HC-BGP: A light-weight and flexible scheme for securing prefix ownership

Zhang, Ying; Zhang, Zheng; Mao, Z. Morley; Hu, Y. Charlie

doi:10.1109/dsn.2009.5270359

Cited by 10 publications

(11 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Certificates are necessary for authenticating public keys and binding IP prefixes to these public keys belonging to the organization to which the IP prefixes are assigned [7], in existing cryptography-based schemes for preventing IP prefix hijacking such as some typical schemes of which are S-BGP [8], SoBGP [9], psBGP [10], OA [11], SPV [13], HCBGP [12], and so on. Each certificate contains a private extension that specifies the set of address blocks that have been allocated to the organization.…”

Section: B Existing Authentication Of Origin Asmentioning

confidence: 99%

See 1 more Smart Citation

A DSA-Based and Efficient Scheme for Preventing IP Prefix Hijacking

Yang

2014

2014 International Conference on Management of E-Commerce and E-Government

View full text Add to dashboard Cite

IP prefix hijacking poses a serious threat the security of the Internet. Cryptographic authenticating origin ASes (Autonomous Systems) of advertised prefix, which is an effective way of preventing IP prefix hijacking, has received wide acceptance. However, these existing schemes received various critical comments on their inefficiency when cryptographic authenticating origin ASes. For improving efficiency, we take full advantage of specific characteristics of DSA (Digital Signature Algorithm) and thus present a scheme for preventing IP prefix hijacking. There are two characteristics, which are DSA-based and efficient, in the proposed scheme. Firstly, because DSA is an United States Federal Government standard for digital signatures, the DSA-based can maintain compatibility with the DSA and its analytical tools, and thus it is easier for proposed scheme to be widely accepted and applied into practice. Secondly, public key certificates are not necessary because public keys can be computed by using a formula. Separated verifying signatures in these certificates, which is inevitable in almost all existing cryptography-based schemes, can be replaced with computing of a multi-exponentiation fomula. Thus, the efficient is achieved.

show abstract

Section: B Existing Authentication Of Origin Asmentioning

confidence: 99%

“…The first category is based on cryptography [8], [9], [10], [11], [12], [13], and the second category is based on detection [16], [17], [3], [18], [19].…”

Section: Introductionmentioning

confidence: 99%

A DSA-Based and Efficient Scheme for Preventing IP Prefix Hijacking

Yang

2014

2014 International Conference on Management of E-Commerce and E-Government

View full text Add to dashboard Cite

show abstract

“…Prefix hijacking is a serious BGO security therat by which attackers steal IP addresses belonging to other netwoks [13]. Malicious AS injects false route into global routing table by advertising another network's IP prefix.…”

Section: Bgp Attacks With Ip Prefix Hijackingmentioning

confidence: 99%

A Novel Approach for Secure Routing Through BGP Using Symmetric Key

Raimagia¹,

Singh²,

Zafar³

2013

IJNSA

View full text Add to dashboard Cite

show abstract

“…For example, in the left part of Figure 1, both the attacker and the victim announce the same prefix 10.1.0.0/16. Consequently, AS2 and AS3 may prefer the attacker's route because of the shorter AS path [13].…”

Section: Introductionmentioning

confidence: 99%

Using a Variation of Elgamal Signature to Support Fast and Lazy Authenticating Origin Autonomous Systems

Yang¹

2014

JMM

View full text Add to dashboard Cite

About the schemes for authenticating origin autonomous systems, related documents think it is appropriate to authenticate address attestations and related public keys only using the information of update messages. However, this approach is infeasible in existing schemes because update messages are limited in length to 4096 bytes and thus are too small to carry the necessary public key certificates. For realizing this approach, in this paper, we make full use of specific characteristics of a variation of ELGamal signature and thus present a method for fast and lazy authenticating origin ASs. In the process of hierarchical issuing keys of proposed method, an efficient formula of computing public keys is achieved. For authenticating public keys, it is not necessary for a verifier to check a series of certificates existing in certification path from the owner of advertised prefix to the IANA (Internet Assigned Numbers Authority). Thus the lazy authentication of origin ASs is achieved because a verifier can authenticate address attestations and related public keys only using the information of update messages. The path validation from IANA to the owner of advertised prefix, where signatures can only be verified separately in existing asymmetric cryptography based solutions of IP prefix hijacking, can be replaced with efficient computing of only a single formula, which can bring about fast authentication of origin ASs. To the best of our knowledge, it is the first work for authenticating origin autonomous systems by using ELGamal signature to achieve a fast scheme that can authenticate address attestations and related public keys only using the information of update messages.

show abstract

HC-BGP: A light-weight and flexible scheme for securing prefix ownership

Abstract: The

Cited by 10 publications

References 22 publications

A DSA-Based and Efficient Scheme for Preventing IP Prefix Hijacking

A DSA-Based and Efficient Scheme for Preventing IP Prefix Hijacking

A Novel Approach for Secure Routing Through BGP Using Symmetric Key

Using a Variation of Elgamal Signature to Support Fast and Lazy Authenticating Origin Autonomous Systems

Contact Info

Product

Resources

About