The Internet routing system as a complex system is faced with many challenges. Attacks against Border Gateway Protocol (BGP), the only wide-area routing protocol between different Autonomous Systems (AS), are increasing in number and severity. Most security mechanisms based on public key cryptography are far from deployment due to performance, trust model and other issues. Self-organization is a promising mechanism to control the complexity in large scale and dynamic networks. This paper proposes the notion of AS Alliance, a natural community structure self-organized based on commercial, political or other social relationships and taking advantage of the power-law and rich-club features of AS-level topology. A new trust model, Trust Translator Model (TTM), is designed based on AS Alliance to improve the security of BGP. TTM avoids the global distribution of certificates by trust translating of hub nodes between different trust domains, and yields much less memory overhead and a shorter validation chain than the traditional solutions. We develop a novel SE-BGP (Security Enhanced BGP) protocol extension exploiting TTM model. It introduces new path attributes to carry origin certificates and path signatures, and the algorithms to process origin authentication and path authentication. Our analysis and experiment results show that SE-BGP is a viable solution.

• 出版日期2012-1
• 单位中国人民解放军国防科学技术大学