Security issues in PIM-SM link-local messages

Abstract

In the present Internet draft (ID) of protocol independent multicast-sparse mode (PIM-SM), the IPsec authentication header (AH) protocol without anti-replay mechanism has been proposed to protect the link-local messages. This compromise makes PIM-SM vulnerable to denial of service (DoS) attack. Moreover, in this ID, the security association lookup and the required number of security associations are erroneous. A new proposal is presented to protect PIM link-local messages while activating the anti-replay mechanism. The security association lookup method has also been modified. Finally, this proposal has been formally validated using SPIN.