中文摘要：

自治系统间的IP前缀劫持是互联网安全的重大威胁.目前基于非对称密码学的前缀劫持防范机制都无可避免地面临复杂的公钥证书存储管理问题或者密钥托管问题,并且在前缀源自治系统在线验证时计算量太大,难以在实际中布署实施.本文提出的这种防范机制,采用公钥自证明签名方案进行前缀源自治系统的验证,无需公钥证书和密钥托管,可从多方面提高防范机制的性能,有望促进IP前缀劫持防范机制的实际布署实施.

英文摘要：

IP prefix hijacking is one of the top threats on the Internet.Currently,the mechanisms for preventing IP prefix hijacks based on asymmetric cryptographies are confronted with problems including public keys storaging,keys escrow and too heavy overhead of online authentications.All these problems prevent these mechanisms from practically deploying.From this,we authenticate the ownerships of IP prefixes using signature scheme of no certificate.Our preventing mechanism doesn′t need public key certificates and key escrow.The analyses show that our mechanism can improve performance at many aspects.It may push ahead the practical deploys of mechanisms for preventing IP prefix hijacks.