Abstract:
The border gateway protocol(BGP) is vulnerable to various attacks for previous design limitations. However, the heavy and complicated public key infrastructure (PKI) key management and too much storage space cost in current BGP path verification mechanisms severely block BGP security solutions from being implemented and deployed in real world. For the first time the ID-based signature scheme is introduced into BGP path verification, and so the ID-based path verification mechanism(IDPV) is proposed. Compared with current certificate-based path verification mechanisms, IDPV effectively simplifies PKI key management and reduces router’s storage space cost, improves path verification performance. The BGP secure solution with IDPV will be more easily realized and deployed in Internet.
Key words:
route,
security,
BGP,
path verification,
identity-based cryptography
摘要: 边界网关协议(BGP)因设计缺陷易受到各种类型的攻击。然而,当前BGP路径验证机制中繁重复杂的公钥基础设施(PKI)密钥管理和过量的存储空间开销严重阻碍了BGP安全方案在实际中部署实现。基于此,该文将基于身份的签名算法引入路径验证,提出了一个基于身份的路径验证机制(IDPV)。与当前基于证书的路径验证机制相比,IDPV有效地简化了PKI密钥管理,减少了路由器存储开销,提高了路径验证的性能,促进了BGP安全方案在实际中的应用。
关键词:
路由,
安全,
BGP,
路径验证,
基于身份的密码学
CLC Number:
WANG Na; GU Chun-xiang; WANG Bin-qing;. BGP Path Verification Mechanism Based on ID[J]. Computer Engineering, 2007, 33(17): 34-36.
王 娜;顾纯祥;汪斌强;. 基于身份的BGP路径验证机制[J]. 计算机工程, 2007, 33(17): 34-36.