期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

域间路径的一种安全宣告和撤销方法 被引量:2

Method for Securing the Announcements and Withdrawals of Inter-domain Routes
下载PDF
导出
摘要 目前得到广泛认可的域间路由安全机制(例如S-BGP)不能鉴别某条路由通告是正常的域间路径宣告,还是对于已撤销路径的恶意重放.这种情况会严重威胁域间路由安全.分析这种安全漏洞并提出相应的弥补方法.该方法为路由通告加上序列号,融合了带有消息恢复功能的自证明签名方案,能够在不增加计算量的情况下防止序列号被篡改.在发言人路由器接收验证路由通告以及撤销消息时,该方法通过这些序列号的缓存和对比判断机制,防范前面所述的重放攻击,为域间路径的安全宣告和撤销提供保障,同时在不需要密钥托管的情况下消除了繁重的证书存储和管理任务. Most of current existing schemes for securing inter-domain muting whose security is popularly accepted, eg. S-BGP, can not distinguish whether an update message is a regular update message for announcing route (s) or malicious replay for route (s) which have been withdrawn before. This security hole can pose serious threat to the Internet security about the inter-domain routing. In this paper, we analYSe this hole in detail, and present a method for remedying it. In this presented method, we introduce a se- quence number for every update message, and fuse a digital self-certified signature scheme with message recovery. This presented method can prevent the sequence number from being tampered without introducing extra burden of computation. When the speaker router of an autonomous system receives an update message for announcing or withdrawing route ( s), it can prevent this kind of re- play attack by its mechanisms about caching, comparing and judging these sequence numbers, so as to achieve a scheme for securing the announcements and withdrawals of inter-domain routes at the same time the heavy tasks of certificate storage and management are eliminated without introducing key escrow.
作者 杨波
机构地区 江西财经大学信息管理学院 江西省电子商务工程技术研制中心
出处 《小型微型计算机系统》 CSCD 北大核心 2012年第2期357-364,共8页 Journal of Chinese Computer Systems
基金 国家自然科学基金项目(10961013 A010206)资助 江西省研究生创新基金项目(YC10A078)资助 江西省自然科学基金项目(2010GQS0048)资助 江西省教育厅科技项目(GJJ11418)资助
关键词 域间路由 路径撤销 安全漏洞 重放攻击 序列号 inter-domain routing route withdrawals seeurtity hole replay attack sequence number
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献20

  • 1Boneh D, Gentry C, Lynn B, et al. Aggregate and verifiably en- crypted signatures from bilinear maps [ C]. In E. Biham, editor, Proceedings of Eurocrypt 2003, 2656:416-32.
  • 2Rekhter Y, Li T, Hares S. A border gateway protocol 4 (BGP-4) [ S]. RFC4271, 2006.
  • 3Chang Y F,Chang C C,Huang H F. Digital signature with message recovery using self-certified public keys without trustworthy system authority [ J ]. Applied Mathematics (1) :211-227.
  • 4Karlin J. A fun hijack:l/8, 2/8, 3/8, 4/8, 5/8, 7/8, 8/8, 12/ 8 briefly announced by AS 23520 (today) [ EB/OL]. http:// www. merit, edu/mail, archives/nanog/2006-06/msg00082, html, 2008.
  • 5Austein R, Huston G, Kent S, et al. Secure inter-domain routing: Manifests for the resource public keyinfrastructure[ Z]. draft-icff- sidr-rpki-manifests-09, txt, 2010.
  • 6Tony Bates, Philip Smith,etal. The cidr report [EB/OL]. http:// www. cidr-report, org/as2.0/#general status. Feb,2011.
  • 7Zhang Y, Zhang Z, Mao Z M,et al. HC-BGP:a fight- weight and flexible scheme for securing prefix ownership [ C]. In Proe. the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, ( DSN'09), Lisbon, Portugal, 2009:23-32.
  • 8Wan Tao, Paul C van Oorschot. Analysis of BGP prefix origins during google's May 2005 Outage [ C]. Parallel and Distributed Processing Symposium, IPDPS ,2006.
  • 9Goldberg S,Schapira M,Hummon P,et al. How secure arc secure interdomain routing protocols[ C]. In Sigcomm, 2010.
  • 10Cowie J. Rensys blog : China' s 18-minute mystery [ EB/OL ]. ht- tp ://www. renesys, com/blog/2010/11/chinas-18-minute-mystery. shtrnl ,May ,2010.

二级参考文献26

  • 1张宏科,苏伟.新网络体系基础研究——一体化网络与普适服务[J].电子学报,2007,35(4):593-598. 被引量:126
  • 2Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4 (BGP - 4)[S] .IETF RFC4271,2006.
  • 3Murphy S. BGP security vulnerabilities analysis [ S ]. IETF RFC4272,2006.
  • 4Nordstrom O, Dovrolis C. Beware of BGP Attack [ J ]. ACM Computer Communications Review,2004,34(2) : 1 - 8.
  • 5Ballani H, Francis P, Zhang X. A Study of Prefix Hijacking and Interception in the Intemet [ A ]. In Proc. ACM SIGCOMM 2007[ C]. Kyoto: ACM Press,2007.265- 276.
  • 6Ramachandran A,Feamster N. Understanding the Network-Level Behavior of Spammers[ A]. In Proc. ACM SIGCOMM 2006 [ C] .New York:ACM Press,2006.291 - 302.
  • 7Sauver J. S. Route Injection and Spam[ R]. In Messaging Anti-Abuse Working Group (MAAWG) 8th General meeting.2006.
  • 8Popescu A C,Premore B J, Underwood T. Anatomy of a Leak: AS9121[ OL]. http://nanog, org/mtg - 0505/underwood. html, 2008.
  • 9Karlin J, Forrest S, Rexford J. Pretty Good BGP: Improving BGP by Cautiously Adopting Routes[ A]. In Proc. IEEE ICNP 2006[ C]. Santa Barbara: IEEE Press, 2006.290 - 299.
  • 10Karlin J. a fun hijack: 1/8,2/8,3/8,4/8,5/8,7/8,8/8, 12/8 briefly announced by AS 23520 (today) [ OL ]. http://www. merit, edu/mail, archives/nanog/ 2006 - 06/msg00082. html, 2008.

共引文献6

同被引文献3

引证文献2

小型微型计算机系统
2012年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部