• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Parallel and Distributed Systems, IEEE Transactions on >Symmetric Key Approaches to Securing BGPȁ4;A Little Bit Trust Is Enough
【24h】

Symmetric Key Approaches to Securing BGPȁ4;A Little Bit Trust Is Enough

机译:确保BGPȁ4安全的对称密钥方法;一点点信任就足够了

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Border Gateway Protocol (BGP) is the de facto interdomain routing protocol that connects autonomous systems (ASes). Despite its importance for the Internet infrastructure, BGP is vulnerable to a variety of attacks due to lack of security mechanisms in place. Many BGP security mechanisms have been proposed. However, none of them has been deployed because of either high cost or high complexity. The right trade-off between efficiency and security has been ever challenging. In this paper, we attempt to trade-off between efficiency and security by giving a little dose of trust to BGP routers. We present a new flexible threat model that assumes for any path of length h, at least one BGP router is trustworthy, where h is a parameter that can be tuned according to security requirements. Based on this threat model, we present two new symmetric key approaches to securing BGP: the centralized key distribution approach and the distributed key distribution approach. Comparing our approaches to the previous SBGP scheme, our centralized approach has a 98 percent improvement in signature verification. Our distributed approach has equivalent signature generation cost as in SBGP and an improvement of 98 percent in ]signature verification. Comparing our approaches to the previous SPV scheme, our centralized approach has a 42 percent improvement in signature generation and a 96 percent improvement in signature verification. Our distributed approach has a 90 percent improvement on signature generation cost and a 95 percent improvement in signature verification cost. We also describe practical techniques for increasing the long-term security and collusion resistance of our key distribution protocols without increasing the signature generation and verification costs. By combining our approaches with previous public key approaches, it is possible to simultaneously provide an increased level of security and reduced computation cost.
机译:边界网关协议(BGP)是实际上的域间路由协议,用于连接自治系统(ASes)。尽管BGP对于Internet基础结构非常重要,但由于缺乏适当的安全机制,它容易受到各种攻击。已经提出了许多BGP安全机制。但是,由于成本高或复杂性高,它们均未部署。效率和安全性之间的正确权衡一直是挑战。在本文中,我们尝试通过对BGP路由器给予一点信任来在效率和安全性之间进行权衡。我们提出了一种新的灵活威胁模型,该模型假定对于长度为h的任何路径,至少一个BGP路由器是可信任的,其中h是可以根据安全要求进行调整的参数。基于此威胁模型,我们提出了两种用于保护BGP的新对称密钥方法:集中式密钥分发方法和分布式密钥分发方法。与以前的SBGP方案相比,我们的集中式方法在签名验证方面提高了98%。我们的分布式方法具有与SBGP相同的签名生成成本,并且在签名验证方面提高了98%。与以前的SPV方案相比,我们的集中式方法在签名生成方面提高了42%,在签名验证方面提高了96%。我们的分布式方法使签名生成成本降低了90%,签名验证成本降低了95%。我们还介绍了一些实用技术,这些技术可用于提高密钥分发协议的长期安全性和抗串通性,而又不会增加签名生成和验证的成本。通过将我们的方法与以前的公钥方法相结合,可以同时提供更高级别的安全性并降低计算成本。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号