摘要
该文在为了增强边界网关协议的安全性研究中,选择在边界网关协议中应用公钥基础设施技术,利用X.509v3证书的扩展域,这一扩展域提供了一种动态灵活的方法,用来解释与证书用户相关的动态属性,并应用这个扩展域来描述IP地址和AS号,建立基于自治域号和IP地址的公开密钥证书机制,从而确认对等体的真实性,并对消息的所有权进行验证,以保障网络的安全。
The border gateway protocol( BGP), is vulnerable to a variety of malicious attacks, due to lack of a secure means of verifying the authenticity and legitimacy of BGP control traffic. By a new BGP path attribute containing "attestations", and a public key infrastructure (PKI) for verifying ownership of AS numbers and portions of the IP address space. This PKI embodies a number of unique features designed to support S - BGP security requirements and to facilitate automated access control management for the certificate and CRL repository used with S - BGP
出处
《杭州电子科技大学学报(自然科学版)》
2005年第6期75-77,共3页
Journal of Hangzhou Dianzi University:Natural Sciences
