The invention relates to keyed authentication rollover for routers.
Large networks such as the Internet can be organized into smaller networks connected by special purpose gateways known as routers. Hosts and routers, for example, are presented with Internet Protocol (IP) datagrams addressed to a particular host. Routing is a technique by which the host or router decides where to send the datagram.
Various routing protocols are available to supply the information required to perform the routing. For example, Routing Information Protocol (RIP) routers can exchange topology information with one another. The topology information defines ways to traverse through networks. Other devices, such as servers and workstations, may be connected to the network.
In general, it is important to reduce the likelihood that false protocol messages will be received and processed by the routers. Routers can use various techniques to protect themselves against such attacks. Exemplary algorithms include Message Digest version 4 (MD4) or version 5 (MD5) algorithms which use encryption-specific one-way hash functions. According to the MD5 algorithm, for example, the routers store a secret key that is used to calculate a message digest of the routing information placed in each packet. Further details of the MD4 and MD5 algorithms are described in (1) R. Rivest, “The MD5 Message-Digest Algorithm,” MIT Laboratory for Computer Science and RSA Data Security, Inc., Network Working Group, Request for Comments, RFC 1321 (April 1992) and (2) R. Rivest, “The MD4 Message-Digest Algorithm,” MIT Laboratory for Computer Science and RSA Data Security, Inc., Network Working Group Request for Comments, RFC 1320 (April 1992).
To increase security, it is desirable to change the keys periodically. However, it is important that the routers pass information without interruption even if neighboring routers are not simultaneously configured with the new key.