Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for defending border gateway protocol prefix hijacking attack

A border gateway protocol and prefix technology, applied to electrical components, public keys for secure communication, transmission systems, etc., can solve problems such as inability to authenticate connectivity, incomplete security protection, and inability to prevent IP prefix hijacking

Inactive Publication Date: 2011-08-17
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But a more important aspect is: existing security solutions, such as attack detection mechanisms, cannot prevent the occurrence of IP prefix hijacking
However, the attack prevention mechanism can only prevent hijacking of one or several IP prefixes, and has the disadvantage of incomplete security protection, especially in the current system of distributing PKI according to the distribution level of IP prefixes and AS numbers, the upper-level ISP includes the PKI of the lower-level ISP Authentication certificates, leading to upper-layer ISP prefix hijacking, and path hijacking due to the inability of existing PKI to authenticate connectivity, both of which cannot be well prevented

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for defending border gateway protocol prefix hijacking attack
  • Method for defending border gateway protocol prefix hijacking attack
  • Method for defending border gateway protocol prefix hijacking attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] The present invention will be further described below in conjunction with accompanying drawing:

[0065] 1. Hierarchical allocation system of PKI based on IP prefix and AS number

[0066] The establishment of the PKI hierarchical allocation system based on IP prefixes and AS numbers is based on the existing IP address and AS number allocation agent system, which does not consider the "trust" problem encountered at the beginning of the new PKI, which saves a lot of trouble in the creation process . This method needs to use the following two PKIs to solve the certificate distribution of IP prefixes and AS numbers, namely: one is used to distribute certificates representing the ownership of IP prefixes; the other is responsible for the distribution of certificates representing the ownership of AS numbers and the binding between AS numbers and routers certificate of relationship.

[0067] IP prefix ownership certificate distribution PKI hierarchy and certificate style are...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for defending border gateway protocol prefix hijacking attack. Firstly, a layered dispatching system is structured according to IP (Internet Protocol) prefix and AS numbers to assign PKIs (Public Key Infrastructures), and two types of the PKIs based on the IP prefix and the AS number are assigned; the two types of PKIs respectively comprise IP prefix assignment certification and AS number assignment certification; the PKI is updated according to the assignment and revocation of the IP prefix and the AS number; the assignment of the PKI adopts the method that an ISP (Internet Service Provider) builds a assignment library; and when the IP prefix and announce messages of AS reach a router, verification is performed, a public key is validated firstly, then an assignment certificate and connectivity are validated, and the accreditation of the IP prefix or the AS number is validated. The method can protect an inter-domain routing system from the attacking of prefix hijacking, IP subnetwork prefix hijacking and particularly upper layer ISP prefix hijacking, and simultaneously can effectively prevent IP prefix AS path hijacking and IP subnetwork prefix AS path hijacking.

Description

technical field [0001] The present invention relates to the technical field of computer network, in particular to a public key infrastructure (PKI-Public Key Infrastructure) based on IP (Internet Protocol) prefix and autonomous system (Autonomous System) number assignment relationship, which can effectively prevent BGP prefix hijacking attacks . Background technique [0002] BGP (Border Gateway Protocol-Border Gateway Protocol), as an inter-domain routing protocol commonly used on the global Internet, plays a vital role in providing and maintaining Internet connectivity. However, the security capabilities of the BGP routing protocol are limited. The communication between BGP peer entities lacks basic authentication and authorization mechanisms, and the routing information transmitted between entities cannot be protected. It is very vulnerable to many malicious attacks. In particular, the prefix hijacking attack is particularly harmful, which will cause turbulence on the glo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/30
Inventor 阳小龙隆克平徐显达
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com