Research On IP Prefix Hijacking Preventing Mechanism Based On Update Message Authentication Using Self-certified Public Key Cryptosystems

The Internet is faced with a great number of security threats of which IP prefix hijacking is one of the most serious threats. Existing mechanisms for preventing IP prefix hijacking still can not achieve the satisfactory balance between the stronger security and the less dealing burden, which is one of the greatest obstacles for their deployment.For this, this research presents a mechanism for preventing prefix hijacking based on self-certified public key cryptosystems. In the thesis, self-certified public key cryptosystems are introduced in the design of mechanism for defending against prefix hijacking. A key distribution architecture based on IP prefix address blocks and a hierarchy protocol for issuing self-certified public keys are presented, respectively. The method which generates signatures for secure binding and verifies these signatures using self-certified public keys has been given. In terms of dealing burden, this mechanism eliminates the burden of storage and management of public key certificates without reducing security. The computing overhead is also reduced when verifying public keys. In terms of security, this mechanism can prevent signature replay attacks without increase of computing overhead. Comparing with existing mechanisms, the proposed mechanism has made a certain improvement on both security and dealing burden, which may push ahead the deployment of cryptography-based mechanisms for preventing IP prefix hijacking.The main contributions in this research are summarized as follows.Self-certified public key cryptosystems are introduced in the design of mechanism for defending against prefix hijacking. Thus, the senders can add signatures to update messages, while the receivers of update messages can find tampers about origin autonomous systems by verifying these signatures. In the process of verifying these signatures, neither public key certificates nor key escrow is required. The mechanism can both prevent various common IP prefix hijackings and reduce dealing burden without reducing security.Besides preventing common prefix hijacking, the new mechanism can also prevent signature replay attacks. The security holes which are brought by signature replay attacks are in-depth analyzed. Based on them, a corresponding method for preventing this attack is given. In this method, serial numbers are put into update messages. Meanwhile, signatures with message recovery and self-certified public key cryptosystems are used. Analyses show that the method can prevent signature replay attack almost without introducing extra burden of computation.The main innovation points of this research can be summarized as follows.(1) An architecture of prefix address block based key issuing and a hierarchy protocol for issuing self-certified public keys are presented.Update messages are sent taking address block as unit. Thus, the architecture of prefix-based key issuing, which assigns a pair of public/private keys for each address block, is more suitable for the environment where update messages are transported, signed, and verified. In the existing cryptography-based mechanisms for preventing IP prefix hijacking, architectures for issuing asymmetric keys are always based on organizations, whose main purpose is to reduce the complexity of storage and management of public key certificates. However, in the mechanism proposed by this research, it is not necessary to use organization-based architecture to reduce complexity of storage and management of certificates because public key certificates are eliminated.Based on the architecture of prefix-based key issuing and self-certified public key cryptosystems, a hierarchy protocol for issuing self-certified public keys is presented. Public key cryptosystems can be computed backward along the authorized chain from IANA (Internet Assigned Numbers Authority) to current node by applying a multi-exponentiation formula, which can provide guarantee to verify signatures of securing binding when public key certificates are absent.(2) The method which generates signatures for secure binding and verifies these signatures using self-certified public keys has been given.In the self-certified public key based process of preventing IP prefix hijacking, it is not necessary for verifiers to store and search public certificates. The public key of signer can be computed by using a multi-exponentiation formula and a series of public key witnesses, which can considerably reduce dealing burden and storage space requirement in the process of authenticating origin autonomous systems.(3) A method for preventing signature replay attacks is presented. Existing security mechanisms do not explain this kind of replay attack in detail. So far, no security mechanisms can prevent the signature replay attack. This research in-depth analyzes this kind of attack and its hazards. Based on it, sequence number for every update message and self-certified public key cryptosystems are used. This method can prevent signature replay attack almost without introducing extra burden of computation by sequence numbers’adding, caching and comparing.