期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于分治策略的BGP安全机制 被引量:3

Study of BGP secure scheme based on divide and conquer strategy
下载PDF
导出
摘要 研究了SE-BGP的安全性,通过分析发现该机制存在安全漏洞,无法抵御合法用户发起的主动攻击。为了克服SE-BGP存在的安全漏洞,基于AS联盟的思想,使用基于RSA的聚合签名算法设计了一种新的BGP安全机制:SA-BGP,该机制具有更高的安全性,可以有效地验证AS宣告的网络层可达信息(NLRI)的正确性和AS宣告的路径属性的真实性,还可以大规模地减少网络证书规模和单个节点存储的证书数量,通过仿真实验得到SA-BGP和同级别的安全机制相比对网络的影响较小,收敛速度更快。 A new approach was studied for BGP security: SE-BGE By analyzing the security of SE-BGP, was found it had some secure leaks which couldnt resist active attack. To solve these secure problems of SE-BGE an AS-alliance-based secure BGP scheme : SA-BGP was proposed, which used the aggregate signatures algorithm based on RSA. The SA-BGP has strong ability of security that can effectively verify the propriety of IP prefix origination and verifies the validity of an AS to announce network layer reachability information (NLRI). SA-BGP can large-scale reduced the number of the used certificates. Performance evaluation results show that SA-BGP can be implemented efficiently and the incurred overhead, in terms of time and space, is acceptable in practice.
作者 王滨 安金梁 吴春明 兰巨龙
机构地区 浙江大学计算机科学与技术学院 浙江工商大学信息与电子工程学院 国家数字交换系统工程技术研究中心 河南科技学院信息工程学院
出处 《通信学报》 EI CSCD 北大核心 2012年第5期91-98,共8页 Journal on Communications
基金 国家高技术研究发展计划("863"计划)基金资助项目(2008AA01A323 2009AA01A334 2008AA01A325) 国家重点基础研究发展计划("973"计划)基金资助项目(2007CB307102) 国家科技支撑计划基金资助项目(2008BAH37B02) 国家自然科学基金资助项目(60773182 61070157)~~
关键词 BGP安全 AS联盟 聚合签名 RAS border gateway protocol security autonomous system alliance aggregate signatures RSA
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献19

  • 1REKHTER Y, LIT. A border gateway protocol 4 (BGP-4)[EB/OL]. http://datatracker.iet f.org/doc/rfc4271/,2006.
  • 2MURPHY S. BGP security vulnerabilities analysis[EB/OL], http:// datatracker.ietf.org/doc/rfc4272/,2006.
  • 3KENT S, LYNN C, SEO K. Secure border gateway protocol (S-BGP)[J]. IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582-592.
  • 4KRANAKIS E, OORSCHOT C. On inter-domain routing security and pretty secure BGP (psBGP)[J]. ACM Trans on Information and Sys- tem Security, 2007,10(3 ): 11.
  • 5WHITE R. Securing BGP through secure origin BGP (soBGP)[J]. The Internet Protocol Journal, 2003,6(3): 15-22.
  • 6SNBRAMANIAN L, ROTH V, STOICA L, et al.Listen and whisper: security mechanisms for BGP[A]. Proc of the 1st Symposium on Net- worked Systems Design and Implementation[C]. San Francisco, CA, USA,2004.
  • 7胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制[J].软件学报,2008,19(1):167-176. 被引量:18
  • 8BONEH D, GENTRY C, LYNN B, et al.Aggregate and verifiably encrypted signatures from bilinear maps[A]. EUROCRYPT 2003, vol- ume 2656 of Lecture Notes in Computer Science[C]. Springer-Verlag, 2003.416-423.
  • 9GENTRY C, RAMZAN Z. Identity-based aggregate signatures[A]. PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography[C]. Springer-Verlag, 2006.257-273.
  • 10LU S, OSTROVSKY R, SAHAI A, et al. Sequential aggregate signa- tures and multisignatures without random oracles[A]. EUROCRYPT 2006[C]. Springer-Verlag, 2006.465-485.

二级参考文献20

  • 1ATKINSON R,FLOYD S,RFC 3869-IAB Concerns and Recommendations Regarding Internet Research and Evolution[S].Internet Architecture Board,2004.
  • 2ALEX M A.Comparative analysis of the Internet AS-level topologies:mastor comparison[EB/OL].http://www.caida.org/analysis/topology/ as_topo_comparisons/ master.xml.
  • 3GOVINDAN R,REDDY A.An analysis of Internet inter-domain topology and route stability[A].INFOCOM 1997,IEEE[C].1997.850-857.
  • 4GE Z,et al.On the hierarchical structure of the logical Internet graph[A].SPIE ITCOM[C].USA,2001.208-222.
  • 5The SSFNet Project[EB/OL].http://www.ssfnet.org.
  • 6Multi-AS topologies from BGP routing tables[EB/OL].http://www.ssfnet.org/Exchange/gallery/asgraph/ src.tar.gz.
  • 7RAFIT I R.Quantifying BGP Path Exploration in the Internet July 2005[R].Tech Rep on 63th IETF,2005.
  • 8Murphy S. BGP security vulnerabilities analysis. IETF Internet RFC, RFC4272, 2006. ftp://ftp.rfc-editor.org/in-notes/rfc4272.txt
  • 9Butler K, Farley T, McDaniel P, Rexford J. A survey of BGP security. Technical Report, AT&T Labs—Research. 2005. http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf
  • 10Kent S, Lynn C, Seo K. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 2000,18(4): 582-592.

共引文献18

同被引文献52

  • 1REKHTER Y,LIT,HARES S.RFC 4271,A border gateway proto-col 4(BGP-4)[S].2006.
  • 2MURPHY S.RFC 4272,BGP security vulnerabilities analysis[S].2006.
  • 3KENT S,SEO K.RFC 4301,Security architecture for the Internetprotocol[S].2005.
  • 4HEFFERNAN A.RFC 2385,Protection of BGP sessions via the TCPMD5 signature option[S].1998.
  • 5KENT S,LYNN C,SEO K.Secure border gateway protocol(S-BGP)[J].IEEE Journal on Selected Areas in Communications,2000,18(4):582-592.
  • 6WHITE R.Securing BGP through secure origin BGP(soBGP)[J].Internet Protocol Journal,2003,6(3):15-22.
  • 7HUSTON G,ROSSI M,ARMITAGE G.Securing BGP:a literaturesurvey[J].IEEE Communications Surveys & Tutorials,2011,13(2):199-222.
  • 8KRANAKIS E,OOHSCHOT C,WAN Tao.On inter-domain routing.security and pretty secure BGP(psBGP)[J].ACM Trans on Infor-mation and System Security,2007,10(3):11.
  • 9GOODELL G,AIELLO W,GRIFFIN T,et al.Working aroundBGP:an incremental approach to improving security and accuracy ofinterdomain routing[C]//Proc of the Network and Distributed SystemSecurity Symposium.2003:75-85.
  • 10KARLIN J,FORREST S,REXFORD J.Pretty good BGP:improvingBGP by cautiously adopting routes[C]//Proc of IEEE InternationalConference on Network Protocols.2006:290-299.

引证文献3

二级引证文献2

通信学报
2012年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部