位置:成果数据库 > 期刊 > 期刊详情页
一种轻量化的边界网关协议路径验证机制
  • ISSN号:1009-5896
  • 期刊名称:电子与信息学报
  • 时间:2012.9.4
  • 页码:2167-2173
  • 分类:TP393[自动化与计算机技术—计算机应用技术;自动化与计算机技术—计算机科学与技术]
  • 作者机构:[1]北京邮电大学信息安全中心,北京100876, [2]北京交通大学轨道交通控制与安全国家重点实验室,北京100044, [3]北京邮电大学灾备技术国家工程实验室,北京100876
  • 相关基金:国家自然科学基金(61121061),国家重大科技专项(2011ZX03002-005-01)和轨道交通控制与安全国家重点实验室(北京交通大学)开放课题基金(2010K010)资助课题
  • 相关项目:通信网的网络理论和技术
作者: 赵宸|孙斌|杨义先|杨焱|
关键词: 信息安全, 边界网关协议(BGP), 路径验证, First-Two-AS, Information security, Border Gateway Protocol (BGP), Path verification, First-Two-AS
中文摘要:

由于边界网关协议(Border Gateway Protocol,BGP)存在安全问题,路径信息(AS_PATH属性)易遭受各种攻击。已有的路径验证方案中,过程复杂和开销巨大严重阻碍了方案的实际部署。基于对AS_PATH属性的分析,该文提出一种轻量化的BGP路径验证机制—FTAPV(First-Two-AS based Path Verification)。FTAPV中,更新报文只需要携带AS_PATH中前两个AS的签名信息就可以有效地为路径信息提供保护。安全分析和性能评估表明,与已有方案相比,该机制在保证安全能力的同时,有效地减少了路由资源的消耗和所需证书的规模,具有良好的可扩展性。

英文摘要:

Since BGP (Border Gateway Protocol) possesses many security vulnerabilities, BGP Autonomous System PATH information (ASPATH attribute) is vulnerable to various attacks. In proposed BGP path verification mechanisms at present, the high computational overhead and complex process severely block security solutions from being implemented and deployed in reM world. A lightweight method is designed for BGP path verification named First-Two-AS based Path Verification (FTAPV). Based on analysis of ASPATH attribute, FTAPV can protect path information effectively through carrying signatures of first two ASes in the ASPATH of UPDATEs. Security analysis and performance evaluation demonstrate this mechanism can reduce the route resource expense and the number of used certificates with strong ability of security and good scalability compared with existing method.

同期刊论文项目
通信网的网络理论和技术
期刊论文 303 会议论文 42 获奖 4 著作 1
同项目期刊论文
Linear Complexity of Generalized Cyclotomic Quaternary Sequences with Period pq
云辅助 P2P-VoD 系统中一种邻居选择算法
Energy Aware Virtual Network Embedding
Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in
保护私有信息的动点距离判定协议及其推广
Cheat sensitive quantum bit commitment via pre- and post-selected quantum states
An Uneven Distribution Based Energy Optimized Routing Protocol for WSNs
A quantum secret sharing protocol with fairness
Adaptive T-S FRBF-based Risk Assessment Method for Electric Power Communication Network
区域化的无线蜂窝网自主节能管理机制
Efficient Threshold PKE with Full Security Based on Dual Pairing Vector Spaces
Virtual Network Embedding with Survivable Routing
On the construction of multi-output Boolean functions with optimal algebraic immunity
Secure Privacy-Preserving Biometric Authentication Scheme for Telecare Medicine Information Systems
LBAS An effective pricing mechanism towards video migration in cloud-assisted VoD system
Weighted Community Detection Based on a Community-Topic Interacting Model
A Parsing Mode based Method for Malformed SIP Messages Testing for IMS network
A Load Balancing Method in SiCo Hierarchical DHT-based P2P Network
A study on Operators’ Network Architecture based on P2P Technology
Improved Group Signature Scheme Based on Quantum Teleportation
An arbitrated quantum signature with Bell states
Trust routing algorithm based on multiple decision factor thoery in OSPF protocol
Cryptanalysis and improvement of a certificateless encryption scheme in the standard model
Quantum state secure transmission in network communication
Defeating Constraint based Program Analysis with Temporal Correlation Function
Multi-party quantum private comparison protocol with n-level entangled states
Parsing and Detecting Phishing Pages Based on Semantic Understanding of Text
保护隐私的逢低买入协议及其推广
一种改进的BGP安全机制
一种面向云服务提供商的资源分配机制
城市汽车导航中一种改进的D-S证据理论地图匹配算法
A Vertical Handoff Method via Self-Selection Decision Tree for Internet of Vehicles
Comb: a resilient and efficient two-hop lookup service for distributed communication system
Security of the arbitrated quantum signature protocols revisited
Fault-tolerant quantum cryptographic protocols with collective detection over the collective ampli
一种基于长度语义约束的报文格式挖掘方法
An efficient server bandwidth costs decreased mechanism for asynchronous streaming in cloud-assisted
Application semi-group property of enhanced Chebyshev polynomials to anonymous authentication protoc
A Multi-dimensional Resource Allocation Algorithm in Cloud Computing
面向业务的多终端动态协同构造机制
A Privacy-Preserving Sequence Pattern Mining Method based on horizontally Distributed Database
Control Flow Deobfuscation Method Based on Path Feasibility Analysis
Revisiting “The Loophole of the Improved Secure Quantum Sealed-Bid Auction with Post-Confirmation
Chaos–order transition in foraging behavior of ants
Hierarchical quantum information splitting of an arbitrary two-qubit state via the cluster state
基于时间窗的多无人机联盟任务分配方法研究
Disaster Recovery Backup Strategy for P2P Based VoIP Application
An Optimization Model of Load Balancing in P2P SIP Architecture
A Method for Disguising Malformed SIP Messages to Evade SIP IDS
An Efficient Method for Scheduling Massive Vulnerability Scanning Plug-ins
Efficient algorithms for scheduling multiple bulk data transfers in inter-datacenter networks
An Access Network Selection Mechanism for Heterogeneous Wireless Environments
基于计时器的最小连通支配集生成算法
2p元2-阶旋转对称弹性函数的构造与计数
Survey of the Virtual Machine Introspection in Cloud Computing
CloudProxy: A NAPT Proxy for Vulnerability Scanners based on Cloud Computing
A rapid detection algorithm for malformed H-DoS in the cloud platform
安全两方线段求交协议及其在保护隐私凸包交集中的应用
标准模型下可证明安全的RFID双向认证协议
基于动态邻接信任模型的安全路由算法研究
Accurate Diagnosis in Computer Networks Using Unicast End-to-End Measurements
Security protocol for RFID system conforming to EPC-C1G2 standard
路径条件驱动的混淆恶意代码检测
Research of Hierarchical Intrusion Detection Model based on Discrete Cellular Neural Networks
Analysis of the two-particle controlled interacting quantum walks
基于机器学习的SPIT可疑度评估方法
An Improved Approach for Route Planning in Urban Traffic Network
IP Flow Mobility Trigger Mechanism in Heterogeneous Wireless Networks
An Energy-Aware Method of Web Service Composition
泛在末梢环境下基于动态备用的业务应急机制
A novel path-based approach for single-packet IP traceback
适应自相似业务的无线网络自主CAC策略
Cost-efficient task scheduling for executing large programs in the cloud
Cost-aware Cloud Service Request Scheduling for SaaS Providers
Cloud SIP System (CSS) : To Decompose SIP Sessions into Transactions for Cloud Environment
A New Security Mechanism for BGP Path Verification
Research on Server Push in Web Browser based Instant Messaging Applications
基于参数建模的分布式信任模型
面向MANET路由的多属性动态信任模型
Eavesdropping on Multiparty Quantum Secret Sharing Scheme Based on the Phase Shift Operations
Virtual Network Embedding Through Topology Awareness and Optimization
A precise and practical IP traceback technique based on packet marking and logging
A Push-Pull Data Scheduling Algorithm for P2P Streaming Media
On the linear complexity of a class of quaternary sequences with low autocorrelation
Lag synchronization of coupled multi-delay systems
Improving synchronous ability between complex networks
An algorithm for constructing all the pairings on elliptic curves,
Study of Attacks and Countermeasures in Wireless Sensor Networks
A Ranging Based Scheme for Detecting the Wormhole Attack in Wireless Sensor Networks
A Reputation-based Ant secure routing Protocol of Wireless Sensor Networks
Light-weight Proofs of Retrievability in Cloud Archive Storage with Replications
A novel Hierarchical Reputation Model for Wireless Sensor Networks
An Empirical Analysis of the Effectiveness of Browser-based Anti-phishing Solutions
Full privacy preserving electronic voting scheme
Malicious node detection in wireless sensor networks using time series analysis on node reputation
Semi-loss-tolerant srtong coin flipping protocol using EPR pairs
A Novel Steganographic Method with Four-Pixel Differencing and Exploiting Modification Direction
A General Construction of Sequences with Good Autocorrelation over the 16-QAM Constellation
A secure quantum group signature scheme based on Bell states
Information leak in Liu et al.’s quantum private comparison and a new protocol
Improved quantum signature scheme with weak arbitrator
The cryptanalysis of Yuan et al.'s multiparty quantum secret sharing protocol
Fast and scalable support vector clustering for large-scale data analysis
Global Detection of Live Virtual Machine Migration based on Cellular Neural Networks
Service-Oriented Synergy Mechanism among Multi-Devices in Ubiquitous Network
Task coalition formation and self-adjustment in the wireless sensor networks
A Light-Weight Rainbow Signature Scheme for WSN
Improved certificateless multi-proxy signature
FFNS: A Flooding Attack Filtering Nodes Selection Method Using Node Betweennes
利用干扰消除的协同中继传输方案
WSN Trust Models Evaluation in the Context of IoT
Universal Composable Secure protocol for EPC system
Improving the security of arbitrated quantum signature
Cryptanalysis and improvement of a multi-user quantum communication network using χ-type entangled s
Choice of measurement as the secret
Nonlocality of orthogonal product basis quantum states
An arbitrated quantum signature scheme with fast signing and verifying
Practical quantum all-or-nothing oblivious Transfer protocol
One-way LOCC indistinguishability of maximally entangled states
Cryptanalysis of enhancement on "quantum blind signature based on two-state vector formalism&
Cryptanalysis of a multi-party quantum key agreement protocol with single particles
Certificateless Public Key Encryption with Hybrid Problems and its Application to Internet of Thi
Two-Cloud-Servers-Assisted Secure Outsourcing Multiparty Computation
A novel pairing-free certi?cateless authenticated key agreement protocol with provable security
New constructions of symmetric orthogonal arrays of strength t
网络虚拟化环境下的服务故障诊断算法∗
一种基于信誉的移动自组网区分服务激励机制
Information Leakage in Quantum Secret Sharing of Multi-Bits by an Entangled Six-Qubit State
Quantum Private Comparison Protocol with W States
Minimum best success probability by classical strategies for quantum pseudo-telepathy
A General Two-Party Bi-Input Private Function Evaluation Protoco
A Fuzzy Identity-Based Signcryption Scheme from Lattices
Self-organizing Energy-saving Management Mechanism based on Pilot Power Adjustment in Cellular Netwo
Centralized Management Mechanism for Cell Outage Compensation in LTE Networks
Discussion on quantum proxy group signature scheme with ?-type entangled states
An anonymous user authentication with key agreement scheme without pairings for multi-server archite
Efficient secure multiparty computation protocol for sequencing problem over insecure channel
GLS: new class of generalized legendre sequences with optimal arithmetic cross-correlation
Construction and counting of 1-resilient rotatin symmetric Boolean functions on pq variables
BGP Path Verification Mechanism Based on Sanitizable Signature
New constructions of symmetric orthogonal arrays of strengtht
企业战略驱动的QoS属性相关Web服务选择与部署方法
业务量驱动的区域化无线接入网自主节能机制
基于TCP数据包层分析的移动互联网用户体验的评估方法
Privacy-Assured Substructure Similarity Query over Encrypted Graph-Structured Data in Cloud
A Novel Path-based Approach for Single-Packet IP Trace back
Enhanced Energy-Efficient Scheduling for Parallel Tasks using Partial Optimal Slacking
PAIDD: a hybrid P2P-based architecture for improving data distribution in social networks
SBDP: Bandwidth Prediction Mechanism towards Server Demands in P2P-VoD System. Peer-to-Peer Networki
An efficient server bandwidth costs decreased mechanism towards mobile devices in cloud-assisted P2P
Filtering Location Optimization in Reactive Packet Filtering
Quantum anonymous ranking
Grid Density Based Evolving Clustering Algorithm For Data Streams
支持向量机回归预测在网络故障检测中的应用
An Uncertainty-Based Distributed Fault Detection Mechanism for Wireless Sensor Networks
Prediction-based dynamic resource scheduling for virtualized cloud systems
基于带宽请求预测和云资源预留的视频移植策略
Multiple bulk data transfers scheduling among datacenters
Determination of W states equivalent under stochastic local operations and classical communication
Cryptanalysis of a sessional blind signature based on quantum cryptography
Efficient Quantum Transmission in Multiple-Source Networks
A Composition and Recovery Strategy for Mobile Social Network Service in Disaster
Quantum key agreement with EPR pairs and single-particle measurements
匿名和可问责平衡的信誉系统
新型的802.11n联合符号定时同步与细频偏估计算法研究
A lattice-based signcryption scheme without random oracles
强度m的对称正交表的递归构造
Efficient probe selection for fault localization using the property of submodularity
新颖的正则NFA引擎构造方法
基于非线性规划的链路丢包率推理算法
网络虚拟化环境下的服务故障诊断算法
无线传感器网络蠕虫的传播与控制
2p元2-阶旋转对称弹性布尔函数的构造与计数
XOR-MAC的结构分析和安全性证明
无线传感器网络中基于分簇的数据聚合机制
素数元旋转对称弹性布尔函数的构造与计数
一种新的Web应用防火墙的自学习模型
群签名中成员撤销问题解决方案
泛在末梢环境下的多终端协同选择机制
基于频繁项挖掘的空间关联性子簇形成算法
PFA在FPGA正则引擎上的设计和仿真
基于CNN同心邻域极值的多车道智能交通系统图像多车牌区域的边缘检测
动态疫苗接种的入侵检测方法
基于可信建模过程的信任模型评估算法
对一个格基身份签名方案的分析和改进
基于粗糙集和人工免疫的集成入侵检测模型
改进的BGP安全机制
新型的IEEE 802.11n联合符号定时同步与细频偏估计算法
保护隐私的逢低买入拍卖协议及其推广
圆和维诺图相交模拟基站覆盖算法
基于改进Kruskal算法的WSN故障节点检测方法
虚拟计算环境下基于模糊聚类的资源调度算法
泛在末梢环境可靠性预测的服务发现选择协议
基于协同谱聚类的推荐系统托攻击防御算法
高效的SIP服务器模糊测试方法
基于神经网络和遗传算法的网络安全事件分析方法
基于混合能源的无线蜂窝网节能管理机制
泛在末梢环境下的动态业务恢复机制
移动P2P资源共享激励机制
基于样本加权的基因特征选取模型
虚拟计算环境下面向应用的基于信任的资源匹配模型
基于终端干扰和链路稳定性的多终端协同维护机制
云辅助P2P-VoD系统中一种邻居选择算法
基于控制流序位比对的智能Fuzzing测试方法
一种识别和追踪恶意匿名评价者的信任模型
跨数据中心的关联云数据部署策略
云环境下保护隐私的最短距离计算方法研究
一种基于云存储环境下的数据处理机制
An Algorithm for the Spectral Immunity of Binary Sequence with Period 2^n
An anonymous and efficient remote biometrics user authentication scheme in a multi server environment
量子密码协议安全性分析
Variational learning for finite Beta-Liouville mixture models
有限贝塔刘维尔混合模型的变分学习及其应用
混合逆狄利克雷分布的变分学习及应用
企业战略驱动的QoS属性相关Web 服务选择与部署方法
泛在末梢环境下均衡多业务的终端聚合机制
协议规范挖掘研究综述
基于物联网的智能楼宇系统研究
基于层级化身份的可证明安全的认证密钥协商协议
期刊信息
  • 《电子与信息学报》
  • 中国科技核心期刊
  • 主管单位:中国科学院
  • 主办单位:中国科学院电子学研究所 国家自然科学基金委员会信息科学部
  • 主编:朱敏慧
  • 地址:北京市北四环西路19号
  • 邮编:100190
  • 邮箱:jeit@mail.ie.ac.cn
  • 电话:010-58887066
  • 国际标准刊号:ISSN:1009-5896
  • 国内统一刊号:ISSN:11-4494/TN
  • 邮发代号:2-179
  • 获奖情况:
  • 国内外数据库收录:
  • 荷兰文摘与引文数据库,美国工程索引,美国剑桥科学文摘,日本日本科学技术振兴机构数据库,中国中国科技核心期刊,中国北大核心期刊(2004版),中国北大核心期刊(2008版),中国北大核心期刊(2011版),中国北大核心期刊(2014版)
  • 被引量:24739