期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种轻量化的边界网关协议路径验证机制 被引量:3

A Lightweight Mechanism for Border Gateway Protocol Path Verification
下载PDF
导出
摘要 由于边界网关协议(Border Gateway Protocol,BGP)存在安全问题,路径信息(AS_PATH属性)易遭受各种攻击。已有的路径验证方案中,过程复杂和开销巨大严重阻碍了方案的实际部署。基于对AS_PATH属性的分析,该文提出一种轻量化的BGP路径验证机制—FTAPV(First-Two-AS based Path Verification)。FTAPV中,更新报文只需要携带AS_PATH中前两个AS的签名信息就可以有效地为路径信息提供保护。安全分析和性能评估表明,与已有方案相比,该机制在保证安全能力的同时,有效地减少了路由资源的消耗和所需证书的规模,具有良好的可扩展性。 Since BGP (Border Gateway Protocol) possesses many security vulnerabilities, BGP Autonomous System PATH information (ASPATH attribute) is vulnerable to various attacks. In proposed BGP path verification mechanisms at present, the high computational overhead and complex process severely block security solutions from being implemented and deployed in reM world. A lightweight method is designed for BGP path verification named First-Two-AS based Path Verification (FTAPV). Based on analysis of ASPATH attribute, FTAPV can protect path information effectively through carrying signatures of first two ASes in the ASPATH of UPDATEs. Security analysis and performance evaluation demonstrate this mechanism can reduce the route resource expense and the number of used certificates with strong ability of security and good scalability compared with existing method.
作者 赵宸 孙斌 杨义先 杨焱
机构地区 北京邮电大学信息安全中心 北京邮电大学灾备技术国家工程实验室 北京交通大学轨道交通控制与安全国家重点实验室
出处 《电子与信息学报》 EI CSCD 北大核心 2012年第9期2167-2173,共7页 Journal of Electronics & Information Technology
基金 国家自然科学基金(61121061) 国家重大科技专项(2011ZX03002-005-01) 轨道交通控制与安全国家重点实验室(北京交通大学)开放课题基金(2010K010)资助课题
关键词 信息安全 边界网关协议(BGP) 路径验证 First-Two-AS Information security Border Gateway Protocol (BGP) Path verification First-Two-AS
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献19

  • 1Rekhter Y, Li T, and Hares S. A Border Gateway Protocol 4 (BGP-4)[S]. RFC 4271, 2006.
  • 2Butler K, Farley T, and McDaniel P. A survey of BGP security issues and solutions[J]. Proceedings of IEEE, 2010, 98(1): 100 -122.
  • 3Huston G, Rossi M, and Armitage G. Security BGP-A literature survey[J]. IEEE Communications Surveys and Tutorials, 2011, 13(2): 199-222.
  • 4吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务增强机制[J].软件学报,2010,21(7):1704-1716. 被引量:4
  • 5刘欣,朱培栋,彭宇行.Co-Monitor:检测前缀劫持的协作监测机制[J].软件学报,2010,21(10):2584-2598. 被引量:5
  • 6Kent S, Lynn C, and Seo K. Secure Border Gateway Protocol(S-BGP)[J].IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582-592.
  • 7White R. Securing BGP through secure origin BGP[J]. Internet Protocol Journal, 2003, 6(3): 15-22.
  • 8王娜,顾纯祥,汪斌强.基于身份的BGP路径验证机制[J].计算机工程,2007,33(17):34-36. 被引量:1
  • 9Kranankis E, Wan T, and Oorschot P C. On interdomain routing security and pretty secure BGP(psBGP)[J]. ACM Transactions on Information and System Security, 2007,10(3): 1-41.
  • 10胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制[J].软件学报,2008,19(1):167-176. 被引量:18

二级参考文献67

  • 1刘欣,朱培栋,米强,杨明军.基于规则的域间路由系统异常检测[J].国防科技大学学报,2006,28(3):71-76. 被引量:4
  • 2Rekhter Y, Li T, Hares S. A border gateway protocol (BGP Version 4). IETF Internet RFC, RFC 4271. 2006.
  • 3Butler K, Farley T, McDaniel P, Rexford J. A survey of BGP security. 2005. http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf.
  • 4Roughgarden T. Selfish routing [Ph.D. Thesis]. Comell University, 2002.
  • 5Bono VJ. 7007 explanation and apology. 1997. http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html.
  • 6Popescu AC, Premore BJ, Underwood T. Abstract: Anatomy of a leak: AS9121. 2005. http://www.nanog.org/mtg-0505/ underwood.html.
  • 7Brown MA. Pakistan hijacks YouTube: A closer look. 2008. http://www.circleid.com/posts/82258_pakistan_hijacks_youtube_closer_look.
  • 8PResnick P, Zeckhauser R, Friedman E, Kuwabara K. Reputation systems: Facilitating trust in Internet interactions. Communications of the ACM, 2000,43(12):45-48.
  • 9The North American Network Operators' Group. 2008. http://www.nanog.org/.
  • 10White R. Securing BGP through secure origin BGP (soBGP). The Internet Protocol Journal, 2003,6(3): 15-22.

共引文献28

同被引文献41

  • 1林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758. 被引量:252
  • 2张骞,张霞,文学志,刘积仁,Ting Shan.Peer-to-Peer环境下多粒度Trust模型构造[J].软件学报,2006,17(1):96-107. 被引量:71
  • 3喻卫,蔡开裕,朱培栋.BGP安全机制的研究[J].计算机工程与应用,2006,42(5):113-116. 被引量:5
  • 4Huston G, Rossi M, Armitage G. Security BGP-A literature survey. IEEE Communications Surveys and Tutorials, 2011, 13(2), 199-222.
  • 5Butler K, Farley T, McDaniel P. A survey of BGP security issues and solutions. Proceedings of the IEEE, 2010, 98(1) : 100-122.
  • 6Goldberg S, Schapira M, Hummon P, Rexford J. How secure are secure interdomain routing protocols ?//Proceedings of the Annual Conference o the ACM Special Interest Group on Data Communication ( SIGCOMM ). New Delhi, India, 2010:87-98.
  • 7Kent S, Lynn C, Seo K. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582-592.
  • 8Kranankis E, Wan T, Oorschot P C. On interdomain routing security and pretty secure BGP(psBGP). ACM Transactions on Information and System Security, 2007, 10(3) : 11-25.
  • 9Raimagia D, Singh S, Zafar S. A novel approach for secure routing through BGP using symmetric key. International Journal of Network Security Its Applications (IJNSA), 2013, 5(5): 153-165.
  • 10Boldyreva A, Lyehev R. Provable security of (S-BGP) and other path vector protocols: Model, analysis, and extensions// Proceedings of the 19th ACM Conference on Computer and Communications Security, Sheraton Raleigh Hotel. Raleigh, USA, 2012:541-552.

引证文献3

二级引证文献7

电子与信息学报
2012年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部