Authentication for TCP-based routing and management protocols

摘要

A new Transmission Control Protocol (TCP) Enhanced Authentication Option is described. An administrator configures sending and receiving devices to maintain lists of authentication elements for each protected TCP connection. Each authentication element includes an authentication element identifier, a key, a hash algorithm, and a start time. A sending device calculates a security portion, updates the new TCP option to include the security portion, calculates a checksum, and forwards the TCP segment to the receiving device. Having received the authenticated TCP segment, the receiving device scans its list of authentication elements, searching for an authentication element whose identifier matches that of the incoming TCP option. If the receiving device finds such an authentication element, the receiving device uses a key from the authentication element to calculate a security portion. If the calculated security portion matches the security portion received in the incoming TCP segment, the receiving device accepts the segment.