北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2012, Vol. 35 ›› Issue (6): 87-91.doi: 10.13190/jbupt.201206.87.zhaoch

• 论文 • 上一篇    下一篇

改进的BGP安全机制

赵 宸, 孙 斌, 杨义先, 杨 焱   

  1. 1. 北京邮电大学 信息安全中心, 北京 100876;2. 北京邮电大学 灾备技术国家工程实验室, 北京 100876;3. 北京交通大学 轨道交通控制与安全国家重点实验室, 北京 100044
  • 收稿日期:2012-04-09 修回日期:2012-07-27 出版日期:2012-12-28 发布日期:2013-01-07
  • 通讯作者: 赵宸 E-mail:sdqdzhaochen@163.com
  • 作者简介:赵 宸(1985-),男,博士生,Email:sdqdzhaochen@163.com 杨义先(1961-),男,教授,博士生导师
  • 基金资助:

    国家自然科学基金项目(61121061);轨道交通控制与安全国家重点实验室(北京交通大学)开放课题(2010K010);国家重大科技专项项目(2011zx03002-005-01)

An Improved BGP Security Mechanism

ZHAO Chen, SUN Bin, YANG Yi-xian, YANG Yan   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China;3. State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China
  • Received:2012-04-09 Revised:2012-07-27 Online:2012-12-28 Published:2013-01-07
  • Contact: Chen ZHAO E-mail:sdqdzhaochen@163.com

摘要:

由于边界网关协议(BGP)缺少必要的安全机制,面临严重的安全威胁,虽有多种安全方案被提出,但繁复的密钥管理和过量的存储开销严重阻碍了方案的实际部署. 为此,将代理重签名机制引入BGP安全机制(SE-BGP)方案中,修改了自治系统联盟结构,改进了分布式信任模型,解决了关键节点在联盟之间交叉认证的问题,提出了一种改进的BGP安全机制. 安全和性能分析结果表明,在保证安全能力的同时,该机制进一步减少了路由资源的消耗,所需的证书规模约为SE-BGP的31%,具有更好的可扩展性.

关键词: 边界网关协议, 交叉认证, 代理重签名, 安全

Abstract:

For lack of necessary security mechanism, the border gateway protocol (BGP) faces serious security threats. In proposed BGP security mechanisms, the management of complicated certificatation and excessive storage overhead severely block security solutions from being implemented and deployed in real world. Based on modification of autonomous system alliance’s structure, the proxy re-signature is introduced into security enhanced BGP (SE-BGP) to improve translator trust model. An improved BGP security mechanism named improved SE-BGP is also designed for solving the problem of cross-certification of key nodes between autonomous system alliances. Security analysis and performance evaluation demonstrate that this mechanism continues to reduce the route resource expenses to have better scalability and good security capability. The number of used certificates is about 31% of the SE-BGP.

Key words: border gateway protocol, cross-certification, proxy re-signature, security

中图分类号: