A data plane security model of SR-BE/TE based on zero-trust architecture

Facing the untrusted threats of network elements and PKI/CA faced by SR-BE/TE (Segment Routing-BE/TE) data plane in the zero-trust network environment, firstly, this paper refines it into eight specific security issues. Secondly, an SR-BE/TE data plane security model ZbSR (ZTA-based SR) based on zero-trust architecture is proposed, which reconstructs the original SR control plane into a "trust-agent" two-layer plane based on 4 components of the controller, agent, cryptographic center and information base. On one hand, we distinguish between the two segment list generation modes and proposes corresponding data exchange security algorithms, by introducing north–south security verification based on identity authentication, trust evaluation, and key agreement before the terminal device establishes an east–west access connection, so reliable data exchange between terminal devices can be realized. On the other hand, for the network audit lacking SR-BE/TE, a network audit security algorithm based on solid authentication is proposed. By auditing the fields, behaviors, loops, labels, paths, and SIDs of messages, threats such as stream path tampering, SID tampering, DoS attacks, and loop attacks can be effectively detected. Finally, through the simulation test, the proposed model can provide security protection for the SR data plane with a 19.3% average incremental delay overhead for various threat scenarios.

. SR native security mechanism. security mechanism Implementation method Threat against Source routing 2,11 The head node of the flow encapsulates the label stack to specify the flow path Malicious drainage Trust domain 2,11 Only the source route is used in the domain, and the source route information is cleared by setting the C-flag flag in SRH when the data packet leaves the domain Label leakage Package validation 2,11 RFC8754 stipulates that the optional TLV (Type-Length-Value) object field of SRH in SRv6 message carries HMAC TLV SRv6 data message tampering Load leveling 2,11 Anycast-SID will balance the traffic from a single node to multiple nodes Single point failure Fault detect 2,11 Local trigger (such as BFD(Bidirectional Forwarding Detection)), remote intra-domain trigger (IGP flooding), remote cross-domain trigger (updated by BGP-LS), end-to-end SR Policy survivability detection, explicit candidate path verification and dynamic candidate path recalculation -Failure recovery 2,11 TI-LFA (Topology-Independent Loop-free Alternate) node protection -Service hiding 2,11 Use the "mpls ip-ttl-propagation disable" command to hide the multi-hop MPLS network as a single-hop network, thus invalidating the traceroute command Traditional topology detection, inter-domain topology detection By binding the SR Policy of the specified domain to BSID, users outside the domain cannot obtain the topology within the domain based on the candidate path information Table 2. Main routing security mechanisms.

Security mechanism Examples
Identification inspection StackPi algorithm for judging the security of forwarding path based on check stack identification 12 ; SNAPP algorithm for verification by adding message integrity verification code (MIC) at sender and intermediate node 13 Node verification The ICING mechanism checks the received data packets by deploying authentication servers in each node of the network, but it brings high transmission overhead 14 ; OSP algorithm grants a certificate between the source and the router, and the intermediate node verifies the data packet according to the certificate, which improves the inspection efficiency but increases the management overhead 15 . RPKI uses digital signature and certificate to authenticate routing source, which can effectively prevent route hijacking 16 ; due to the limited deployment of RPKI infrastructure, Tomas and others put forward DISCO, which is based on distributed trust architecture to authenticate routing 17 Trusted hardware TrueNet mechanism deploys TCB(Trusted Computing Base) in each node of the network, and determines malicious links through multi-node security information negotiation 18 Centralization of control SDN architecture is usually adopted, such as VeriDP algorithm, which verifies whether the data is transmitted normally through control plane policy, thus improving the accuracy of network behavior detection 19 . DFL mechanism collects the verification information of nodes in the transmission path in a centralized way, but it is difficult to avoid a single point of failure 20 Collaborative filtering RISP uses RPKI to protect the inter-domain communication of source address, and completes traffic filtering through the cooperation of server, alliance center and AS border router 21 New technology Using blockchain to build a distributed trust framework can be used for inter-domain routing protocol to realize IP address prefix authentication 22

SR-BE/TE security model (ZbSR) based on ZTA
Based on the above analysis, the ZbSR security model proposed in this paper is mainly composed of trust plane, agent plane, and data plane, as shown in Fig. 2, in which the trust plane is composed of the controller (C), key center (K) and information base (D), which is connected to the data plane through agent plane, and whitelist access control is established between planes, which is responsible for centralized control, authentication and trust calculation of data plane devices, in which the controller is based on the expansion of the original SDN controller of SR architecture. The agent plane consists of agent (A) connected in series to each SR data plane device, responsible for providing security agency services such as encryption, auditing, and reporting. The data plane is composed of switching devices such as SR router (R) and terminal device such as host (H), which is responsible for generating data and transmitting traffic. The ZSR model is modeled with symbols and definitions in Table 1.

ZbSR model component function and modeling.
The function of the ZbSR model component is that the controller calls the key center (for managing keys) and the information base (for managing and storing identity information) to control the subordinate plane based on trust, and the agent provides security agency services for the data plane.
The controller (C). The controller consists of the original SDN controller and the trust engine expansion module. It is responsible for realizing access control, path delivery, and other functions based on authentication and trust calculation.
(1) Segment list issuing In SR-TE, a path is issued for the data plane by generating a Segment list, the Segment list SL is shown in formula (1).  31,32 in Software-Defined Perimeter (SDP) 33 , the trust engine of the controller performs identity authentication and trust evaluation on the devices in the domain, and then implements the minimum authorization 34 , and then the authentication and authorization results are handed over to the SDN controller, which issues control signaling. The access subject and object 5-tuple authorization information Credit is modeled as shown in formula (2), where Smac and Dmac represent the MAC addresses of the access device and the visited device respectively, SID and pSID represent the Prefix Node SID assigned by the access device and the visited device respectively, and P represents the access protocol.
According to the ZTA concept, the authorization mode can be divided into centralized authorization and separate authorization. Centralized authorization means that after authentication and trust evaluation are carried out on the network-connected devices, the list of accessible devices and protocols is granted in a centralized way in the form of an authorization list. As shown in formula (3), the authorization list contains 6 types of information, among which, D i , Cert i , t Certi , PK Di , P and K D (i) respectively represent the accessible device i, the access certificate of device I, the lease period of the access certificate of device i, the public key of device i, the access protocol and Separate authorization means that device A needs to verify authorization every time it accesses device B through the new protocol. At this time, the authorization information is shown by formula (5), including the access certificate of device B, the lease period of the access certificate of device B, the public key of device B, the access protocol, and the traffic encryption key. Compared with centralized authorization, separate authorization not only achieves fine-grained control but also brings more overhead. Therefore, this paper sets two authorization modes that can be switched as needed.
(3) Rules issuing Before the SR source node starts streaming according to the Segment list, the controller issues security rules for preventing path tampering to the agents of each node in the list, detailed in Section "Network audit security algorithm based on solid authentication".
(4) Device control The controller centrally controls all devices in the domain, centrally configures their Prefix-SID to prevent the attackers from tampering, and timely removes the failed devices from the list of available devices and recycles their SIDs; storing the suspected malicious device behavior found in the detection into the information base, disabling its access credentials and reporting to the network administrator when the negative feedback accumulation causes its trust to be lower than the threshold; provide the central working clock for each component of the system and provide a unified time reference.

(5) Keys scheduling
Through the agent plane of the controller, the key center is called to centrally distribute the traffic encryption key and other keys to the protocol peers that have been authorized successfully.

Key center.
The key center is used to centrally control the keys in the domain and prevent the potential safety hazard of key decentralized configuration 35 . It adopts the popular "symmetric password-asymmetric password" mixed encryption mechanism 36 , in which the fast symmetric password is used for traffic encryption/decryption, and the slow asymmetric password is used for key exchange and signature verification; because ZTA doesn't trust public PKI/CA, the key center is used as the private CA in the domain to issue digital certificates to the terminal devices in the domain 37 . The managed keys include traffic encryption key K D , key-encryption key KeK, its own public and private keys K pub and K pri , and the public and private keys R pub and R pri of each terminal device. All  Fig. 3.
Step1 K preallocates the public and private keys for all terminal devices, sends them through C, deposits them in A, and replaces them regularly; Step2 K allocates K D and KeK as needed for data exchange between H i and H j , which is issued by C, stored in A, and replaced regularly; Step3 A i and A j use the public and private keys of H i and H j to negotiate K D and KeK; Step4 H i and H j exchange data with K D and KeK.
Information base. The information base is used to store and manage device authentication information and protocol authorization information. The device authentication information is related to authentication information of the device itself, such as username/password, SID, router-mac, etc., 38 which is determined by the formula (6), and the protocol authorization information is related to the protocol authorization. Such as Whitelist of connection, routing protocol type P R , link Adjacency Adj ij , port number Interface, peer IP address IP p , etc., are determined by the formula (7), in which Adj ij is determined by the adjacency matrix of link, as shown in formula (8), which describes the adjacency of device, with 1 indicating adjacency and 0 indicating non-adjacency; the Whitelist of connections is determined by the formula (9), which specifies all permitted connections in the domain, and the information in the information base is dynamically updated with the change of network devices.
Agent. The agent is used to provide security agency service for data plane devices, and it is directly connected with each SR switching device 39 . There is no direct connection channel between agents, to prevent malicious nodes from bypassing trust plane supervision and direct communication. The agent mainly has 4 functions: key management, path report, log record, and behavior audit. Key management means that the agent provides key negotiation agent services for data plane devices; path report implies that after the SR head node generates the flow path, it needs to report the path to the controller through the agent for decision-making; logging refers to recording the behavior log of SR switching device to trace the malicious behavior; behavior audit refers to auditing the behavior of data plane devices together with the controller according to the network audit security algorithm in Section "Network audit security algorithm based on solid authentication".
Data exchange and network audit security algorithm of ZbSR model. To ensure the integrity, confidentiality, and availability of data in the SR domain, the ZSR model introduces five security mechanisms: packet authentication, data encryption, check and filtering, security audit, and trust renewal. To realize reliable east-west data exchange between switching devices, firstly, based on ZTA's security design of "first authentication, then connection", a UDP-based SPA (Single Packet Authorization) method is adopted to initiate pre-authentication to the trust plane, and the trust plane carries out the north-south security authentication based on identity authentication, trust evaluation, and key negotiation. Secondly, the terminal device realizes the encrypted traffic exchange by encrypting traffic with a key. Taking the separate authorization mode as an example, the simplified process of terminal H1 accessing H2 is shown in Fig. 4, implemented in two modes: Segment list generation by the network element and Segment list distribution by the controller.
(1) Mode for the network element to generate Segment list In this case, the data exchange process is shown in Fig. 5, and the pseudo-code of the process is shown in Algorithm 1.   if subalgorithmTE(R1) Th ≥ 11.
then C applies to K to allocate KD and KeK 12.
K allocates KD and KeK for C 13.
Establish a bidirectional encrypted connection between C and A1 //mTLS 5 can be adopted 14.
C  (2) Mode for the controller to issue Segment list In this case, the data exchange process is shown in Fig. 6, and the pseudo-code of the process is shown in Algorithm 2. The authentication sub-algorithm, trust evaluation sub-algorithm, and key negotiation sub-algorithm called by algorithms 1 and 2 are shown as subalgorithm IA , subalgorithm TE , and subalgorithm KN . In subalgorithm TE , trust renewal can be implemented for temporary trust granted based on security metrics, but this scheme has not been implemented in this paper due to limited research energy.  Network audit security algorithm based on solid authentication. Due to the lack of audit mechanism for threat representation in SR network, a network security audit algorithm is proposed based on ZTA's strategy of solid verification of all behaviors in the domain. The pseudo-code of related process is shown in algorithm 3. The audit content includes the following 6 aspects.
(1) Field audit: audit whether the TTL value of the packet header is legal and whether the outbound traffic of the domain egress router has removed the SRH. (2) Behavior audit: audit whether the rate of ICMP information generation reaches the threshold for enabling the ICMPv6 rate-limiting mechanism and whether the traffic which cannot find next-hop to be malicious. (3) Loop audit: if the label stack only uses Prefix-SID, then directly determine whether there is a loop according to the following subalgorithmLP; if the label stack contains Adjacency-SID, restore the network topology according to the label stack, and then determine the loop according to subalgorithmLP. (4) Label audit: audit the validity of SRGB labels, SRLB labels of specific border routers, and other external labels. (5) Path audit: audit whether the flow path has been tampered with by malicious intermediate nodes. As shown in Fig. 7, the controller issues a segment list {16,007} to node 3, and according to the list, issues security rules to all intermediate nodes (node 5 at this time) along the path: the top label of the received packet from the interface from node 3 to node 5 should be 16,007; otherwise, it is discarded. (6) SID audit: audit whether the SID of a flow path node has been tampered with by malicious intra-domain nodes; it can be divided into two steps. As shown in Fig. 8, the controller centrally configures the Prefix-SID, router-id of each device node, imports them into the information database in advance, and synchronizes them to each device node through LSA notifications. Each device node caches its own and other node SIDs to Label Manager (LM); in the first step, when each device node receives a new LSA notification, it will be audited and compared with the SID cached by the LM. It will be considered valid and received only if the matching is successful. If the matching fails, it will report an exception to the controller, then the controller determines whether there is an attack; the second step is to refer to LM and FIB (Forwarding Information dataBase) to audit whether the SID has been tampered with during streaming. If an unrecognized SID is found in the LM, it will be further matched in the information database. If the matching fails, it will be reported to the operator.    is divided into 6 parts, that is, controller cost, key center cost, information base cost, agent cost, encryption cost of terminal devices, and component synchronization cost. Because all kinds of security components run in parallel, in addition to the one-time hardware cost brought by the introduction of devices, the evaluation of system performance cost only needs to pay attention to the time delay item that has the most significant influence on streaming transmission. The related symbols and definitions are shown in Table 6. The first is the controller overhead. If the performance allows, controller can be deployed single, and it can also be deployed multiple to realize load balancing and disaster recovery. The cost is related to the number of devices N it controls, and the cost is associated with the number of streams N f when it issues paths and rules. When authenticating, the cost is related to N; when controlling the device, it is only performed when the device leaves the network, or malicious device is generated, and the occurrence probability is small and can be ignored; when scheduling the key, it is only issued to the nodes in communication after the key is updated, so the computational complexity of the controller overhead is O (N + N f ) . The second is the key center overhead. There is only one set in the SR domain, and the cost mainly comes from its regularly key updating, and its computational complexity is O N t × k2 µ . The third is the information base overhead. In-domain devices cache commonly used verification information to the local agent, and the information base only needs to import information when the topology is established, verify information when new users access the network, and update the information when devices change, so the overhead is negligible compared with the controller. The fourth is the agent overhead. The agent is used in every streaming for key management, path reporting, and logging, which is related to N i f ; in behavior audit, the time complexity of field audit is  www.nature.com/scientificreports/ encryption, it will take more time. The sixth is the component synchronization overhead. Usually, there is only one controller deployed in the domain, and the information between agents does not have to be identical, so only the key negotiation and authentication need to be synchronized. Here, the Raft state synchronization technology is implemented according to the flow information between devices, and the overhead is low and can be ignored. It can be seen that the security overhead of the ZbSR model is concentrated in 3 parts: controller, agent, and terminal device encryption. The security cost comparison between this model and other similar routing security models is shown in Table 7. It can be seen that compared with other models, the ZbSR model brings more hardware cost and time cost due to the introduction of new security components and security mechanisms, but this is necessary, and the reasons have been explained in Table 3.

Simulation test and analysis
Simulation settings. OpenDaylight open-source controller is installed based on KVM virtual machine in EVE-NG 3.0.1-16 PRO, and its function is programmed to realize ZbSR controller. Dedicated Linux virtual machine is used as agent. Because it is challenging to build private CA, information base, and encryption hardware, and it is not the focus of research, this paper adopts a simplified design and uses virtual machines based on X.509 protocol and DES encryption software to simulate key center. Virtual machine simulation information base based on MySQL database. Due to the lack of mature and comparable SR security models, the ZbSR model is compared with the SR Baseline model, the MFRA model, the SDN cross bitmap algorithm model 43 , and the DoS attack detection model based on C4.5 44 , among which the SR Baseline model has been introduced in Section "Coupling foundation of SR and ZTA basic function model". In the MFRA model, the multi-fault quick recovery and avoidance mechanism based on SR pre-deployment link ring backup is mainly applied, and the configuration of test objects is shown in Table 8. There are 4 security tests and 1 overhead tests: control plane message tampering, data plane loop attack, identity deception, and DoS attack. The simulation network topology is shown in Fig. 9, in which the components of the SR Baseline model and MFRA model are shown by the red box in the figure, that is, they include the SR native network composed of 5 Cisco xrv9k routers and 1 OpenDaylight controller based on KVM; ZbSR model, based on KVM, additionally set an information base, an expansion controller and a key center, and each router is connected with another KVM virtual machine as an agent. The control plane components and data plane topology of the SDN cross bitmap algorithm model and the DoS attack detection model based on C4.5, are consistent with the SR Baseline model, except that the data plane uses SDN switches.

Safety performance test and analysis.
Due to the lack of comprehensive SR security model facing multiple threats, 4 models are introduced here, namely SR Baseline model, MFRA model, SDN cross bitmap algorithm model and DoS attack detection model based on C4.5, which are respectively compared with ZbSR model proposed in this paper in different types of attack tests. The threat model is set as follows: the attacker will implement 4 kinds of attack based on different switching devices and terminals, which one is the message tampering, namely the attacker tamper with the control plane message of a switching equipment, through the routing protocol flooding mechanism or other ways. This attack will induce the original flow path changes, to test whether the ZbSR model, the SR Baseline model, and the SDN cross bitmap algorithm model can prevent this attack. The second is the routing-loop attack, that is, by pressing the specified MPLS label stack into the head node of the traffic, the loop attack packet is constructed, so that the traffic transmission path will generate   Fig. 10. At this time, the attacker tampered with the control plane message using routing protocol flooding mechanism, etc., set the Loopback 0 address of R4 device to the same 2.2.2.2/32 as R2 and set the link cost value between R1 and R4 to half of the link cost value between R1 and R2. At this time, because the SR Baseline model use none additional security mechanisms, the next-hop corresponding to R1 selection label 16,222 will prefer R4. As shown in Fig. 11, in this case, the traffic path has been tampered. However, According to the SID audit mechanism in the security audit algorithm, the ZbSR model finds that this tampering is a malicious operation and rejects the packet tampering, so  Identity deception. To simulate the real network scene, the Iperf tool is used to inject the background traffic with the ratio of normal traffic to malicious traffic of 3: 1. Let the Smac and SID in the Credit information correspond to the mac and Prefix Node SID of R5, the pSID corresponds to the Prefix Node SID of R1, R2, and R3, the traffic with P as OSPF/ISIS is normal traffic, and the others are malicious traffic. The precision rate and recall rate of malicious traffic (the probability of malicious traffic being detected and identified) can be obtained by statistics, as shown in Fig. 13. It can be seen that based on traffic characteristics, the ZbSR model can perform identity authentication according to the subalgorithm IA in Section "Data exchange security algorithm based on trust evaluation", identify and prevent identity deception attacks with high accuracy, and ensure the credibility of the identity of both communication parties. In contrast, the Baseline model and MFRA model can filter a small amount of malicious traffic thanks to SR native security mechanism.
DoS attack. As shown in Fig. 14, the horizontal axis is the network running time, and the vertical axis is the network processing capacity, which is measured by the retention rate of the source route generation rate (this value is 1 when the network is normal). DoS attack started at 20 s. It can be seen that after the network processing capability based on the ZbSR model is temporarily degraded, the network can locate the injection node of malicious traffic through trust estimation and traffic auditing, and recover the processing capability gradually by filtering the attack traffic. The processing ability of the Baseline model drops rapidly after malicious traffic is injected; in the MFRA model, the network processing capacity is temporarily restored because the backup link is enabled after the congested link is detected, but the backup link also quickly becomes congested. The recovery speed of DoS attack detection model based on C4.5 is faster than that of ZbSR model, because the former adopts mature machine learning algorithm to detect attack traffic. However, this model is similar to the SDN cross bitmap algorithm model, because it cannot resist other types of attacks, and its universality is limited. In    Fig. 15.  www.nature.com/scientificreports/ It can be seen that when software encryption is not turned on (ZbSR (unencrypted)), compared with the Baseline model and the MFRA model, the time delay of the ZbSR model increases by 18.2-22.7% (average incremental time delay is 19.3%) and 8.5-12.3% (average incremental time delay is 10.4%), respectively, and the proportion of time delay increased compared with MFRA model decreases with the number of nodes. After software encryption is turned on (ZbSR (encrypted)), the delay of the ZbSR model is further improved, which is 37.4-41.1% higher than that of encryption without it, which is consistent with the cost analysis in Section "ZbSR model security overhead". Considering that if the application layer of the SR network terminal device has a mature encryption mechanism, there is no need to enable the terminal device encryption of the ZbSR model, and the Baseline model and MFRA model will also significantly increase the delay after encryption is turned on, so the security cost of the ZbSR model is regarded as 19.3% of the average incremental delay compared with the Baseline model when encryption is not turned on. To reduce the security overhead of the model, we can consider introducing particular data encryption components to replace software encryption in the terminal device; besides, the ZbSR model should be configured on-demand to focus on auditing the backbone network nodes with a large degree of nodes or large flow.

Conclusion and future work
This article analyzes the untrustworthy security problems of network elements and PKI/CA in the zero-trust network environment of SR, and points out that it can be attributed to the untrustworthiness of SR data exchange and network audit functions, but there is no corresponding supporting security mechanism at present. Focusing on the application of ZTA in the SR-BE/TE network to improve its data plane security performance, this paper proposes a ZbSR data plane security model based on ZTA and the corresponding data exchange and network audit security algorithms. Through simulation test, the proposed model can provide various security protection for SR-BE/TE data plane, but also exposes its disadvantages of high-security cost. In the next step, we will focus  www.nature.com/scientificreports/ on the hardware design of security components, the improvement of the trust evaluation algorithm for trust renewal, and the incremental network attack surface introduced by the model.

Data availability
The data and algorithms in our graphs and tables only come from the research process itself, without using public data sets or publishing unavailable data.