A Lightweight Mechanism for Border Gateway Protocol Path Verification
-
摘要: 由于边界网关协议(Border Gateway Protocol, BGP)存在安全问题,路径信息(AS_PATH属性)易遭受各种攻击。已有的路径验证方案中,过程复杂和开销巨大严重阻碍了方案的实际部署。基于对AS_PATH属性的分析,该文提出一种轻量化的BGP路径验证机制FTAPV(First-Two-AS based Path Verification)。FTAPV中,更新报文只需要携带AS_PATH中前两个AS的签名信息就可以有效地为路径信息提供保护。安全分析和性能评估表明,与已有方案相比,该机制在保证安全能力的同时,有效地减少了路由资源的消耗和所需证书的规模,具有良好的可扩展性。
-
关键词:
- 信息安全 /
- 边界网关协议(BGP) /
- 路径验证 /
- First-Two-AS
Abstract: Since BGP (Border Gateway Protocol) possesses many security vulnerabilities, BGP Autonomous System PATH information (AS_PATH attribute) is vulnerable to various attacks. In proposed BGP path verification mechanisms at present, the high computational overhead and complex process severely block security solutions from being implemented and deployed in real world. A lightweight method is designed for BGP path verification named First-Two-AS based Path Verification (FTAPV). Based on analysis of AS_PATH attribute, FTAPV can protect path information effectively through carrying signatures of first two ASes in the AS_PATH of UPDATEs. Security analysis and performance evaluation demonstrate this mechanism can reduce the route resource expense and the number of used certificates with strong ability of security and good scalability compared with existing method.-
Key words:
- Information security /
- Border Gateway Protocol (BGP) /
- Path verification /
- First-Two-AS
-
计量
- 文章访问数: 2345
- HTML全文浏览量: 99
- PDF下载量: 614
- 被引次数: 0
下载:
