| In this paper, the security architecture of S-BGP is regarded as the main research target. On the basis of analysis of vulnerability of BGP, S-BGP is acquired to meet the BGP's security needs. Based on this architecture, the research of this paper primarily focuses on the analysis of security architecture of S-BGP. It includes PKI, Attestation and IPsec. First, the operation and vulnerabilities of BGP was introduced. On the basis of it, we proposed S-BGP. According to the vulnerability of BGP, S-BGP applying IPsec,PKI and a new attribute-attestation to ensure the Integrity , Authority and Authenticity of information and entities. We discuss the vulnerabilities and security requirements associated with BGP, describes the S-BGP countermeasures, and explain how they address these vulnerabilities and requirements, also analyze the performance implications of the proposed countermeasures, we introduce the architecture of the BGP system, the partitions of the modules and the important questions in the process of the implementation. S-BGP uses two PKIs to enable BGP speakers to validate the identities and authorization of BGP speakers and of owners of ASes and of portions of the IP address space; An attestation establishes that the subject of the attestation is authorized by the issuer to advertise a path to the specified blocks of address space; IPsec is used to provide authentication, data integrity, and anti-replay on appoint-to-point basis, i.e., between BGP speakers.
|
PDF Full Text Request