Research Of Secure BGP Routing Protocol Based On Sequential Aggregate Signature

Border Gateway Protocol is a kind of inter-domain routing protocol that is widely used by applications based on Internet platforms. It enables routers located within different autonomous systems to exchange routing information with respect to reachablity. With the rapid development of Internet, network security environment becomes worse due to security attacks driven by specific economiacal or political interests. As traditional BGP provides no security mechanisms to protect information security, attacks aimed for BGP have occurred repeatedly. So it is necessary to study secure BGP protocols. This dissertation first introduces some basic concepts of the existing secure BGP protocol called S-BGP. Then our study is mainly focused on the following aspects:(1) When transmitting routing information, the permutation of BGP routing information is not random but arranged according to the linear sequence of node positions in the path. To protect the integrity of routing information, a new sequential aggregate signature scheme based on certificatelss cryptosystem is presented based on the bilinear mapping by extending a traditional aggregate signature scheme. It can compress authenticated routing information. In addition, existing aggregate signatures face adversary’s forgery during the extraction of partial keys. The proposed sequential aggregate signature scheme is obtained by combining self-certification (certificateless cryptosystem) with aggregate signature so as to ensure security of partial keys. At the same time, the signature generation algorithm of existing aggregate signature schemes is modified to support the functionality of sequential aggregation operations. Performance analysis shows that the new sequential aggregation signature outperforms the traditional signature schemes in terms of the overall efficiency. In the following, this new proposed scheme is proven to be secure against the forgery attack under the random oracle model.(2) Implementation of the presented sequential aggregate signature scheme based on certificatelss cryptosystem involves the use of PBC library, which is a free, portable C library. PBC can not only meet the cryptography needs for large number operations, but also support the bilinear pairing operations on elliptic curves. We evaluate the performance of the proposed sequential aggregate signature scheme based on certificatelss cryptosystem via PBC library under Linux platforms.(3) Although S-BGP has been proposed for a long time and provided excellent security solutions, it has not been widely deployed due to the efficiency of S-BGP. Having introduced security improvements into BGP, running S-BGP incurs costly computational and communication overhead. So it places a heavy burden on routers within different autonomous systems. This dissertation uses the new proposed sequential aggregate signature scheme based on certificatelss cryptosystem to extend BGP. Performance analysis shows that communication overhead is improved. S-BGP only ensures security when there are no attacker collusions. When two or more attackers collude to mount a tunnel to fabricate adjacent relation, they can successfully attract information flow from other nodes. This dissertation uses certificates to authenticate nodes’adjacent relation in the extended BGP protocol to prevent attackers from conspiring to forge a virtual link between them via double link authentication. Finally, security analysis shows that the improved BGP protocol can solve security problems when multiple attackers collude to mount attacks as well as improve protocol efficiency.