and security requirements for the key management system. Further, we explain in detail a formal validation that we have carried out in order to verify the security of the system. Thereby we clearly show how our design meets the requirements specified.