基于标识密码的内生安全最短路径优先协议
An intrinsic secure open shortest path first protocol based on identity cryptography
荀鹏 1陈红艳 1王勇志 1李世杰1
作者信息
- 1. 国防科技大学计算机学院,湖南 长沙 410073
- 折叠
摘要
路由协议如开放的最短路径优先协议OSPFV2的安全运行对网络的连通及信息安全传输至关重要.传统OSPFV2协议在设计上缺少抵御源路由伪造或路由信息篡改的能力,致使组网易遭遇攻击,而现有的安全策略多为外挂式,易引发新的安全问题或安全效能低,为此,提出基于标识密码的内生安全OSPFV2协议,将标识密码内嵌于路由交换流程内,使网络具备高效的、内生式的抵御路由在传输过程中的篡改和伪造攻击能力.另一方面,考虑大范围部署安全OSPFV2协议存在多种限制因素,利用不透明链路状态通告,设计支持增量部署的运行机制.仿真实验表明,设计的内生安全OSPFV2协议在不损耗过多收敛时延的同时,具备抵御源路由伪造、数据篡改的安全能力.
Abstract
Routing protocols like Open Shortest Path First Version 2(OSPFV2)TCP/IP internet routing protocol play a crucial role in the connectivity and secure transmission of information within net-works.However,traditional OSPFV2 lacks the capability to defend against source route spoofing or route information tampering,making networks vulnerable to attacks.Existing security strategies are of-ten add-on solutions,which can lead to new security issues or have low security effectiveness.To ad-dress this,a novel OSPFV2 protocol based on identity-based cryptography is proposed.This protocol embeds identity-based cryptography within the routing exchange process,enabling networks to efficient-ly defend against route tampering and spoofing attacks internally.Furthermore,considering various limitations in deploying secure OSPFV2 protocols on a large scale,an operational mechanism supporting incremental deployment is designed using opaque link state advertisements.Simulation experiments demonstrate that the proposed internally secure OSPFV2 protocol possesses the capability to resist source route spoofing and data tampering while minimizing convergence delay.
关键词
OSPFV2协议/源路由伪造/内生安全/标识密码Key words
OSPFV2 protocol(open shortest path first version 2 protocol)/source routing informa-tion modification/intrinsic security/identity cryptography引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据