穿越自治系统联盟的域间路由安全机制

Inter-domain routing security mechanism for crossing autonomous system alliance

下载PDF

导出

摘要通过对SE-BGP(security enhanced BGP)的研究与分析,发现此方案不仅无法认证动态变化的跨联盟AS(autonomous system),也无法抵御其自身所发起的主动攻击。为了解决SE-BGP存在的安全问题,设计了二层跨联盟等级结构CAHS(cross-alliance hierarchical structure),基于CAHS结构,借鉴护照签证思想,利用递增散列——Ad HASH(additive hash)的特性提出了一种跨联盟安全机制SCA-BGP(secure crossing alliance for BGP)。该机制具有更高的安全性,可以有效地认证跨联盟AS的身份及行为授权,还可对其所携带的信息进行安全验证。实验分析表明,SCA-BGP可以有效地减少所需证书的规模和额外的时间开销,具有更好的可扩展性和网络收敛性能。 Through studying and analyzing SE-BGP （security enhanced BGP）, it was found that it couldn＇t validate thecross-alliance AS （autonomous system） and defense the self-lannched active attack. To solve the security problems,two-layer cross-alliance hierarchical structure CAHS （cross-alliance hierarchical structure） was designed. Based onCAHS, using the idea of passport visa and the features of AdHASH （additive hash）, a cross-alliance BGP securitymechanism SCA-BGP （secure crossing alliance for BGP） was proposed. The mechanism has higher security, which isable to effectively validate the identities and behavior authorization of the cross-alliance AS as well as the message car-ried by them. The experiment results show that SCA-BGP can effectively reduce the certificate scale and extra time over-head to get better scalability and convergence performance.

作者孔令晶曾华燊窦军李耀

机构地区西南交通大学信息科学与技术学院

出处《通信学报》 EI CSCD 北大核心 2014年第10期155-164,共10页 Journal on Communications

基金国家自然科学基金资助项目(60773102) 国家自然科学基金与中国工程院联合基金资助项目(U0970122)~~

关键词递增散列 SE-BGP SCA-BGP cross-alliance AS AdHASH

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献20

1REKHTER Y’ LI T,HARES S. A Border Gateway Protocol 4(BGP-4)[EB/OL]. http://datatracker.ietf.org /doc/rfc4271/. 2006.
2KENT S,LYNN C,SEO K. Secure border gateway protocol(S-BGP)[J]. IEEE Journal on Selected Areas in Communications, 2000,18(4): 582-592.
3WHITE R. Securing BGP through secure origin BGP (soBGP)[J]. TheInternet Protocol Journal,2003, 6(3):15-22.
4OORSCHOT P C, WAN T, KRANAKIS E. On inter-domain routingsecurity and pretty secure BGP (psBGP)[J]. ACM Transactions on In-formation and System Security (TISSEC), 2007,10(3): 11.
5胡湘江,朱培栋,龚正虎.SE-BGP:一种BGP安全机制[J].软件学报,2008,19(1):167-176. 被引量：18
6王滨,安金梁,吴春明,兰巨龙.基于分治策略的BGP安全机制[J].通信学报,2012,33(5):91-98. 被引量：3
7KARLIN J, FORREST S, REXFORD J. Pretty good BGP: improvingBGP by cautiously adopting routes[A]_ Proceedings of the 2006 IEEEInternational Conference on Network Protocols [C]. Washingdon, DC,USA, 2006.290-299.
8SUBRAMANIAN L,ROTH V,STOICA I, et al. Listen and whisper:Security mechanisms for BGP[A]. Sjgnposium on Networked SystemsDesign and Implementation (NSDI2004)[C]. 2004. 29-31.
9YUN J K, BYUN C H,KIM Y. Architecture of the remote routingvalidation tool for BGP anomaly detection[A]. Proceedings of the2012 ACM Research in Applied Computation Symposium[C]. CA,USA, 2012. 232-236.
10GAO L. On inferring autonomous system relationships in the Inter-net[J]. IEEE/ACM Transactions on Networking, 2001, 9(6):733-745.

二级参考文献32

1REKHTER Y, LIT. A border gateway protocol 4 (BGP-4)[EB/OL]. http://datatracker.iet f.org/doc/rfc4271/,2006.
2MURPHY S. BGP security vulnerabilities analysis[EB/OL], http:// datatracker.ietf.org/doc/rfc4272/,2006.
3KENT S, LYNN C, SEO K. Secure border gateway protocol (S-BGP)[J]. IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582-592.
4KRANAKIS E, OORSCHOT C. On inter-domain routing security and pretty secure BGP (psBGP)[J]. ACM Trans on Information and Sys- tem Security, 2007,10(3 ): 11.
5WHITE R. Securing BGP through secure origin BGP (soBGP)[J]. The Internet Protocol Journal, 2003,6(3): 15-22.
6SNBRAMANIAN L, ROTH V, STOICA L, et al.Listen and whisper: security mechanisms for BGP[A]. Proc of the 1st Symposium on Net- worked Systems Design and Implementation[C]. San Francisco, CA, USA,2004.
7BONEH D, GENTRY C, LYNN B, et al.Aggregate and verifiably encrypted signatures from bilinear maps[A]. EUROCRYPT 2003, vol- ume 2656 of Lecture Notes in Computer Science[C]. Springer-Verlag, 2003.416-423.
8GENTRY C, RAMZAN Z. Identity-based aggregate signatures[A]. PKC 2006: 9th International Conference on Theory and Practice of Public Key Cryptography[C]. Springer-Verlag, 2006.257-273.
9LU S, OSTROVSKY R, SAHAI A, et al. Sequential aggregate signa- tures and multisignatures without random oracles[A]. EUROCRYPT 2006[C]. Springer-Verlag, 2006.465-485.
10BOLDYREVA A, GENTRY C, O'NEILL A, et al. Ordered multisig- natures and identity-based sequential aggregate signatures, with appli- cations to secure routing[A]. ACM CCS 07: 14th Conference on Computer and Communications Security[C]. 2007.276-285.

共引文献18

1胡宁,朱培栋,邹鹏,王海龙.域间路由协同管理框架[J].通信学报,2009,30(S1):154-160.
2刘欣,王小强,朱培栋,彭宇行.互联网域间路由系统安全态势评估[J].计算机研究与发展,2009,46(10):1669-1677. 被引量：9
3朱培栋,赵金晶,邓文平.Internet域间路由系统:问题与挑战[J].中兴通讯技术,2009,15(6):9-12.
4王滨,安金梁,吴春明,兰巨龙.基于分治策略的BGP安全机制[J].通信学报,2012,33(5):91-98. 被引量：3
5赵宸,孙斌,杨义先,杨焱.一种轻量化的边界网关协议路径验证机制[J].电子与信息学报,2012,34(9):2167-2173. 被引量：3
6庞玲.基于CXPST攻击算法的BGP协议安全性分析[J].计算机与数字工程,2012,40(11):121-123.
7孔轶艳.行政法实质另探——一种组织理论视角[J].河池学院学报,2012,32(5):85-91. 被引量：1
8庞玲.边界路由器BGP协议的脆弱性[J].计算机系统应用,2013,22(1):157-161. 被引量：4
9赵宸,孙斌,杨义先,杨焱.改进的BGP安全机制[J].北京邮电大学学报,2012,35(6):87-91.
10卢宁宁,张宏科.一种基于责任域的安全路由体系[J].软件学报,2013,24(6):1274-1294. 被引量：1

1宋兆辉,吴剑栋,郑宁.数据交换与安全身份认证在护照签证管理系统中的应用研究[J].计算机应用与软件,2008,25(7):192-193.
2Crossing Automation推出晶圆层级自动化工程服务[J].电子与电脑,2009,9(6):82-82.
3硕良勋,柴变芳,张新东.基于改进最近邻的协同过滤推荐算法[J].计算机工程与应用,2015,51(5):137-141. 被引量：30
4庄宏,许胤龙,胡燏翀,林晓斌.一种P2P和ISPs协作的P2P节点选择机制[J].小型微型计算机系统,2011,32(7):1260-1266.
5王三虎,王丰锦.融合用户评分和属性相似度的协同过滤推荐算法[J].计算机应用与软件,2017,34(4):305-308. 被引量：7
6ZHOU Chi,ZHANG Xuejun,CAI Kaiquan,ZHANG Jun.Comprehensive Learning Multi-Objective Particle Swarm Optimizer for Crossing Waypoints Location in Air Route Network[J].Chinese Journal of Electronics,2011,20(3):533-538. 被引量：11
7Ahmad Almassaad Khaled Alotaibi.The Attitudes and Opinions of Tutees and Tutors Towards Using Cross-Age Online Tutoring[J].Psychology Research,2012,2(4):247-259.
8GUO KunQi,SUN LiXin,WANG Ping,JIA ShiLou.Efficiency-aware and fairness-aware joint-layer optimization for downlink data scheduling in OFDM[J].Science in China(Series F),2008,51(2):171-182. 被引量：1
9陈莹珍,高岳林.混沌的自适应和声搜索算法[J].太原理工大学学报,2011,42(2):141-144. 被引量：5
10HONG Long,ZHU Wujia,WANG Jiandong.Hierarchical Structure o Bio-molecular f Application Oriented Computers[J].Chinese Journal of Electronics,2006,15(3):408-412.

通信学报

2014年第10期

浏览历史

内容加载中请稍等...

穿越自治系统联盟的域间路由安全机制

参考文献20

二级参考文献32

共引文献18

相关作者

相关机构

相关主题

浏览历史