Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2012, Vol. 35 ›› Issue (6): 87-91.doi: 10.13190/jbupt.201206.87.zhaoch

• Papers • Previous Articles     Next Articles

An Improved BGP Security Mechanism

ZHAO Chen, SUN Bin, YANG Yi-xian, YANG Yan   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;2. National Engineering Laboratory for Disaster Backup and Recovery, Beijing University of Posts and Telecommunications, Beijing 100876, China;3. State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100044, China
  • Received:2012-04-09 Revised:2012-07-27 Online:2012-12-28 Published:2013-01-07
  • Contact: Chen ZHAO E-mail:sdqdzhaochen@163.com

Abstract:

For lack of necessary security mechanism, the border gateway protocol (BGP) faces serious security threats. In proposed BGP security mechanisms, the management of complicated certificatation and excessive storage overhead severely block security solutions from being implemented and deployed in real world. Based on modification of autonomous system alliance’s structure, the proxy re-signature is introduced into security enhanced BGP (SE-BGP) to improve translator trust model. An improved BGP security mechanism named improved SE-BGP is also designed for solving the problem of cross-certification of key nodes between autonomous system alliances. Security analysis and performance evaluation demonstrate that this mechanism continues to reduce the route resource expenses to have better scalability and good security capability. The number of used certificates is about 31% of the SE-BGP.

Key words: border gateway protocol, cross-certification, proxy re-signature, security

CLC Number: