Research On Trustworthy Inter-Domain Routing System

From the perspective of inter-domain routing, Internet is in essence a large distributed inter-domain routing system which makes BGP as the de facto standard inter-domain routing protocol. With its simple and efficient features, BGP can work well in the inter-domain routing system of Internet, but it is urgent to change the security status of inter-domain routing system because of which security events happened to recent years. In order to solving those problems, experts and scholars have proposed a number of security schemes for BGP, such as S-BGP, soBGP, psBGP, SE-BGP, and so on. But it is fact that those schemes have not been made massive use of to deploy to the actual system, so it is necessary to introduce new methods and technologies to the inter-domain routing system which can reach the goals of high security and high operational efficiency.Based on the research on S-BGP, the present thesis analyzes the vulnerability of BGP in the inter-domain routing system and proposes the four major research fields that are BGP Speaker Authentication, AS Number Origin Authentication, IP Address Prefix Origin Authentication and Path Authentication for AS_PATH. This thesis introduces the concept of trustworthy to the inter-domain routing system, and researches the characteristic of the trustworthy inter-domain routing system, and then puts forward the solutions to the vulnerability of the system from the aspects of identity trustworthy and behavior trustworthy. Those solutions focus on improving scheme efficiency through changing the security technologies and making the system much safer and more efficient through proposing a trust value measurement model to guide the behavior of the system so as to decrease the amount of the average repeat verification.The main work and contributions of the present thesis are as follows:(1) Based on the concept of signature converting from proxy re-signatures, this thesis proposes a new group signature scheme which can be used to resolve the problem of BGP Speaker Authentication. The group signature scheme can get the goals that it is no less security than S-BGP and the amount of certificates decreases from one per BGP Speaker to one per AS, which can ease the burden of certificate management and reduce the cost of certificates storing and verifying. When constructing group signature by directly using literature's proxy re-signatures, there are some problems that are the untraceability and group private key's computing compromise. Those problems are resolved with the group signature scheme of this thesis, which is proved that it meets the security requirement for BGP Speaker Authentication.(2) A new origin authentication scheme based on threaded balanced binary stored hash tree for authenticated delegation/assignment dictionaries is proposed to solve the problems of AS Number Origin Authentication and IP Address Prefix Origin Authentication simultaneously. BGP address prefix announcement is made up of AS Number and IP Address Prefix, and this thesis makes use of the number value range to uniformly define those two kinds of BGP address prefix announcement resources whose granting processes have the same structure of hierarchy tree delegation/assignment chain, so the two kinds of BGP address prefix announcement resources' origin trustworthy problems are issued by one efficient origin authentication scheme in this thesis. Through researching on literature's origin authentication scheme and the schemes of making use of threaded binary stored hash tree in CRL service, this thesis introduces the threaded balanced binary stored hash tree to origin authentication service. This scheme inherits the merit of threaded binary stored hash tree to correct the shortcomings existing in the literature's origin authentication scheme that the amount of the evidence for invalid delegation/assignment is double of the valid, and solves the probably extreme imbalance problem in threaded binary stored hash tree. Meanwhile, in contrast with original OA scheme, this scheme reduces the number of entire tree nodes to the half and makes the size of the delegation/assignment attestation set smaller, so it is more efficient.(3) Based on the concept of signature converting from proxy re-signatures and the group signature scheme in part (1), a new group proxy re-signatures scheme is proposed to resolve the problem of Path Authentication for AS_PATH. This scheme can be used to convert one's group signature to another one's. And this sheme enhances path verification scheme used in proxy re-signatures that it divides the whole signature into two parts which are signature body and proof. Signature body can be used for path verficaton, which has the advantage of keeping only one signature around at a time along the path which can reduce the number of verification keys. Proof can realize strong verification to the message signing order, meanwhile it can help the administrator of AS along the AS_PATH to confirm which BGP Speaker did the signature converting job. In addition, the combination of group proxy re-signatures scheme and group signature scheme makes the two problems of BGP Speaker Authentication and Path Authentication for AS_PATH be viewed from one big perspective, which can make the system more simple and efficient to deploy.(4) Through proposing the basic verification model for BGP address prefix announcement for the trustworthy inter-domain routing system and analyzing efficiency drawback existing in this model, a new improved verification model is proposed to handle those problems. The key point of this improved verification model is trust value measurement model. On basis of the research work on reputation-based trust model in P2P environment, this thesis introduces a new reputation-based trust value measurement model. In contrast with literature's local reputation value computing model, this scheme introduces the initial attenuation coefficient to direct trust value computing model which can reach the goal that when the system runs from start, direct trust value is increased slowly with the number of success transactions rising. But in literature, when the system runs from start, local reputation value can suddenly jump to 1.0 from 0 after a success transaction, which is not proper for trustworthy inter-domain routing system. Meanwhile, this scheme introduces the concept of Time Slide Windows to direct trust value computing model, which makes the trust value reflects the behavior trend of the node in the most recent in history trading activities. In addition, this thesis gives the definition of trust value, trust value parameters and trust value computing policy, and it puts forward the specific trust value computing model for direct trust value, indirect trust value and integrated trust value, then it does experimental analysis finally.In conclusion, this thesis mainly researches on vulnerability in trustworthy inter-domain routing system, and proposes four major research fields that are BGP Speaker Authentication, AS Number Origin Authentication, IP Address Prefix Origin Authentication and Path Authentication for AS_PATH, and it presents the corresponding solutions finally. Comparing with S-BGP, the schemes in present thesis has the same security level, and moreover it is more efficient and flexible, which is good for deployment in future.