检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘志辉[1] 孙斌[1] 谷利泽[1] 杨义先[1]
出 处:《软件学报》2012年第7期1908-1923,共16页Journal of Software
基 金:国家自然科学基金(61003285);国家重点基础研究发展计划(973)(2007CB310704);教育部科学技术研究重点项目
摘 要:提出了一种基于线索平衡二叉排序哈希树认证委分字典的安全高效的源认证(origin authentication,简称OA)方案,用于防范BGP地址前缀劫持攻击.基于Aiello和McDaniel等人提出的OA服务,通过数值区间对AS号和IP地址前缀这两种BGP前缀宣告资源进行了统一的形式化定义,采用一种方案同时解决了两种前缀宣告资源的源可信问题.该方案不仅解决了原OA服务中存在的"无效分配关系的证据量是有效分配关系证据量的两倍"的问题,而且与原OA服务相比,该方案建树所需要的总节点数降低约一半.同时,委分证据集合的平均长度更小.因此,该源认证方案效率更高.A new origin authentication scheme based on a threaded balanced binary stored hash tree for authenticated delegation/assignment dictionaries is proposed to solve the problems of BGP (border gateway protocol) address prefix hijacking. BGP address prefix announcement is made up of AS number and IP address prefix, and this paper makes use of the number value range to uniformly define two kinds of BGP address prefix announcement resources, so the two kinds of BGP address prefix announcement resources' origin trustworthy problems are issued by one efficient origin authentication scheme in this paper. This scheme inherits the merit of a threaded binary stored hash tree to correct the shortcomings existing in the William Aiello and Patrick McDaniel's origin authentication scheme that the amount of the evidence for invalid delegation/assignment is double that of the valid. Meanwhile, in contrast with original OA scheme, this scheme reduces the number of tree nodes to half the amount of the delegation/assignment attestation set. which is smaller, so this scheme is more efficient.
关 键 词:源认证 前缀劫持 BGP(border GATEWAY protocol) AS号 IP地址前缀
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222