作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2006, Vol. 32 ›› Issue (22): 166-168. doi: 10.3969/j.issn.1000-3428.2006.22.060

• 安全技术 • 上一篇    下一篇

BGP安全扩展方案ssBGP

蔡开裕,喻 卫,朱培栋   

  1. (国防科学技术大学计算机学院,长沙 410073)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2006-10-20 发布日期:2006-10-20

Security Extension Scheme of BGP: ssBGP

CAI Kaiyu, YU Wei, ZHU Peidong   

  1. (School of Computer, National University of Defense Technology, Changsha 410073)
  • Received:1900-01-01 Revised:1900-01-01 Online:2006-10-20 Published:2006-10-20

摘要: 边界网关协议(BGP)是Internet的关键组成部件,但其缺少必要的安全机制,因而安全能力非常脆弱。目前针对BGP的安全缺陷,涌现了多种安全扩展方案,其中S-BGP最为有名。然而,S-BGP过于复杂且需要严格的分级PKI,因而在Internet上部署困难。该文在S-BGP的基础上,提出了一种简化的S-BGP安全方案ssBGP(Simplfied S-BGP),其主要特点是采用一个简化的两级层次的PKI安全认证体系,以求在安全能力和实用性之间折中,方便实际部署。分析证明该方案切实可行,能有效提高BGP安全能力。

关键词: 边界网关协议, S-BGP, ssBGP, 安全机制

Abstract: AS a critical component of the Internet routing infrastructure, the border gateway protocol(BGP) is highly vulnerable to a variety of attacks. Many solutions have been proposed by some corporations or individual for securing BGP.S-BGP is one of the most famous proposals, and probably the most concrete one. S-BGP requiring strict hierarchical PKI made it difficult to deploy across the Internet. This paper proposes the security extension suggestion-simplified S-BGP(ssBGP) on the basis of S-BGP, as to provide a better balance between security and practicality than S-BGP, making it more deployable.

Key words: BGP, S-BGP, ssBGP, Security mechanism