改进的BGP安全机制

An Improved BGP Security Mechanism

导出

摘要由于边界网关协议(BGP)缺少必要的安全机制,面临严重的安全威胁,虽有多种安全方案被提出,但繁复的密钥管理和过量的存储开销严重阻碍了方案的实际部署.为此,将代理重签名机制引入BGP安全机制(SE-BGP)方案中,修改了自治系统联盟结构,改进了分布式信任模型,解决了关键节点在联盟之间交叉认证的问题,提出了一种改进的BGP安全机制.安全和性能分析结果表明,在保证安全能力的同时,该机制进一步减少了路由资源的消耗,所需的证书规模约为SE-BGP的31%,具有更好的可扩展性. For lack of necessary security mechanism, the border gateway protocol （BGP） faces serious security threats. In proposed BGP security mechanisms, the management of complicated certificatation and excessive storage overhead severely block security solutions from being implemented and deployed in real world. Based on modification of autonomous system alliance＇ s structure, the proxy re-signature is introduced into security enhanced BGP （SE-BGP） to improve translator trust model. An improved BGP security mechanism named improved SE-BGP is also designed for solving the problem of cross-certification of key nodes between autonomous system alliances. Security analysis and performance evaluation demonstrate that this mechanism continues to reduce the route resource expenses to have better scalability and good security capability. The number of used certificates is about 31% of the SE-BGP.

作者赵宸孙斌杨义先杨焱

机构地区北京邮电大学信息安全中心北京邮电大学灾备技术国家工程实验室北京交通大学轨道交通控制与安全国家重点实验室

出处《北京邮电大学学报》 EI CAS CSCD 北大核心 2012年第6期87-91,共5页 Journal of Beijing University of Posts and Telecommunications

基金国家自然科学基金项目(61121061) 轨道交通控制与安全国家重点实验室(北京交通大学)开放课题(2010K010) 国家重大科技专项项目(2011ZX03002-005-01)

关键词边界网关协议交叉认证代理重签名安全 border gateway protocol cross-certification proxy re-signature security

分类号 TN393 [电子电信—物理电子学]

引文网络
相关文献

参考文献8

1胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制[J].软件学报,2008,19(1):167-176. 被引量：18
2Y Rekhter,T Li,S Hares.A Border Gateway Protocol 4(BGP-4)[].RFC.2006
3LYNN Ben.PBC Library Manual 0.4.19. http://crypto.stanford.edu/pbc/ . 2007
4Tony Bates,Philip Smith,etal.The cidr report. http://w w w.cidr-report.org/as2.0/#general status . 2011
5Kent S,Lynn C,Seo K.Secure border gateway protocol(S-BGP)[].IEEE Journal on Selected Areas in Communications.2000
6White R.Securing BGP through secure origin BGP[].Internet Protocol Journal.2003
7Butler K,Farley T,McDaniel P.A survey of bgp securi-ty issues and solutions[].Proceedings of IEEE.2010
8APNIC.Weekly routing table report[]..2011

二级参考文献13

1Murphy S. BGP security vulnerabilities analysis. IETF Internet RFC, RFC4272, 2006. ftp://ftp.rfc-editor.org/in-notes/rfc4272.txt
2Butler K, Farley T, McDaniel P, Rexford J. A survey of BGP security. Technical Report, AT&T Labs—Research. 2005. http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf
3Kent S, Lynn C, Seo K. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 2000,18(4): 582-592.
4White R. Architecture and deployment considerations for secure origin bgp (soBGP). IETF Internet draft: draft-white- sobgp-architecture-01, 2006. http://www.ietf.org/internet-drafts/draft-white-sobgp-architecture-02.txt
5Aiello W, Ioannidis J, McDaniel P. Origin authentication in Interdomain routing. In: Proc. of the 10th ACM Conf. on Computer and Communications Security. Washington: ACM, 2003. 165-178.
6Wan T, Kranakis E, van Oorschot PC. Pretty secure BGP (psBGP). Technical Report, TR-04-07, SCS, 2004. http://www.scs.carleton.ca/-kranakis/Papers/TR-04-07.pdf
7Hu YC, Perrig A, Sirbu M. SPV: Secure path vector routing for securing BGP. ACM SIGCOMM Computer Communication Review, 2004,34(4):179-192.
8Goodell G, Aiello W, Griffin T, Ioannidis J, McDaniel P, Rubin A. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing. In: Proc. of the ISOC NDSS 2003. San Diego, 2003. 75-85.
9Subramanian L, Roth V, Stoica I, Shenker S, Whisper RL. Security mechanisms for BGP. In: Proc. of the 1st Symp. on Networked Systems Design and Implementation (NSDI 2004). San Francisco: USENIX, 2004. 127-140.
102006. http://www.caida.org/analysis/routing/astypes/

共引文献17

1胡宁,朱培栋,邹鹏,王海龙.域间路由协同管理框架[J].通信学报,2009,30(S1):154-160.
2刘欣,王小强,朱培栋,彭宇行.互联网域间路由系统安全态势评估[J].计算机研究与发展,2009,46(10):1669-1677. 被引量：9
3朱培栋,赵金晶,邓文平.Internet域间路由系统:问题与挑战[J].中兴通讯技术,2009,15(6):9-12.
4王滨,安金梁,吴春明,兰巨龙.基于分治策略的BGP安全机制[J].通信学报,2012,33(5):91-98. 被引量：3
5赵宸,孙斌,杨义先,杨焱.一种轻量化的边界网关协议路径验证机制[J].电子与信息学报,2012,34(9):2167-2173. 被引量：3
6庞玲.基于CXPST攻击算法的BGP协议安全性分析[J].计算机与数字工程,2012,40(11):121-123.
7孔轶艳.行政法实质另探——一种组织理论视角[J].河池学院学报,2012,32(5):85-91. 被引量：1
8庞玲.边界路由器BGP协议的脆弱性[J].计算机系统应用,2013,22(1):157-161. 被引量：4
9卢宁宁,张宏科.一种基于责任域的安全路由体系[J].软件学报,2013,24(6):1274-1294. 被引量：1
10孔令晶,曾华燊,窦军,李耀.基于关键节点的域间路由安全机制[J].计算机应用研究,2013,30(12):3753-3757. 被引量：1

1张大陆,时慧.基于SET协议的交叉认证[J].计算机工程,2003,29(3):63-65. 被引量：4
2徐拥军,曹裕群,刘勇,赵厚鹏,缪春燕,曹珊珊.φ200μm小尺寸光纤在OPGW中的应用[J].电力信息与通信技术,2014,12(11):121-126. 被引量：2
3云翠兰,程国胜,刘原华.基于前向安全签名体制的研究及其应用[J].微计算机信息,2008,24(3):54-55. 被引量：3
4Li Cuilian,Yang Zhen.ANALYSIS OF GROUP MULTIUSER DETECTION BASED ON COALITION GAME THEORY[J].Journal of Electronics(China),2009,26(6):804-811. 被引量：1
5袁巍,李津生,洪佩琳.一种P2P网络分布式信任模型及仿真[J].系统仿真学报,2006,18(4):938-942. 被引量：45
6仇宇,厦龄.PKI证书验证的交叉认证网模型优化设计[J].网络安全技术与应用,2004(9):51-54.
7陈淑晓.基于多因素信任的分布式信任模型[J].电子科技,2015,28(3):50-54.
8熊飞,吴浩波,徐启建.一种传感器网络的分布式信任模型[J].无线电工程,2009,39(8):1-4. 被引量：3
9霍晓莉,李艳和,戴无惧,张汉一,何永琪.一种面向多业务恢复的路由优化算法[J].通信学报,2003,24(10):14-20. 被引量：2
10常飞,朱宇琛.光缆监测系统在石油管道通信传输中的应用[J].电信技术,2014(7):84-87. 被引量：5

北京邮电大学学报

2012年第6期

浏览历史

内容加载中请稍等...

改进的BGP安全机制

参考文献8

二级参考文献13

共引文献17

相关作者

相关机构

相关主题

浏览历史