RPKI去中心化安全增强技术综述
Survey on decentralized security-enhanced technologies for RPKI
秦超逸 1张宇 2方滨兴3
作者信息
- 1. 哈尔滨工业大学网络空间安全学院,黑龙江 哈尔滨 150001
- 2. 哈尔滨工业大学网络空间安全学院,黑龙江 哈尔滨 150001;鹏城实验室,广东 深圳 518055
- 3. 鹏城实验室,广东 深圳 518055;广州大学网络空间先进技术研究院,广东 广州 510006
- 折叠
摘要
资源公钥基础设施(RPKI)搭建了中心层级化的IP地址资源认证基础设施.在增强互联网域际路由系统安全的同时,RPKI也将中心性引入路由系统.根据证书认证中心职能,提出RPKI体系中的认证中心、操作中心和发布中心,并从3个中心对RPKI去中心化安全增强技术综述.首先,从认证、操作和发布角度细化RPKI中心化风险.其次,从3个风险角度分类RPKI去中心化安全增强技术的技术思路和解决措施.再次,从安全性、可扩展性和增量部署分析比较相关技术.最后,总结存在的问题并展望未来的研究方向.
Abstract
The resource public key infrastructure(RPKI)deploys a centralized and hierarchical infrastructure for the au-thorization of IP addresses.It not only enhances the security of the Internet border gateway protocol system,but also in-troduces centralization into the routing system.According to the functions of the certificate authorities,the authorization center,operation center,and publication center in the RPKI were proposed,and a comprehensive survey on decentralized security-enhanced technologies for the RPKI were presented based on these three centers.Firstly,RPKI centralization risks were refined from the perspective of authorization,operation and publication.Secondly,the technical ideas and so-lutions of decentralized security-enhanced technologies were classified into these three perspectives.Thirdly,technolo-gies were compared in terms of security,scalability,and incremental deployment.Finally,the existing problems in cur-rent technologies were summarized and the future research directions were prospected.
关键词
边界网关协议/资源公钥基础设施/域间路由安全/区块链/去中心化Key words
border gateway protocol/resource public key infrastructure/secure inter-domain routing/blockchain/decen-tralization引用本文复制引用
基金项目
国家重点研发计划基金资助项目(2022YFB3104800)
鹏城实验室重大攻关基金资助项目(PCL2023A05)
出版年
2024
国家科技期刊平台
NSTL
万方数据