摘要： 边界网关协议(BGP)因设计缺陷易受到各种类型的攻击。然而，当前BGP路径验证机制中繁重复杂的公钥基础设施(PKI)密钥管理和过量的存储空间开销严重阻碍了BGP安全方案在实际中部署实现。基于此，该文将基于身份的签名算法引入路径验证，提出了一个基于身份的路径验证机制(IDPV)。与当前基于证书的路径验证机制相比，IDPV有效地简化了PKI密钥管理，减少了路由器存储开销，提高了路径验证的性能，促进了BGP安全方案在实际中的应用。

关键词: 路由, 安全, BGP, 路径验证, 基于身份的密码学

Abstract: The border gateway protocol(BGP) is vulnerable to various attacks for previous design limitations. However, the heavy and complicated public key infrastructure (PKI) key management and too much storage space cost in current BGP path verification mechanisms severely block BGP security solutions from being implemented and deployed in real world. For the first time the ID-based signature scheme is introduced into BGP path verification, and so the ID-based path verification mechanism(IDPV) is proposed. Compared with current certificate-based path verification mechanisms, IDPV effectively simplifies PKI key management and reduces router’s storage space cost, improves path verification performance. The BGP secure solution with IDPV will be more easily realized and deployed in Internet.

Key words: route, security, BGP, path verification, identity-based cryptography

中图分类号: 

• TP393