安全域间路由协议关键技术的研究
|
摘要
当前,伴随着互联网日新月异地发展,它像衣食住行一样,已经和我们的日常生活无法分割。路由是网络的结构基石,在划分不同自治系统AS(Autonomous System)的基础上,路由可分为“域内路由”和“域间路由”两个层面。边界网关协议BGP(Border Gateway Protocol)作为唯一的域间路由协议标准,用于在自治系统之间交换网络可达性信息,其安全性对整个互联网有着至关重要的意义。
BGP协议的设计是建立在网络高度可信的基础之上的,没有考虑任何相关的安全机制,在互联网环境日益复杂的今天,已经不能满足网络的要求。近年来,频发的域间路由安全事件更是预示着增强域间路由协议的安全已经迫在眉睫。针对BGP协议所暴露的安全问题,学术界和工业界纷纷提出多种安全方案,如国外的S-BGP,soBGP和psBGP,国内的SE-BGP等,但是提出的方案由于安全性不足,验证模型过于复杂和过多的资源消耗等原因未能部署。捉出新颖有效的、轻量化的安全方案,提高方案的性能与实用性是BGP安全机制能够实现部署的关键。
本文从路由信息的安全和路由行为的安全两个方面详细分析了BGP协议存在的安全缺陷,总结了已提出的安全方案存在的主要问题,深入研究了BGP协议安全相关的关键技术。在路由信息的安全方面,主要研究了路径信息的保护以及前缀地址的起源认证;在路由行为的安全方面,主要研究了路由转发中不作为行为的检测与防范。提出了增强域间路由协议安全性的新机制与新方法,减少了安全方案的复杂度,简化了验证的过程,降低了路由资源的开销,更好地支持安全方案的部署,为实现可信、可控以及可管的下一代网络提供了新的途径。
本文的贡献和创新工作主要体现在以下几个部分:
(1)针对SE-BGP方案存在的不足,提出了一种改进的BGP安全机制,引入代理重签名机制,解决了关键节点在联盟间交叉认证的问题。SE-BGP方案存在较为严重的缺陷,会泄露运营商的私有信息,且节点仍需维护大量的证书,造成巨大的存储与管理开销,无法实现真正的分布式认证。基于代理重签名机制,修改了AS联盟的结构,改进了TTM信任模型,避免了关键节点的交叉认证,并给出了新的源地址认证和路径认证算法。通过安全分析证明了方案的安全能力与原方案相同,性能分析表明,相比原方案,显著减少了证书的规模以及验证的代价,具有更加良好的可扩展性。
(2)改进了代理重签名机制的路径验证方案,提出了一种基于代理重签名的BGP路径验证机制,提高了路径验证的效率。代理重签名机制的重要应用之一就是进行网络路径验证,将代理重签名机制引入到BGP中,结合BGP协议,分析了代理重签名实际应用时的问题,并将其改进,将其中委托者等角色在BGP场景中进行合理地分配,提出了相应的路径更新与验证算法。分析表明在保证路径信息安全的同时,该方案使得代理重签名减少证书和签名的数量的优点得到了充分地发挥,降低了路径验证所需的各种资源开销,扩展性好。
(3)将可净化签名引入到路径验证中,提出了基于可净化签名的BGP路径验证机制,解决了无法限制净化者修改行为的问题,减少了路径验证的开销。可净化签名可用于安全路由中,使用较少的签名与证书就可以完成验证过程。基于限制下一跳节点修改行为的思想,克服了其实际应用的缺陷,在路径中合理地分配签名者与净化者等角色,提出了新的路径认证模型与认证算法,限制了净化者的修改行为。安全与性能分析表明,与传统方案相比,该方案在保证路径信息安全的同时,减少了路径验证所需的各种资源,可扩展性良好。
(4)基于人类社会中排队列的思想,提出了一种轻量化的BGP路径验证方案,简化了路径验证的过程和所需的系统资源。虽然已经提出了多种BGP路径验证方案,但复杂的验证过程和过多的证书存储开销制约了方案的可部署性。基于对AS_PATH的分析,结合BGP的工作原理,借鉴了排队列的思想,每个路由消息携带路径属性中前两个自治系统AS的签名信息,通过验证这两个签名来为路径信息提供保护。系统仿真结果显示,在不降低安全能力的条件下,有效地减少了签名的数量,签名信息不会随着路径的增加而累积,同时显著降低了证书规模,操作性强,具有良好的实用性。
(5)路由行为安全方面,将反馈机制引入到BGP路由通告过程中,提出了一种安全方案用于检测与防范路由转发中的不作为行为。基于对异常转发行为的分析,发现缺少针对自治系统没有转发本该继续通告的路由信息这种不作为行为的研究。分析了不作为行为产生的原因,对其进行了合理准确地定义。基于两跳距离内AS间的关系,提出判断算法判断邻居的后续转发过程,通过在BGP路由通告过程中引入反馈机制来检测不作为行为。基于BGP的选路规则,设计了惩罚机制,确保选取路径的安全,有效地减少不作为行为的发生。系统仿真结果表明该方案提高了域间路由系统整体的安全性,带来的系统负担比较小,易于扩展实现。
综上所述,本论文研究了域间路由协议BGP存在的安全问题,主要从路由信息的安全性与路由行为的安全性两个角度,提出了五个方面的主要研究内容,针对BGP协议的前缀起源认证和路径信息认证,以及路由转发中的不作为行为等问题给出了相应的解决方案。与已有的方案相比,提高了BGP安全方案的性能,减少了方案的复杂度与资源开销,对推进BGP安全方案的研究以及可部署性起到了一定的理论意义和实际应用的价值。
With the rapid development of Internet, it has become an indivisible part of our daily life like the four essential requirements of the people at present. Routing is the cornerstone of network. Based on the division of various autonomous systems (AS), routing system has been classified into two different levels which are intra-domain routing and inter-domain routing. As the only de facto routing protocol used for inter-domain routing, the Border Gateway Protocol (BGP) is used to exchange routing information between ASes and its security has great significance for the whole Internet.
BGP is designed on the basis of hypothesis that the network environment is trust and reliable initially. Due to the lack of necessary security mechanisms, BGP cannot satisfy the security requirements of ever-deteriorating Internet environment currently. In the past few years, high frequency of inter-domain routing accidents indicates that it is urgent to enhance the security of BGP. Many secure protocols have been proposed for BGP exposed security issues by researchers in academic circles and industrial community, such as S-BGP, soBGP, psBGP, SE-BGP and so on. However, none of proposed methods has been deployed so far due to lack of security, too complex verification model and excess routing resources consumption. The key to deploy the BGP security mechanisms is to propose new, simple and lightweight solutions and improve their performance and practicality importantly.
This thesis analyses security BGP vulnerabilities from two aspects which are routing information security and routing behavior security. This article summarizes the major defects of existing methods for the further research on key technology of safe BGP protocol and designs novel and high-efficiency security mechanisms. From the perspective of keeping routing information safe, the research focuses on security of path information and IP address prefix origin authentication. From the perspective of keeping routing behavior safe, the research focuses on detecting and preventing nonfeasance action on inter-domain routing forwarding. The presented schemes increase security for inter-domain routing system and reduce the complexity and resource cost of solutions with the simplification of verifying process. They provide better support for technology deployment and new approaches for implementing next generation IP network with measurable, controllable and manageable.
The main innovations and contributions of the present thesis are as follows:
(1) For the defects of SE-BGP mechanism, an improved BGP security mechanism is proposed for solving the problem of cross-certification of key nodes between AS alliances with introduction of the proxy re-signature. There are some relatively serious defects in the SE-BGP security mechanism. These defects will leakage Internet Service Provider (ISP) information and waste large cost of storage and management of certificates because of maintenance of lots of additional certificates. Therefore the SE-BGP is not a real distributed certificate authority method. Based on the proxy re-signature, the AS alliance is modified and the TTM trust model is improved in this thesis. It is designed for solving the problem of cross-certification of key nodes with novel algorithms for original authentication and path verification. Security analysis demonstrates the scheme has the similar security capability to the SE-BGP. It is showed that this mechanism has better scalability to reduce the cost of certificates storage and information verification compared with SE-BGP in performance evaluation.
(2) This thesis improves the scheme of path verification application in proxy re-signature. A new security mechanism is proposed for BGP path verification based on proxy re-signature to improve the efficiency of path verification. One of the most applications in proxy re-signature is for the network path verification. Therefore, proxy re-signature is firstly introduced into BGP protocol. Combining with BGP protocol characteristics, this thesis gives detailed analysis of existing problems on proxy re-signature practical applications for path verification. It improves original path verification methods and allocates the roles such as delegator into BGP environments reasonably. Corresponding algorithms are proposes for the BGP path update and verification. Security analysis and performance evaluation demonstrate characteristics that the fewer signatures and certificates used in proxy re-signature verification gets well developed with strong ability of security in this mechanism. It can reduce the route resource expense and has high scalability.
(3) Sanitizable signature is introduced into BGP path verification, a security mechanism is proposed based on sanitizable signature. It decreases the cost for path verification and solves the problem that is the modification behavior of sanitizer cannot be restricted. The sanitizable signature can be used for securing routing and consume fewer signatures and certificates in verification process. Based on idea of restriction the modification behavior of next-hop node, it overcomes the defects of application and allocates the roles such as sanitizer into BGP environments reasonably. The novel path authentication model and algorithms have been presented to constrain the behavior of sanitizer. Security analysis and performance evaluation show that the scheme can reduce the routing resource consumption with good security capability and scalability.
(4) Refers to thoughts of line up phenomenon in human society, a lightweight method is designed for BGP path verification. This method is simplified to the process of path verification with less resource consumption. Many security mechanisms have been proposed for BGP path verification. However, none has been widely accepted at present because the high computational overhead and excess storage cost for certificates. Based on analysis of AS_PATH attribute and basic principles of BGP with reference to line up phenomenon in human society, first two ASes'signatures have been taken in every route updates and the two signatures can provide protection for path information without any illegal modification. System simulation results show that this mechanism can reduce the number of signatures, which will not grow with increasing path distance. It also reduces the number of used certificates with strong ability of security and makes the system more simple and efficient to deploy with great practicality.
(5) On the aspect of security of routing behavior, a security mechanism is designed for detecting nonfeasance through introducing feedback approach into the process of BGP route announcements. According to the analysis of anomaly forwarding in inter-domain routing, the existing research is short of nonfeasance behavior which means the autonomous system does not transfer routing information to its peers, which was supposed to do. An accurate definition has been made for nonfeasance behavior in inter-domain routing forwarding on analysis of reasons for nonfeasance. Based on AS relationships between two-hop distance neighbors, it designs algorithms to determine the subsequent forwarding process of neighbor nodes. Feedback approach is introduced into the process of BGP route announcements for detecting nonfeasance behavior. Combined of BGP route selection, this scheme offers an efficient penalty algorithm to keep the selected path safe to lessen the risk of nonfeasance routing behavior. System simulation results show that it improves the overall security of inter-domain routing system and reduces the burden on the system with good scalability to deploy easily.
In summary, this thesis mainly researches on BGP security vulnerabilities inter-domain routing system, and proposes five major research fields from two perspectives that are the security of routing information and routing behavior. It presents the corresponding solutions for prefix original authentication, path verification and nonfeasance behavior detection. Compared with proposed solutions, the schemes in present thesis increase the performance and practicality of security mechanisms by reducing the verification and validation complexity and resource expense. They have great significance in both theory and practice to promote the research on security issues of BGP and deployment of security mechanisms in the future.
BGP协议的设计是建立在网络高度可信的基础之上的,没有考虑任何相关的安全机制,在互联网环境日益复杂的今天,已经不能满足网络的要求。近年来,频发的域间路由安全事件更是预示着增强域间路由协议的安全已经迫在眉睫。针对BGP协议所暴露的安全问题,学术界和工业界纷纷提出多种安全方案,如国外的S-BGP,soBGP和psBGP,国内的SE-BGP等,但是提出的方案由于安全性不足,验证模型过于复杂和过多的资源消耗等原因未能部署。捉出新颖有效的、轻量化的安全方案,提高方案的性能与实用性是BGP安全机制能够实现部署的关键。
本文从路由信息的安全和路由行为的安全两个方面详细分析了BGP协议存在的安全缺陷,总结了已提出的安全方案存在的主要问题,深入研究了BGP协议安全相关的关键技术。在路由信息的安全方面,主要研究了路径信息的保护以及前缀地址的起源认证;在路由行为的安全方面,主要研究了路由转发中不作为行为的检测与防范。提出了增强域间路由协议安全性的新机制与新方法,减少了安全方案的复杂度,简化了验证的过程,降低了路由资源的开销,更好地支持安全方案的部署,为实现可信、可控以及可管的下一代网络提供了新的途径。
本文的贡献和创新工作主要体现在以下几个部分:
(1)针对SE-BGP方案存在的不足,提出了一种改进的BGP安全机制,引入代理重签名机制,解决了关键节点在联盟间交叉认证的问题。SE-BGP方案存在较为严重的缺陷,会泄露运营商的私有信息,且节点仍需维护大量的证书,造成巨大的存储与管理开销,无法实现真正的分布式认证。基于代理重签名机制,修改了AS联盟的结构,改进了TTM信任模型,避免了关键节点的交叉认证,并给出了新的源地址认证和路径认证算法。通过安全分析证明了方案的安全能力与原方案相同,性能分析表明,相比原方案,显著减少了证书的规模以及验证的代价,具有更加良好的可扩展性。
(2)改进了代理重签名机制的路径验证方案,提出了一种基于代理重签名的BGP路径验证机制,提高了路径验证的效率。代理重签名机制的重要应用之一就是进行网络路径验证,将代理重签名机制引入到BGP中,结合BGP协议,分析了代理重签名实际应用时的问题,并将其改进,将其中委托者等角色在BGP场景中进行合理地分配,提出了相应的路径更新与验证算法。分析表明在保证路径信息安全的同时,该方案使得代理重签名减少证书和签名的数量的优点得到了充分地发挥,降低了路径验证所需的各种资源开销,扩展性好。
(3)将可净化签名引入到路径验证中,提出了基于可净化签名的BGP路径验证机制,解决了无法限制净化者修改行为的问题,减少了路径验证的开销。可净化签名可用于安全路由中,使用较少的签名与证书就可以完成验证过程。基于限制下一跳节点修改行为的思想,克服了其实际应用的缺陷,在路径中合理地分配签名者与净化者等角色,提出了新的路径认证模型与认证算法,限制了净化者的修改行为。安全与性能分析表明,与传统方案相比,该方案在保证路径信息安全的同时,减少了路径验证所需的各种资源,可扩展性良好。
(4)基于人类社会中排队列的思想,提出了一种轻量化的BGP路径验证方案,简化了路径验证的过程和所需的系统资源。虽然已经提出了多种BGP路径验证方案,但复杂的验证过程和过多的证书存储开销制约了方案的可部署性。基于对AS_PATH的分析,结合BGP的工作原理,借鉴了排队列的思想,每个路由消息携带路径属性中前两个自治系统AS的签名信息,通过验证这两个签名来为路径信息提供保护。系统仿真结果显示,在不降低安全能力的条件下,有效地减少了签名的数量,签名信息不会随着路径的增加而累积,同时显著降低了证书规模,操作性强,具有良好的实用性。
(5)路由行为安全方面,将反馈机制引入到BGP路由通告过程中,提出了一种安全方案用于检测与防范路由转发中的不作为行为。基于对异常转发行为的分析,发现缺少针对自治系统没有转发本该继续通告的路由信息这种不作为行为的研究。分析了不作为行为产生的原因,对其进行了合理准确地定义。基于两跳距离内AS间的关系,提出判断算法判断邻居的后续转发过程,通过在BGP路由通告过程中引入反馈机制来检测不作为行为。基于BGP的选路规则,设计了惩罚机制,确保选取路径的安全,有效地减少不作为行为的发生。系统仿真结果表明该方案提高了域间路由系统整体的安全性,带来的系统负担比较小,易于扩展实现。
综上所述,本论文研究了域间路由协议BGP存在的安全问题,主要从路由信息的安全性与路由行为的安全性两个角度,提出了五个方面的主要研究内容,针对BGP协议的前缀起源认证和路径信息认证,以及路由转发中的不作为行为等问题给出了相应的解决方案。与已有的方案相比,提高了BGP安全方案的性能,减少了方案的复杂度与资源开销,对推进BGP安全方案的研究以及可部署性起到了一定的理论意义和实际应用的价值。
With the rapid development of Internet, it has become an indivisible part of our daily life like the four essential requirements of the people at present. Routing is the cornerstone of network. Based on the division of various autonomous systems (AS), routing system has been classified into two different levels which are intra-domain routing and inter-domain routing. As the only de facto routing protocol used for inter-domain routing, the Border Gateway Protocol (BGP) is used to exchange routing information between ASes and its security has great significance for the whole Internet.
BGP is designed on the basis of hypothesis that the network environment is trust and reliable initially. Due to the lack of necessary security mechanisms, BGP cannot satisfy the security requirements of ever-deteriorating Internet environment currently. In the past few years, high frequency of inter-domain routing accidents indicates that it is urgent to enhance the security of BGP. Many secure protocols have been proposed for BGP exposed security issues by researchers in academic circles and industrial community, such as S-BGP, soBGP, psBGP, SE-BGP and so on. However, none of proposed methods has been deployed so far due to lack of security, too complex verification model and excess routing resources consumption. The key to deploy the BGP security mechanisms is to propose new, simple and lightweight solutions and improve their performance and practicality importantly.
This thesis analyses security BGP vulnerabilities from two aspects which are routing information security and routing behavior security. This article summarizes the major defects of existing methods for the further research on key technology of safe BGP protocol and designs novel and high-efficiency security mechanisms. From the perspective of keeping routing information safe, the research focuses on security of path information and IP address prefix origin authentication. From the perspective of keeping routing behavior safe, the research focuses on detecting and preventing nonfeasance action on inter-domain routing forwarding. The presented schemes increase security for inter-domain routing system and reduce the complexity and resource cost of solutions with the simplification of verifying process. They provide better support for technology deployment and new approaches for implementing next generation IP network with measurable, controllable and manageable.
The main innovations and contributions of the present thesis are as follows:
(1) For the defects of SE-BGP mechanism, an improved BGP security mechanism is proposed for solving the problem of cross-certification of key nodes between AS alliances with introduction of the proxy re-signature. There are some relatively serious defects in the SE-BGP security mechanism. These defects will leakage Internet Service Provider (ISP) information and waste large cost of storage and management of certificates because of maintenance of lots of additional certificates. Therefore the SE-BGP is not a real distributed certificate authority method. Based on the proxy re-signature, the AS alliance is modified and the TTM trust model is improved in this thesis. It is designed for solving the problem of cross-certification of key nodes with novel algorithms for original authentication and path verification. Security analysis demonstrates the scheme has the similar security capability to the SE-BGP. It is showed that this mechanism has better scalability to reduce the cost of certificates storage and information verification compared with SE-BGP in performance evaluation.
(2) This thesis improves the scheme of path verification application in proxy re-signature. A new security mechanism is proposed for BGP path verification based on proxy re-signature to improve the efficiency of path verification. One of the most applications in proxy re-signature is for the network path verification. Therefore, proxy re-signature is firstly introduced into BGP protocol. Combining with BGP protocol characteristics, this thesis gives detailed analysis of existing problems on proxy re-signature practical applications for path verification. It improves original path verification methods and allocates the roles such as delegator into BGP environments reasonably. Corresponding algorithms are proposes for the BGP path update and verification. Security analysis and performance evaluation demonstrate characteristics that the fewer signatures and certificates used in proxy re-signature verification gets well developed with strong ability of security in this mechanism. It can reduce the route resource expense and has high scalability.
(3) Sanitizable signature is introduced into BGP path verification, a security mechanism is proposed based on sanitizable signature. It decreases the cost for path verification and solves the problem that is the modification behavior of sanitizer cannot be restricted. The sanitizable signature can be used for securing routing and consume fewer signatures and certificates in verification process. Based on idea of restriction the modification behavior of next-hop node, it overcomes the defects of application and allocates the roles such as sanitizer into BGP environments reasonably. The novel path authentication model and algorithms have been presented to constrain the behavior of sanitizer. Security analysis and performance evaluation show that the scheme can reduce the routing resource consumption with good security capability and scalability.
(4) Refers to thoughts of line up phenomenon in human society, a lightweight method is designed for BGP path verification. This method is simplified to the process of path verification with less resource consumption. Many security mechanisms have been proposed for BGP path verification. However, none has been widely accepted at present because the high computational overhead and excess storage cost for certificates. Based on analysis of AS_PATH attribute and basic principles of BGP with reference to line up phenomenon in human society, first two ASes'signatures have been taken in every route updates and the two signatures can provide protection for path information without any illegal modification. System simulation results show that this mechanism can reduce the number of signatures, which will not grow with increasing path distance. It also reduces the number of used certificates with strong ability of security and makes the system more simple and efficient to deploy with great practicality.
(5) On the aspect of security of routing behavior, a security mechanism is designed for detecting nonfeasance through introducing feedback approach into the process of BGP route announcements. According to the analysis of anomaly forwarding in inter-domain routing, the existing research is short of nonfeasance behavior which means the autonomous system does not transfer routing information to its peers, which was supposed to do. An accurate definition has been made for nonfeasance behavior in inter-domain routing forwarding on analysis of reasons for nonfeasance. Based on AS relationships between two-hop distance neighbors, it designs algorithms to determine the subsequent forwarding process of neighbor nodes. Feedback approach is introduced into the process of BGP route announcements for detecting nonfeasance behavior. Combined of BGP route selection, this scheme offers an efficient penalty algorithm to keep the selected path safe to lessen the risk of nonfeasance routing behavior. System simulation results show that it improves the overall security of inter-domain routing system and reduces the burden on the system with good scalability to deploy easily.
In summary, this thesis mainly researches on BGP security vulnerabilities inter-domain routing system, and proposes five major research fields from two perspectives that are the security of routing information and routing behavior. It presents the corresponding solutions for prefix original authentication, path verification and nonfeasance behavior detection. Compared with proposed solutions, the schemes in present thesis increase the performance and practicality of security mechanisms by reducing the verification and validation complexity and resource expense. They have great significance in both theory and practice to promote the research on security issues of BGP and deployment of security mechanisms in the future.
引文
[1]张琪.中国互联网的发展与应用.中国信息导报,2003,(3):33-35.
[2]谢希仁.计算机网络(第5版).电子工业出版社,北京,2008.
[3]自治系统http://baike.baidu.com/view/2663.htm?fromId=854027, Feb.2012.
[4]Autonomous System. http://en.wikipedia.org/wiki/Autonomous_System_ (Intern-et), Feb.2013.
[5]Halabi B. Internet Routing Architectures. Cisco Press, second edition,2001.
[6]Huston Geoff, ISP Survival Guide:Strategies for Running a Competitive ISP: John Wilev and Sons,1998.
[7]黄昌来,毛迪林,高传善.一种基于自治系统编号的轻量级IP追踪方案.计算机应用与软件,2010,27(7):197-199.
[8]王洪君Internet域间路由稳定性研究[博士论文].沈阳,东北大学,2005年.
[9]互联网设备http://www.jswl.cn/course/a1013/wljczs/index0302.htm, Mar.2013.
[10]闵应骅.计算机网络路由研究综述.计算机学报,2003,26(6):641-649.
[11]毛玉明,廖昕,沈晓云.路由器原理及路由协议.电信科学,1997,13(10):13-17.
[12]徐明伟,杨芫,李琦.域内自愈路由研究综述.电子学报,2009,37(12):2753-2761.
[13]C. Hedrick. Routing Information Protocol. Internet Engineering Task Force(IETF), RFC 1058,1998.
[14]戴斌.域间多路径路由关键技术研究[博士论文].长沙,国防科技大学,2011.
[15]Malkin Gary Scott. RIP Version 2. Internet Engineering Task Force(IETF), RFC 2453,1998.
[16]Cisco Systems. Introduction to EIGRP. http://www.cisco.com/image/gif/paws/ 13669/1.pdf, Aug.2005.
[17]Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments. Internet Engineering Task Force(IETF), RFC 1195,1990.
[18]Moy John. OSPF Version 2. Internet Engineering Task Force(IETF), RFC 2328. 1998.
[19]Kabachinski,J. Routing fundamentals,Part one:Distance Vector Routing. Biomedical Instrumentation and Technology,2000,34(2):135-137.
[20]Mills D.External Gateway Protocol formal specification.Internet Engineering Task Force(IETF), RFC 904,1984.
[21]Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4(BGP-4). Internet Engineering Task Force(IETF), RFC 4271,2006.
[22]周文辉,丁利剑,唐健.Internet路由技术及相关协议.电信技术,1999,9:41-44.
[23]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol(BGP). Internet Engineering Task Force(IETF), RFC 1105,1989.
[24]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol(BGP). Internet Engineering Task Force(IETF), RFC 1163,1990.
[25]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol 3(BGP-3). Internet Engineering Task Force(IETF), RFC 1267,1991.
[26]杜慧军,杨宁.高端路由器CIDR表非关键字索引的B-Tree机制.北京邮电大学学报,2009,32(5):104-108.
[27]Le Franck, Xie Geoffrey G, Zhang Hui. On route aggregation. Proceedings of the 7th Conference on Emerging Networking EXperiments and Technologies, CoNEXT'11,2011.
[28]Vincent J. Bono.7007 Explanation and Apology.http://www.merit.edu/mail. archives/nanog/1997-04/msg00444.html, Oct.2010
[29]Stephen A Misel. Wow, AS7007!. http://www.merit.edu/mail.archives/nanog/ 1997-04/msg00340.html, Oct.2010.
[30]Rensys Blog. Con-Ed steals the net.2006. http://www.renesys.com/blog/ 2006/01/coned steals the net.shtml.
[31]Rensys Blog. Pakistan hijacks YouTube.2008. http://www.renesys.com/blog/ 2008/02/pakistan_ hijacks_youtube_1.shtml
[32]BGPmon Blog. How the Internet in Australia went down under. http://bgpmon. net/blog/?p=554.
[33]赵伟杰,蔡开裕,朱培栋.域间路由系统脆弱性及其应对措施.电信科学,2007(1):66-69.
[34]刘迎国,念其峰,朱培栋.域间路由系统的安全威胁及其对策.微机发展,2005,15(11):7-10.
[35]胡湘江,朱培栋,龚正虎.域间路由协议BGP安全性研究.计算机工程与科学,2007,29(9):5-8.
[36]RPSEC Working Group.http://www.ietf.org/html.charters/rpsec-charter.html.
[37]SIDR Working Group. http://www. ietf. org/html.charters/sidr-charter.html.
[38]Phillipa Gill, Michael Schapira, Sharon Goldberg. Let the Market Drive Deployment:A Strategy for Transitioning to BGP Security. Proceedings of the ACM SIGCOMM2011 conference,2011:14-25.
[39]Secure inter-domain routing (sidr). http://datatracker.ietf.org/wg/sidr/.
[40]BGP安全之争http://weijishijie.blog.51 cto.com/314724/284487,2012.
[41]Department of Homeland Security. The national strategy to secure cyberspace. Technical Report,2003.
[42]胡湘江.域间路由系统安全关键技术研究[博士论文].长沙,国防科学技术大学,2009.
[43]Kuhn R, Sriram K, Montgomery D. Border gateway protocol security. Technical Report,2007.
[44]Kent S, Lynn C, Seo K. Secure Border Gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications,2000,18(4):582-592.
[45]White R. Securing BGP through Secure Origin BGP. Internet Protocol Journal, 2003,6(3).
[46]Kranankis E, Wan T, Oorschot P C. On Interdomain Routing Security and Pretty Secure BGP(psBGP). ACM Trans on Information and System Security (TISSEC), 2007,10(3):1-41.
[47]Karlin J, Forrest S, Rexford J. Pretty Good BGP:Improving BGP by Cautiously Adopting Routes. In:David L, ed. Proc. of the IEEE Int'l Conf. on Network Protocols. Washington:IEEE Computer Society Press,2006:283-292.
[48]胡湘江,朱培栋,龚正虎SE-BGP一种BGP安全机制.软件学报,2008,19(1):167-176.
[49]王娜,智英建,张建辉,程东年,汪斌强.一种基于身份的安全域间路由协议.软件学报,2009,20(12):3223-3239.
[50]Hu C, Perring A, Sirbu M. SPV:Secure path vector routing for securing BGP. In: Yavatkar R. ed. Proc. Of the ACM SIGCOMM. Washington:ACM Press.2004: 179-192.
[51]李琦,吴建平,徐明伟,徐恪,张新文.自治系统间的安全域间路由协议GesBGP计算机学报,2009,32(3):506-515.
[52]William Aiello,John Ioannidis,Patrick McDaniel. Origin Authentication in Interdomain routing. Computer Networks,2006.50(16):2953-2980.
[53]Junaid Israr, Mouhcine Guennoun. and Hussein T. Mouftah. Credible BGP Extensions to BGP for Secure Networking.Fourth International Conference on Systems and Networks Communications,2009:212-216.
[54]蔡开裕,喻卫,朱培栋.BGP安全扩展方案ssBGP.计算机工程,2006,32(22):166-168.
[55]Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick McDaniel, Aviel Rubin. Working Around BGP:An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In Proceeding of ISOC NDSS'03, San Diego,2003:75-85.
[56]刘志辉,孙斌,谷利泽,杨义先.一种防范BGP地址前缀劫持的源认证方案.软件学报,2012,23(7):1908-1923..
[57]Lakshminarayanan Subramanian, Volker Roth, Ion Stoica, Scott Shenker, Randy H. Katz. Listen and Whisper:Security Mechanisms for BGP. In Proc. Symp. Networked Systems Design and Implementation(NSDI), San Francisco,2004.
[58]Vidya.K. Logarithmic Octal Approximation Keying Scheme for Securing AS-PATH in Inter-Domain Routing. European Journal of Scientific Research,2011, 54(1):121-133.
[59]徐恪,熊勇强,吴建平.边界网关协议BGP-4的安全扩展.电子学报,2002,30(2):153-155.
[60]Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, Lixia Zhang. PHAS:A Prefix Hijack Alert System. In Proc.15th USENIX Security Symp, Canada, 2006:153-166.
[61]Krugel C, Mutz D, Robertson K and Valeur F. Topology-Based Detection of Anomalous BGP Messgae. In:John M, ed. Proc. Of the RAID. Berlin: Springer-Verlag,2003:17-35.
[62]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法.软件学报,2010,21(3):505-515.
[63]刘欣,朱培栋,彭宇行.防范前缀劫持的互联网注册机制.软件学报,2009,20(3):620-629.
[64]Huston G. Auto-Detecting Hijacked Prefixes? In:Proc. of the RIPE 50 meeting, 2005.
[65]Inigo Ortiz de Urbina Cazenave, Erkan Kosluk, Murat Can Ganiz. An Anomaly Detection Framework for BGP. INISTA 2011-2011 International Symposium on IN novations in Intelligent SysTems and Applications, Turkey,2011:107-111.
[66]Qitao Wu and Meiyan Wang. Abnormal BGP Routing Dynamics Detection by Sampling Approach in Decision Tree.2009 First International Workshop on Database Technology and Applications,2009:170-173.
[67]Hu X, Mao M. Accurate Real-time Identification of IP Prefix Hijacking. In: Deborah S, ed. Proc. of the IEEE Security and Privacy. Washington:IEEE Computer Society Press,2007:3-17.
[68]Zhao X, Pei D, Wang L, Massey D, Mankin A, Wu F, Zhang LX. Detection of Invalid Routing Announcement in the Internet. In:Farnam J, ed. Proc. of the DSN. Washington:IEEE Computer Society Press,2002:59-68.
[69]Mayer D. University of Oregon Route Views Project. http://www.routeviews. org/,2003.
[70]RIPE RIS Project.http://data.ris.ripe.net/,2005.
[71]CIDR Report.http://bgp.potaroo.net/as1221/bgp-active.html,2010.
[72]Ripe's MyASN. http://www.ris.ripe.net/myasn.html.
[73]Cymru Team. The team cymru bogon route server project. http://www.cymru. com/Documents/bogon-list.html,2004.
[74]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885-897.
[75]刘欣,王小强,朱培栋,彭宇行.互联网域问路由系统安全态势评估.计算机研究与发展,2009,46(10):1669-1677.
[76]赵会群,张春宏,刘冰玉,高远.基于AS关系的BGP路由策略冲突检测研究.计算机研究与发展,2002,39(9):1025-1030.
[77]吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务增强机制.软件学报,2010,21(7):1704-1716.
[78]赵鹏.国家级互联网域间路由安全监测系统的设计与优化[硕士论文].长沙,国防科学技术大学,2010.
[79]刘欣,朱培栋,米强,杨明军.基于规则的域间路由系统异常检测.国防科技大学学报,2006,28(3):71-76.
[80]Murphy S. BGP Security Vulnerabilities Analysis. RFC 4272,2006.
[81]Farley T. McDaniel P. Butler K. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE,2010(1):100-122.
[82]Mahajan R, Wetherall D. Anderson T. Understanding BGP Misconfiguration. In Proc. of ACM SIGCOMM.2002:3-16.
[83]赵金晶.域间路由系统自组织特性及关键问题研究[博士论文].长沙.国防科技大学,2007.
[84]Ola Nordstrom and Constantinos Dovrolis. Beware of BGP Attacks.ACM Computer Communications Review,2004,34(2):1-8.
[85]Blaze M, Bleumer G, Strauss M. Divertible Protocols and Atomic Proxy Cryptography. In EUROCRYPT 1998, LNCS1403,1998:127-144.
[86]Ateniese G, Hohenberger S. Proxy Re-Signatures:New Definitions, Algorithms, and Applications. In proceedings of the 12th ACM Conference on Computer and Communications Security (CCS),2005:310-319.
[87]Zhou S, Mondragon RJ. The Rich-club Phenomenon in the Internet Topology. IEEE Communications Letters,2004,8(3):180-182.
[88]张国强,张国清.Internet网络的关联性研究.软件学报,2006,17(3):490-497.
[89]孙超亮.代理重签名研究[硕士论文].上海,上海交通大学,2008.
[90]邓宇乔.一种新的代理重签名方案.计算机应用研究,2011,28(9):3508-3510.
[91]邵俊.代理重密码的研究[博士论文].上海,上海交通大学,2008.
[92]Ateniese G, Chou D, de Medeiros B, et al. Sanitizable Signature. In ESORICS 2005, Lecture Notes in Computer Science, Springer-Verlag,2005:159-177.
[93]Gao LX. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactiongs on Networking,2001,9(6):733-745.
[94]魏镇韩,陈鸣,赵洪华.AS关系快速推断算法.电子科技大学学报,2010,39(2):266-270.
[95]Xenofontas Dimitropoulos, Dmitri Krioukov, Marina Fomenkov, Bradley Huffaker. AS Relationships:Inference and Validation. ACM SIGCOMM Computer Communication Review,2007,37:29-40.
[96]J. Xia and L. Gao. On the evaluation of AS relationship inferences. In IEEE GLOBECOM,2004.
[97]韩立宁,黄曙光,夏阳,杨国正.互联网AS关系推断算法研究.计算机工程与设计,2009,30(10):2360-2367.
[98]李少勇.面向集群路由器的分布式BGP协议路由同步机制的研究与实现[硕士论文].长沙,国防科技大学,2008.
[99]BGP综述.http://www.h3c.com.cn/MiniSite/Technology_Circle/Net_Reptile/ The_Tthree/Home/Catalog/201010/696843_97665_0.htm,2011.
[100]刘欣.互联网域间路由安全监测技术研究[博士论文].长沙,国防科学技术大学,2008.
[101]黎松,诸葛建伟,李星.BGP安全研究.软件学报,在线出版,2012.
[102]Ballani Hitesh, Francis Paul, Zhang Xinyang. A Study of Prefix Hijacking and Interception in the Internet. In:Proc. of the SIGCOMM,2007.
[103]朱培栋,赵金晶,邓文平Internet域间路由系统:问题与挑战.中兴通讯技术,2009,15(6):9-12.
[104]周婵.BGP路由摆动抑制机制与路径探索.贵州教育学院学报(自然科学),2005,16(4):89-91.
[105]卢锡城,赵金晶,朱培栋,董攀.域间路由系统自组织特性.软件学报,2006,17(9):1922-1932.
[106]PKI. http://baike.baidu.com/view/7615.htm,2013.
[107]郭利.S-BGP协议安全机制研究[硕士论文].西安,西安电子科技大学,2005.
[108]Zhao X, Pei D, Wang L, Massey D, Mankin A, Wu SF, Zhang L. An analysis of BGP multiple origin AS (MOAS) conflicts. In:Proc. of the SIGCOMM Internet Measurement Workshop. San Francisco:ACM Press,2001.31-35.
[109]Internet Routing Registry.http://www.irr.net/.
[110]Villamizar C, Alaettinoglu A, Meyer D, Murphy S.Routing Policy System Security. RFC 2725,1999.
[111]Weekly Routing Table Report.http://seclists.org/nanog/2011/Jul/32.
[112]LPBC Library.http://crypto.stanford.edu/pbc/.
[113]工娜顾,纯祥,汪斌强.基于身份的BGP路径验证机制.计算机工程,2007,33(17):34-36.
[114]Zhao M, Smith S W, Nicol D.The Performance Impact of BGP Security. IEEE Network,2005,19(6):42-48.
[115]CIDR Report. http://www.cidr-report.org/as2.0.
[116]Internet topology at router-and AS-levels, and the dual router+AS Internet topology generator.http://www.caida.org/research/topology/generator/.
[117]巩俊卿.钱海峰.具有完全保密性的高效可净化数字签名方案.计算机应用研究.2011,28(1):312-317.
[118]易玮,王彩芬,王琴.条件式可净化化签名.计算机应用与软件,2009,26(4):257-259.
[119]Ateniese G,de Medeiros B. On the Key Exposure Problem in Chameleon Hashes.Security in Communication Networks 2004,LNCS 3352,Springer-Verlag, 2005:165-179.
[120]Welcome t o US CERT.http://www.us.cert.gov/.
[121]OpenSSL:The Open Source toolkit for SSL/TLS. http://www.openssl.org/, 2012.
[122]The Network Simulator-ns2.http://www.isi.edu/nsnam/ns/,2012.
[123]BRITE. http://www.cs.bu.edu/brite/,2012.
[124]Zhao M, Smith S W, Nicol D. Evaluating the Performance Impact of PKI on BGP Security.4th Annual PKI Research and Development Workshop, Gaithersburg, MD, April 2005.
[2]谢希仁.计算机网络(第5版).电子工业出版社,北京,2008.
[3]自治系统http://baike.baidu.com/view/2663.htm?fromId=854027, Feb.2012.
[4]Autonomous System. http://en.wikipedia.org/wiki/Autonomous_System_ (Intern-et), Feb.2013.
[5]Halabi B. Internet Routing Architectures. Cisco Press, second edition,2001.
[6]Huston Geoff, ISP Survival Guide:Strategies for Running a Competitive ISP: John Wilev and Sons,1998.
[7]黄昌来,毛迪林,高传善.一种基于自治系统编号的轻量级IP追踪方案.计算机应用与软件,2010,27(7):197-199.
[8]王洪君Internet域间路由稳定性研究[博士论文].沈阳,东北大学,2005年.
[9]互联网设备http://www.jswl.cn/course/a1013/wljczs/index0302.htm, Mar.2013.
[10]闵应骅.计算机网络路由研究综述.计算机学报,2003,26(6):641-649.
[11]毛玉明,廖昕,沈晓云.路由器原理及路由协议.电信科学,1997,13(10):13-17.
[12]徐明伟,杨芫,李琦.域内自愈路由研究综述.电子学报,2009,37(12):2753-2761.
[13]C. Hedrick. Routing Information Protocol. Internet Engineering Task Force(IETF), RFC 1058,1998.
[14]戴斌.域间多路径路由关键技术研究[博士论文].长沙,国防科技大学,2011.
[15]Malkin Gary Scott. RIP Version 2. Internet Engineering Task Force(IETF), RFC 2453,1998.
[16]Cisco Systems. Introduction to EIGRP. http://www.cisco.com/image/gif/paws/ 13669/1.pdf, Aug.2005.
[17]Callon R. Use of OSI IS-IS for routing in TCP/IP and dual environments. Internet Engineering Task Force(IETF), RFC 1195,1990.
[18]Moy John. OSPF Version 2. Internet Engineering Task Force(IETF), RFC 2328. 1998.
[19]Kabachinski,J. Routing fundamentals,Part one:Distance Vector Routing. Biomedical Instrumentation and Technology,2000,34(2):135-137.
[20]Mills D.External Gateway Protocol formal specification.Internet Engineering Task Force(IETF), RFC 904,1984.
[21]Rekhter Y, Li T, Hares S. A Border Gateway Protocol 4(BGP-4). Internet Engineering Task Force(IETF), RFC 4271,2006.
[22]周文辉,丁利剑,唐健.Internet路由技术及相关协议.电信技术,1999,9:41-44.
[23]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol(BGP). Internet Engineering Task Force(IETF), RFC 1105,1989.
[24]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol(BGP). Internet Engineering Task Force(IETF), RFC 1163,1990.
[25]Lougheed Kirk, Rekhter Yakov. A Border Gateway Protocol 3(BGP-3). Internet Engineering Task Force(IETF), RFC 1267,1991.
[26]杜慧军,杨宁.高端路由器CIDR表非关键字索引的B-Tree机制.北京邮电大学学报,2009,32(5):104-108.
[27]Le Franck, Xie Geoffrey G, Zhang Hui. On route aggregation. Proceedings of the 7th Conference on Emerging Networking EXperiments and Technologies, CoNEXT'11,2011.
[28]Vincent J. Bono.7007 Explanation and Apology.http://www.merit.edu/mail. archives/nanog/1997-04/msg00444.html, Oct.2010
[29]Stephen A Misel. Wow, AS7007!. http://www.merit.edu/mail.archives/nanog/ 1997-04/msg00340.html, Oct.2010.
[30]Rensys Blog. Con-Ed steals the net.2006. http://www.renesys.com/blog/ 2006/01/coned steals the net.shtml.
[31]Rensys Blog. Pakistan hijacks YouTube.2008. http://www.renesys.com/blog/ 2008/02/pakistan_ hijacks_youtube_1.shtml
[32]BGPmon Blog. How the Internet in Australia went down under. http://bgpmon. net/blog/?p=554.
[33]赵伟杰,蔡开裕,朱培栋.域间路由系统脆弱性及其应对措施.电信科学,2007(1):66-69.
[34]刘迎国,念其峰,朱培栋.域间路由系统的安全威胁及其对策.微机发展,2005,15(11):7-10.
[35]胡湘江,朱培栋,龚正虎.域间路由协议BGP安全性研究.计算机工程与科学,2007,29(9):5-8.
[36]RPSEC Working Group.http://www.ietf.org/html.charters/rpsec-charter.html.
[37]SIDR Working Group. http://www. ietf. org/html.charters/sidr-charter.html.
[38]Phillipa Gill, Michael Schapira, Sharon Goldberg. Let the Market Drive Deployment:A Strategy for Transitioning to BGP Security. Proceedings of the ACM SIGCOMM2011 conference,2011:14-25.
[39]Secure inter-domain routing (sidr). http://datatracker.ietf.org/wg/sidr/.
[40]BGP安全之争http://weijishijie.blog.51 cto.com/314724/284487,2012.
[41]Department of Homeland Security. The national strategy to secure cyberspace. Technical Report,2003.
[42]胡湘江.域间路由系统安全关键技术研究[博士论文].长沙,国防科学技术大学,2009.
[43]Kuhn R, Sriram K, Montgomery D. Border gateway protocol security. Technical Report,2007.
[44]Kent S, Lynn C, Seo K. Secure Border Gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications,2000,18(4):582-592.
[45]White R. Securing BGP through Secure Origin BGP. Internet Protocol Journal, 2003,6(3).
[46]Kranankis E, Wan T, Oorschot P C. On Interdomain Routing Security and Pretty Secure BGP(psBGP). ACM Trans on Information and System Security (TISSEC), 2007,10(3):1-41.
[47]Karlin J, Forrest S, Rexford J. Pretty Good BGP:Improving BGP by Cautiously Adopting Routes. In:David L, ed. Proc. of the IEEE Int'l Conf. on Network Protocols. Washington:IEEE Computer Society Press,2006:283-292.
[48]胡湘江,朱培栋,龚正虎SE-BGP一种BGP安全机制.软件学报,2008,19(1):167-176.
[49]王娜,智英建,张建辉,程东年,汪斌强.一种基于身份的安全域间路由协议.软件学报,2009,20(12):3223-3239.
[50]Hu C, Perring A, Sirbu M. SPV:Secure path vector routing for securing BGP. In: Yavatkar R. ed. Proc. Of the ACM SIGCOMM. Washington:ACM Press.2004: 179-192.
[51]李琦,吴建平,徐明伟,徐恪,张新文.自治系统间的安全域间路由协议GesBGP计算机学报,2009,32(3):506-515.
[52]William Aiello,John Ioannidis,Patrick McDaniel. Origin Authentication in Interdomain routing. Computer Networks,2006.50(16):2953-2980.
[53]Junaid Israr, Mouhcine Guennoun. and Hussein T. Mouftah. Credible BGP Extensions to BGP for Secure Networking.Fourth International Conference on Systems and Networks Communications,2009:212-216.
[54]蔡开裕,喻卫,朱培栋.BGP安全扩展方案ssBGP.计算机工程,2006,32(22):166-168.
[55]Geoffrey Goodell, William Aiello, Timothy Griffin, John Ioannidis, Patrick McDaniel, Aviel Rubin. Working Around BGP:An Incremental Approach to Improving Security and Accuracy of Interdomain Routing. In Proceeding of ISOC NDSS'03, San Diego,2003:75-85.
[56]刘志辉,孙斌,谷利泽,杨义先.一种防范BGP地址前缀劫持的源认证方案.软件学报,2012,23(7):1908-1923..
[57]Lakshminarayanan Subramanian, Volker Roth, Ion Stoica, Scott Shenker, Randy H. Katz. Listen and Whisper:Security Mechanisms for BGP. In Proc. Symp. Networked Systems Design and Implementation(NSDI), San Francisco,2004.
[58]Vidya.K. Logarithmic Octal Approximation Keying Scheme for Securing AS-PATH in Inter-Domain Routing. European Journal of Scientific Research,2011, 54(1):121-133.
[59]徐恪,熊勇强,吴建平.边界网关协议BGP-4的安全扩展.电子学报,2002,30(2):153-155.
[60]Mohit Lad, Dan Massey, Dan Pei, Yiguo Wu, Beichuan Zhang, Lixia Zhang. PHAS:A Prefix Hijack Alert System. In Proc.15th USENIX Security Symp, Canada, 2006:153-166.
[61]Krugel C, Mutz D, Robertson K and Valeur F. Topology-Based Detection of Anomalous BGP Messgae. In:John M, ed. Proc. Of the RAID. Berlin: Springer-Verlag,2003:17-35.
[62]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法.软件学报,2010,21(3):505-515.
[63]刘欣,朱培栋,彭宇行.防范前缀劫持的互联网注册机制.软件学报,2009,20(3):620-629.
[64]Huston G. Auto-Detecting Hijacked Prefixes? In:Proc. of the RIPE 50 meeting, 2005.
[65]Inigo Ortiz de Urbina Cazenave, Erkan Kosluk, Murat Can Ganiz. An Anomaly Detection Framework for BGP. INISTA 2011-2011 International Symposium on IN novations in Intelligent SysTems and Applications, Turkey,2011:107-111.
[66]Qitao Wu and Meiyan Wang. Abnormal BGP Routing Dynamics Detection by Sampling Approach in Decision Tree.2009 First International Workshop on Database Technology and Applications,2009:170-173.
[67]Hu X, Mao M. Accurate Real-time Identification of IP Prefix Hijacking. In: Deborah S, ed. Proc. of the IEEE Security and Privacy. Washington:IEEE Computer Society Press,2007:3-17.
[68]Zhao X, Pei D, Wang L, Massey D, Mankin A, Wu F, Zhang LX. Detection of Invalid Routing Announcement in the Internet. In:Farnam J, ed. Proc. of the DSN. Washington:IEEE Computer Society Press,2002:59-68.
[69]Mayer D. University of Oregon Route Views Project. http://www.routeviews. org/,2003.
[70]RIPE RIS Project.http://data.ris.ripe.net/,2005.
[71]CIDR Report.http://bgp.potaroo.net/as1221/bgp-active.html,2010.
[72]Ripe's MyASN. http://www.ris.ripe.net/myasn.html.
[73]Cymru Team. The team cymru bogon route server project. http://www.cymru. com/Documents/bogon-list.html,2004.
[74]陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885-897.
[75]刘欣,王小强,朱培栋,彭宇行.互联网域问路由系统安全态势评估.计算机研究与发展,2009,46(10):1669-1677.
[76]赵会群,张春宏,刘冰玉,高远.基于AS关系的BGP路由策略冲突检测研究.计算机研究与发展,2002,39(9):1025-1030.
[77]吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务增强机制.软件学报,2010,21(7):1704-1716.
[78]赵鹏.国家级互联网域间路由安全监测系统的设计与优化[硕士论文].长沙,国防科学技术大学,2010.
[79]刘欣,朱培栋,米强,杨明军.基于规则的域间路由系统异常检测.国防科技大学学报,2006,28(3):71-76.
[80]Murphy S. BGP Security Vulnerabilities Analysis. RFC 4272,2006.
[81]Farley T. McDaniel P. Butler K. A Survey of BGP Security Issues and Solutions. Proceedings of the IEEE,2010(1):100-122.
[82]Mahajan R, Wetherall D. Anderson T. Understanding BGP Misconfiguration. In Proc. of ACM SIGCOMM.2002:3-16.
[83]赵金晶.域间路由系统自组织特性及关键问题研究[博士论文].长沙.国防科技大学,2007.
[84]Ola Nordstrom and Constantinos Dovrolis. Beware of BGP Attacks.ACM Computer Communications Review,2004,34(2):1-8.
[85]Blaze M, Bleumer G, Strauss M. Divertible Protocols and Atomic Proxy Cryptography. In EUROCRYPT 1998, LNCS1403,1998:127-144.
[86]Ateniese G, Hohenberger S. Proxy Re-Signatures:New Definitions, Algorithms, and Applications. In proceedings of the 12th ACM Conference on Computer and Communications Security (CCS),2005:310-319.
[87]Zhou S, Mondragon RJ. The Rich-club Phenomenon in the Internet Topology. IEEE Communications Letters,2004,8(3):180-182.
[88]张国强,张国清.Internet网络的关联性研究.软件学报,2006,17(3):490-497.
[89]孙超亮.代理重签名研究[硕士论文].上海,上海交通大学,2008.
[90]邓宇乔.一种新的代理重签名方案.计算机应用研究,2011,28(9):3508-3510.
[91]邵俊.代理重密码的研究[博士论文].上海,上海交通大学,2008.
[92]Ateniese G, Chou D, de Medeiros B, et al. Sanitizable Signature. In ESORICS 2005, Lecture Notes in Computer Science, Springer-Verlag,2005:159-177.
[93]Gao LX. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactiongs on Networking,2001,9(6):733-745.
[94]魏镇韩,陈鸣,赵洪华.AS关系快速推断算法.电子科技大学学报,2010,39(2):266-270.
[95]Xenofontas Dimitropoulos, Dmitri Krioukov, Marina Fomenkov, Bradley Huffaker. AS Relationships:Inference and Validation. ACM SIGCOMM Computer Communication Review,2007,37:29-40.
[96]J. Xia and L. Gao. On the evaluation of AS relationship inferences. In IEEE GLOBECOM,2004.
[97]韩立宁,黄曙光,夏阳,杨国正.互联网AS关系推断算法研究.计算机工程与设计,2009,30(10):2360-2367.
[98]李少勇.面向集群路由器的分布式BGP协议路由同步机制的研究与实现[硕士论文].长沙,国防科技大学,2008.
[99]BGP综述.http://www.h3c.com.cn/MiniSite/Technology_Circle/Net_Reptile/ The_Tthree/Home/Catalog/201010/696843_97665_0.htm,2011.
[100]刘欣.互联网域间路由安全监测技术研究[博士论文].长沙,国防科学技术大学,2008.
[101]黎松,诸葛建伟,李星.BGP安全研究.软件学报,在线出版,2012.
[102]Ballani Hitesh, Francis Paul, Zhang Xinyang. A Study of Prefix Hijacking and Interception in the Internet. In:Proc. of the SIGCOMM,2007.
[103]朱培栋,赵金晶,邓文平Internet域间路由系统:问题与挑战.中兴通讯技术,2009,15(6):9-12.
[104]周婵.BGP路由摆动抑制机制与路径探索.贵州教育学院学报(自然科学),2005,16(4):89-91.
[105]卢锡城,赵金晶,朱培栋,董攀.域间路由系统自组织特性.软件学报,2006,17(9):1922-1932.
[106]PKI. http://baike.baidu.com/view/7615.htm,2013.
[107]郭利.S-BGP协议安全机制研究[硕士论文].西安,西安电子科技大学,2005.
[108]Zhao X, Pei D, Wang L, Massey D, Mankin A, Wu SF, Zhang L. An analysis of BGP multiple origin AS (MOAS) conflicts. In:Proc. of the SIGCOMM Internet Measurement Workshop. San Francisco:ACM Press,2001.31-35.
[109]Internet Routing Registry.http://www.irr.net/.
[110]Villamizar C, Alaettinoglu A, Meyer D, Murphy S.Routing Policy System Security. RFC 2725,1999.
[111]Weekly Routing Table Report.http://seclists.org/nanog/2011/Jul/32.
[112]LPBC Library.http://crypto.stanford.edu/pbc/.
[113]工娜顾,纯祥,汪斌强.基于身份的BGP路径验证机制.计算机工程,2007,33(17):34-36.
[114]Zhao M, Smith S W, Nicol D.The Performance Impact of BGP Security. IEEE Network,2005,19(6):42-48.
[115]CIDR Report. http://www.cidr-report.org/as2.0.
[116]Internet topology at router-and AS-levels, and the dual router+AS Internet topology generator.http://www.caida.org/research/topology/generator/.
[117]巩俊卿.钱海峰.具有完全保密性的高效可净化数字签名方案.计算机应用研究.2011,28(1):312-317.
[118]易玮,王彩芬,王琴.条件式可净化化签名.计算机应用与软件,2009,26(4):257-259.
[119]Ateniese G,de Medeiros B. On the Key Exposure Problem in Chameleon Hashes.Security in Communication Networks 2004,LNCS 3352,Springer-Verlag, 2005:165-179.
[120]Welcome t o US CERT.http://www.us.cert.gov/.
[121]OpenSSL:The Open Source toolkit for SSL/TLS. http://www.openssl.org/, 2012.
[122]The Network Simulator-ns2.http://www.isi.edu/nsnam/ns/,2012.
[123]BRITE. http://www.cs.bu.edu/brite/,2012.
[124]Zhao M, Smith S W, Nicol D. Evaluating the Performance Impact of PKI on BGP Security.4th Annual PKI Research and Development Workshop, Gaithersburg, MD, April 2005.