Title :
A Secure Inter-Domain Routing Protocol
Author :
Wang, Na ; Wang, Binqiang
Author_Institution :
PLA Inf. Eng., Univ. Zhengzhou, Zhengzhou
Abstract :
The paper proposes a new secure inter-domain routing protocol, which is called identity-based inter-domain routing (id2r). id2r consists of an origin AS verification mechanism AT (assignment track) and an AS PATH verification mechanism IBAPV (identity-based aggregate path verification). The basic idea of AT is that all ASes must provide the assignment track and attestations of prefixes their originated, and for a prefix, the AS which provides the longest valid assignment track is its legitimate origin AS. With identity-based aggregate signature scheme, IBAPV adopts a single route aggregate attestation to guarantee the authenticity of AS PATH attribute in an update message. It is analyzed that id2r is secure against prefix hijacking and AS PATH forgery attacks. Our performance evaluation results indicate that based on the RouteViews data on December 7, 2007, anid2r router only consumes 1.71Mbytes additional memory,which is 38% of a S-BGP router; id2r has shorter update message than S-BGP; convergence time of id2r with hardware implementation of cryptographic algorithm is acceptable, as a tradeoff.
Keywords :
cryptographic protocols; digital signatures; internetworking; routing protocols; telecommunication security; transport control; AS path forgery attack; AS path verification mechanism; assignment track; border gateway protocol; identity-based aggregate path verification; identity-based inter-domain routing; inter-domain routing protocol security; message authentication; Aggregates; Convergence; Forgery; Identity-based encryption; Internet; Proposals; Public key; Public key cryptography; Routing protocols; Security;
Conference_Titel :
Intelligent Information Technology Application, 2008. IITA '08. Second International Symposium on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3497-8
DOI :
10.1109/IITA.2008.142
