Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method to simultaneously solve prefix hijacking, path hijacking and route leaking attacks

A routing and prefix technology, applied in the field of computer networks, can solve problems such as route leakage attacks, reduce usage, reduce routing load overhead, and prevent AS_PATH path hijacking attacks

Active Publication Date: 2019-04-26
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0022] Aiming at the performance problems and potential safety hazards existing in the prior art, the purpose of the present invention is to propose a method that can simultaneously solve the problems of prefix hijacking, AS_PATH path hijacking and route leakage attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to simultaneously solve prefix hijacking, path hijacking and route leaking attacks
  • A method to simultaneously solve prefix hijacking, path hijacking and route leaking attacks
  • A method to simultaneously solve prefix hijacking, path hijacking and route leaking attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0053] The invention improves the RPKI data synchronization scheme, extends the ASPolicyCert certificate format in the soBGP mechanism, and then effectively combines the two, thereby proposing a method that can simultaneously solve prefix hijacking, AS_PATH path hijacking, and route leakage attacks way of the problem.

[0054] For the current RPKI data synchronization scheme, the flow of the improved scheme designed by the present invention is as follows Image 6 Shown:

[0055] (1) Router R1 applies for an ROA certificate from the RP.

[0056] (2) R1 attaches the ROA certificate to the update message as part of the path attribute of the update message.

[0057] (3) R1 sends the update message containing the ROA certificate to the peer route...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for simultaneously solving prefix hijacking, path hijacking and route leaking attacks. This method changes the mechanism of the current router to periodically synchronize the ROA information in the RP database to a delivery mechanism that puts the ROA certificate in the update message. At the same time, combine the improved RPKI with soBGP, use its mesh trust model and ASPolicyCert certificate topology verification mechanism to realize the routing source verification and path verification functions; and extend the ASPolicyCert certificate format , which is convenient for the router to verify whether there is a route leak in the current route. The invention effectively solves the problems existing in RPKI data synchronization, and makes up for the problems existing in BGPSEC.

Description

technical field [0001] The invention proposes a method capable of simultaneously solving the problems of prefix hijacking, AS_PATH path hijacking and route leakage attack, and belongs to the technical field of computer networks. Background technique [0002] The Border Gateway Protocol (BGP) is the only inter-domain routing protocol in the current Internet. Its own security vulnerabilities will make the entire Internet face serious security threats, such as route hijacking, AS_PATH path hijacking, and route leakage attacks. According to the BGP protocol specification, routers notify other routers of their changed routing information by sending update packets, and unconditionally trust any update packets received. Therefore, the BGP protocol lacks a secure and reliable routing authentication mechanism, and cannot verify the authenticity and integrity of routing information. [0003] The following introduces several common types of BGP security attacks: [0004] (1) Prefix h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/741H04L9/32H04L45/74
CPCH04L9/3247H04L45/74H04L63/0823H04L63/1466
Inventor 李晓东贾佳延志伟耿光刚
Owner CHINA INTERNET NETWORK INFORMATION CENTER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com