Research On The Key Technique Of Synthesis Defence For The Prefix Hijacking Attack

As the high frequency of Prefix Hijacking Attack in the Internet, due to its tremendous disservice, it has become the hotspot of the research on the security of the inter-domain routing system .Based on the research of defence mechanism of Prefix Hijacking Attack at present, this paper brought forward a synthesis defence system for Prefix Hijacking Attack, aimed at the problem of the contradict between the security and disposability in the research of the defence mechanism of Prefix Hijacking Attack. The core idea of the paper is that, base on the resiliency of different AS node adopting different method. According to the partition formula of the net, we can get the thresholdα, if the value of the AS node's resiliency is high thanα, the system will dispose the CPHAS(communicating prefix hijack alerting system) method which can communicate with the users; and the value of the AS node's resiliency is lower thanα, the system will dispose the method of OVLP(origin verification based on the longest path).There are three kinds of key technologies, they are:1. RP(resilience partition). Its core idea is that regard the thresholdαas the standard and compare every AS node's resiliency with it in the net, and then we will dispose different defence mechanism separately according as the AS node whose value of resiliency is higher than theαor lower than theα;2. OVLP. Its core idea is that the AS will be considered legal only if it provided the verification system based on the longest path;3. CPHAS. Its core idea is that though the communication between the server and users, it will give a alarm to the users and the same time tail after the illegal fountain.The main innovations of this paper include:1. Advanced a Prefix Hijacking Attack synthesis defence system based on AS flexibility complemented the equilibrium between the security and disposability;2. Put forward RP (resilience partition), it based on the resiliency of AS node, and reduced the scale of certification efficiently and improved the system's expansibility;3. Put forward OVLP(origin verification based on the longest path), which resolve the problem that the current origin AS authentication mechanisms which based on cryptology are vulnerable to a prefix hijacking called"upper-class ISP", improve the security of the system;4. Put forward the CPHAS(communicating prefix hijack alerting system)which resolve the secure problem caused by PHAS that the time window mechanism detection, improve the security of the system.