一种基于对等体认证的OSPF协议安全增强方法
|
摘要
为提高OSPF路由协议安全性,增强抵御恶意网络攻击能力,通过分析OSPF协议的报文格式和工作机理,提出其存在的缺陷性。并基于对等体认证增强的设计思想,提出在协议认证流程和协议报文两方面对OSPF协议进行安全扩展的方法,设计了安全OSPF协议软件,通过协议攻防试验证明了所提出的安全增强方法可有效提高OSPF协议的安全性。
To improve the security of the OSPF routing protocol and increase the capability to defense network attacks,this paper analyzes the message format and operating mechanism of OSPF protocol and puts forward its defects. Based on the design idea of improving the level of authentication between the protocol peers,a method of extending the OSPF routing protocol on the authentication process and the definition of the protocol packet are introduced. The software implementation of secure OSPF protocol is designed. The results of attack experimentation show that the proposed security improvement method can effectively enhance the security of OSPF protocol.
To improve the security of the OSPF routing protocol and increase the capability to defense network attacks,this paper analyzes the message format and operating mechanism of OSPF protocol and puts forward its defects. Based on the design idea of improving the level of authentication between the protocol peers,a method of extending the OSPF routing protocol on the authentication process and the definition of the protocol packet are introduced. The software implementation of secure OSPF protocol is designed. The results of attack experimentation show that the proposed security improvement method can effectively enhance the security of OSPF protocol.
引文
[1]潘道欣,王轶骏,薛质.基于网络协议逆向分析的远程控制木马漏洞挖掘[J].计算机工程,2016(2):146-150.
[2]周未,解文彬,李磊.赛博空间安全框架设计及风险评估方法[J].计算机工程与应用,2016(18):122-126.
[3]吴巍.赛博空间技术发展现状与通信网络安全问题[J].无线电通信技术,2012,38(3):1-4.
[4]李吉良.下一代网络路由交换关键技术研究[J].无线电通信技术,2008,34(2):1-5.
[5]DOYLE Jeff.Routing TCP/IP Volume 1[M].葛建立,吴建章,译.北京:人民邮电出版社,2002.
[6]杨静,谢蒂,王雷.OSPF路由协议的安全分析及其漏洞防范[J].山东大学学报(工学版),2003,33(5):550-553.
[7]MURPHY S,BADGER M.Digital Signature Protection of the OSPF Routing Protocol[C].In Proceedings of the Symposium on Network and Distributed System Security(SNDSS.96),1996.
[8]高明成.开放最短路径优先协议原理及攻击分析[J].电脑知识与技术,2009,30(5):8391-8392.
[9]林思一.OSPF路由选择协议研究[J].哈尔滨商业大学学报,2003,19(6):651-653.
[10]姚小兰.OSPF协议报文认证分析与安全研究[J].现代商贸工业,2008,20(1):266-267.
[11]李丹,龙毅宏.MD5算法破解对实际应用的影响[J].信息安全与通信保密,2005(4):91.
[12]刘兴涛,康宾,周三友,等.自主可控路由器控制交换系统设计[J].无线电工程,2016,46(8):5-8.
[13]陈海燕,季仲梅,李鸥,等.OSPF路由协议安全性分析及其攻击检测[J].微计算机信息,2005(5):234-235.
[14]安宁刚,李国栋,覃尊颖,等.OSPF协议DD报文的脆弱性分析与验证[J].微电子学与计算机,2015,32(2):52-55.
[15]高峥,李林涛.OSPF协议安全性分析[J].黑龙江科技信息,2011(4):77.
[2]周未,解文彬,李磊.赛博空间安全框架设计及风险评估方法[J].计算机工程与应用,2016(18):122-126.
[3]吴巍.赛博空间技术发展现状与通信网络安全问题[J].无线电通信技术,2012,38(3):1-4.
[4]李吉良.下一代网络路由交换关键技术研究[J].无线电通信技术,2008,34(2):1-5.
[5]DOYLE Jeff.Routing TCP/IP Volume 1[M].葛建立,吴建章,译.北京:人民邮电出版社,2002.
[6]杨静,谢蒂,王雷.OSPF路由协议的安全分析及其漏洞防范[J].山东大学学报(工学版),2003,33(5):550-553.
[7]MURPHY S,BADGER M.Digital Signature Protection of the OSPF Routing Protocol[C].In Proceedings of the Symposium on Network and Distributed System Security(SNDSS.96),1996.
[8]高明成.开放最短路径优先协议原理及攻击分析[J].电脑知识与技术,2009,30(5):8391-8392.
[9]林思一.OSPF路由选择协议研究[J].哈尔滨商业大学学报,2003,19(6):651-653.
[10]姚小兰.OSPF协议报文认证分析与安全研究[J].现代商贸工业,2008,20(1):266-267.
[11]李丹,龙毅宏.MD5算法破解对实际应用的影响[J].信息安全与通信保密,2005(4):91.
[12]刘兴涛,康宾,周三友,等.自主可控路由器控制交换系统设计[J].无线电工程,2016,46(8):5-8.
[13]陈海燕,季仲梅,李鸥,等.OSPF路由协议安全性分析及其攻击检测[J].微计算机信息,2005(5):234-235.
[14]安宁刚,李国栋,覃尊颖,等.OSPF协议DD报文的脆弱性分析与验证[J].微电子学与计算机,2015,32(2):52-55.
[15]高峥,李林涛.OSPF协议安全性分析[J].黑龙江科技信息,2011(4):77.