摘要
业界对路由协议安全的研究主要侧重于边界网关协议(Border Gateway Protocol,BGP)路由劫持、路由泄露等方面的安全问题,对转发面路由行为异常、内部网关协议(Interior Gateway Protocol,IGP)路由安全等方面的研究较为少见,缺乏具有普适性的路由协议安全防护设计。提出了一种跨层联动的安全可信路由控制/转发融合技术,通过引入身份基加密(Identity-Based Encrypted,IBE)技术和普适性路由安全设计架构,实现路由前缀发布源合法性安全自证明、路由信息传播安全自证明和控制/转发跨层联动安全鉴别等多层次路由安全功能,提供了关键数据流程和协议设计参考,为对路由安全具有高等级要求的政企专网提供了一种新型路由安全整体方案。
The research on routing protocol security in the industry mainly focuses on the security issues of BGP(Border Gateway Protocol)route hijacking and route leakage,and the research on abnormal routing behavior of forwarding plane and the routing security of IGP(Interior Gateway Protocol)is relatively rare,and there is a lack of universal routing protocol security protection design.By introducing IBE(Identity-Based Encrypted)technology and universal routing security design architecture,this paper proposes a cross-layer linkage of secure and trusted routing control/forwarding fusion technique,which achieves multi-level routing security functions such as secure self-proof of legitimacy of routing prefix publishing source,secure self-proof of routing information propagation and secure authentication of control/forwarding cross-layer linkage,and provides key data flow and protocol design references and gives a new overall routing security scheme for government and enterprise private networks with high-level requirements for routing security.
作者
吴捷
李鉴
康敏
贾永兴
王雄
WU Jie;LI Jian;KANG Min;JIA Yongxing;WANG Xiong(No.30 Institute of CETC,Chengdu Sichuan 610041,China;School of Information and Communication Engineering,University of Electronic Science and Technology of China,Chengdu Sichuan 611731,China)
出处
《通信技术》
2024年第11期1181-1189,共9页
Communications Technology
基金
国家自然科学基金(62072079)。
关键词
跨层联动
门卫式安全
安全自证明
转发安全控制
cross-layer linkage
gate keeper protection
secure self-proof
forwarding security control
