SGT eXchange Protocol (SXP) is used to propagate Security Group Tag (SGT) information across the network devices. SXP connections are point-to-point and uses TCP as the underlying transport protocol with roles as Speaker, Listener or Both. There are techniques to provide message authentication, key-exchange, and integrity to the SXP connections. But, if the Speaker or Listener is compromised, i.e., it is no longer a trusted entity, which could create harm to the network by allowing "malicious Speaker to send the wrong IP-to-SGT binding to the valid Listener" or "valid Speaker to send the correct IP-to-SGT binding to the malicious Listener". Hence, SXP connection endpoints i.e., Speaker and Listener need to know whether the peer device is trustworthy or not before establishing connection. The techniques presented herein propose attestation method to SXP protocol messages for providing Proof of Integrity of SXP connection between devices.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
M M, NIRANJAN, "METHOD TO PROVIDE TRUSTWORTHINESS TO SGT EXCHANGE PROTOCOL", Technical Disclosure Commons, (March 17, 2022)