摘要: 边界网关协议(BGP)是Internet的关键组成部件,但其缺少必要的安全机制,因而安全能力非常脆弱。目前针对BGP的安全缺陷,涌现了多种安全扩展方案,其中S-BGP最为有名。然而,S-BGP过于复杂且需要严格的分级PKI,因而在Internet上部署困难。该文在S-BGP的基础上,提出了一种简化的S-BGP安全方案ssBGP(Simplfied S-BGP),其主要特点是采用一个简化的两级层次的PKI安全认证体系,以求在安全能力和实用性之间折中,方便实际部署。分析证明该方案切实可行,能有效提高BGP安全能力。
关键词:
边界网关协议,
S-BGP,
ssBGP,
安全机制
Abstract: AS a critical component of the Internet routing infrastructure, the border gateway protocol(BGP) is highly vulnerable to a variety of attacks. Many solutions have been proposed by some corporations or individual for securing BGP.S-BGP is one of the most famous proposals, and probably the most concrete one. S-BGP requiring strict hierarchical PKI made it difficult to deploy across the Internet. This paper proposes the security extension suggestion-simplified S-BGP(ssBGP) on the basis of S-BGP, as to provide a better balance between security and practicality than S-BGP, making it more deployable.
Key words:
BGP,
S-BGP,
ssBGP,
Security mechanism
蔡开裕;喻 卫;朱培栋. BGP安全扩展方案ssBGP[J]. 计算机工程, 2006, 32(22): 166-168.
CAI Kaiyu; YU Wei; ZHU Peidong. Security Extension Scheme of BGP: ssBGP[J]. Computer Engineering, 2006, 32(22): 166-168.