节点文献

域间路由系统安全关键技术研究

Research on Inter-Domain Routing System Security

【作者】 胡湘江

【导师】 龚正虎;

【作者基本信息】 国防科学技术大学 , 计算机科学与技术, 2009, 博士

【摘要】 基于BGP(Border Gateway Protocol)的域间路由系统作为Internet的核心基础设施,其安全对于整个互联网的安全具有重要的意义。从本质上提高域间路由协议的安全性,是我们应对互联网安全挑战不可回避的问题。当前已经提出多种BGP协议安全扩展机制,然而都未能得到有效的部署,显示出这一领域研究的艰巨性。域间路由系统是一个复杂巨系统,有着很多不同于其他网络的本质特征。一些传统的方法在这一领域内面临着很强的不适应性,有必要引入新的观点和技术途径。对域间路由系统问题根源的认识,直接影响域间路由系统的设计、实现、运行和管理。现有研究没有很好利用域间路由系统的基本规律和特性。论文基于域间路由系统自组织特性,利用复杂系统理论和ISP之间交互的自组织规律,提出改善域间路由系统安全性能的新方法和新机制,为构造安全、可信、可控、可管的新一代互联网,促进新一代网络的持续健康发展提出了新途径。研究工作主要从以下四个方面进行了探讨:基于自组织理论的AS联盟机制域间路由系统是一个复杂巨系统,具有很强的自组织特性。论文在深入分析域间路由自组织形态的基础上提出AS联盟的概念,定义了联盟的关键节点和普通节点。设计AS联盟的生成、合并、分解等演化算法,给出AS联盟在BGP协议中的实现机理,并阐述了AS联盟的组织形态。简单来看,AS联盟是存在共同目标的一组AS,充分利用了ISP之间互联关系的地缘特性、商业利益的集团化以及政治利益的分化联合关系。从某种程度上讲,AS联盟是整个Internet与AS之间的一种逻辑结构。AS联盟具有自主生成、自主演化的能力,能参与可信路由保证、监测和维护,提高整个Internet的路由安全能力。AS联盟的引入还有两个重要意义:第一,定义了一种组织结构,为网络通过局部管理增强全网的性能提供了一种可靠的技术途径;第二,AS联盟的关键节点作为网络中少数的节点,具有特殊的应用价值。面向AS联盟的域间路由安全扩展机制AS联盟的提出为增强域间路由协议的安全性提供了新的思路和平台。论文面向AS联盟提出4种安全扩展机制:①面向AS联盟的分布式资源认证机制(DRCM);②面向AS联盟的转换者信任模型(TTM);③面向AS联盟的前缀冲突检测与消解框架,核心机制包括基于使用空间的前缀冲突检测规则(UPCDR)和三阶段前缀冲突消解算法(T-PCRA);④基于联盟关系表的路由稳定算法(ARL-RSA)。DRCM机制利用AS联盟的组织结构,实现了资源证书的分布式、注册式管理。TTM模型是层次信任模型与网状信任模型的一种中间形态,避免了集中控制的僵化和网状模型的无结构性和无组织性,简化了联盟内的信任关系,通过关键节点带内传递联盟间的信任关系,增强了系统的可扩展能力。面向AS联盟的前缀冲突检测与消解框架用于发现并消解DRCM机制中地址前缀注册冲突的问题。UPCDR规则通过扩展RPSL语言,对地址空间的使用策略进行建模描述,并定义冲突检测规则,有效的发现前缀注册冲突。T-PCRA算法分为冲突定位、冲突协商和自主决策三个阶段,为冲突消解提供一套完整的协商和决策机制,并基于信誉度的方法,抑制不负责任的节点。ARL-RSA算法在路由层面上,通过利用联盟关系表和代价函数,在一定时间内抑制WITHDRAW报文的转发,有效地抑制网络局部链路临时失效引发的路由抖动,提高域间路由系统的稳定性。面向AS联盟的BGP安全扩展协议为了AS联盟和上述安全扩展机制的实现,论文提出一个面向AS联盟的BGP安全扩展协议(SE-BGP)。SE-BGP同样利用路由认证确保路由发布信息的可信性。其证书结构采用DRCM机制,并利用TTM模型,通过关键节点的两次签名转换实现信任关系的带内传递。SE-BGP对BGP属性、路由算法和路由配置进行了扩展。SE-BGP在一个合理假设的基础上,其安全能力与S-BGP相当。与传统域间路由协议相比,SE-BGP能自适应网络结构的演化,具有良好的规模可扩展性。SE-BGP实现技术论文基于Linux操作系统,通过扩展MRT软件路由系统,最终实现SE-BGP。SE-BGP的系统基本架构与S-BGP相类似。AS联盟、证书等配置具有自动加载和手动加载两种模式。AS联盟内的关键节点和普通节点分别具有不同的认证和签名算法。协议测试结果表明,SE-BGP可以有效的实现源认证和安全路径转发,SE-BGP具有良好的性能可扩展性。

【Abstract】 As the core infrastructure of the Internet, the inter-domain routing system consists of a large number of interconnected autonomous systems (ASes), which exchange their routes using Border Gateway Protocol (BGP). Inter-domain routing security has become a significant issue for the future Internet and promoting the BGP nature security is an unavoidable problem. Most security mechanisms based on public key cryptography are far from deployment due to performance, trust model and other issues. As a complex large system, the inter-domain routing system has many essential properties different with other networks. Some novel research methods and technological approaches should be introduced.The understanding of the root of the problem has a direct impact on the inter-domain routing system design, implementation, operation and management. The existing researches have not grasped the basic law and the evolutionary trend in the inter-domain system comprehensively.In this dissertation, we provide some new techniques and mechanisms to improve the security performance of the inter-domain routing system using the complex system theory and the self-organized rules in ISPs based on the self-organization property of the inter-domain routing system itself. Our goal is to do some contribution to the continuance and healthy development of the new generation network and the process of constructing a more reliable, more faithful, more controllable and more manageable Internet.Our work expands the research in four aspects as follows:Self-organization theory based AS Alliance mechanismSelf-organization is a promising mechanism to control the complexity in large-scale and dynamic networks. On the basis of in-depth analysis in inter-domain routing self-organized patterns, the notion of AS Alliance is proposed. Some evolutionary algorithms (Including generation, merging, and decomposition) for AS Alliance are designed. We also present the mechanism of how to realize AS Alliance in BGP and describe the organization pattern of AS Alliance.An AS Alliance is a local group of clustered ASes, in which only a small number of ASes can transmit routing information to other ASes outside the group. The AS Alliance makes full use of geography characteristic of ISPs, collectivization of business benefits and union of political interests. From some view, The AS Alliance is the logical structure between Internet and AS. The AS Alliance has the ability of self-evolution and can improve the whole Internet route security through encouraging other AS to join the Alliance. Moreover, the introduction of AS Alliance has two important significances. First, an organization pattern is provided, which could be a reliable technical approach for promoting global performance through local management. Second, act as very small number of nodes in inter-domain routing system, the key nodes in AS Alliance have some special application values.The AS Alliance provides valuable technical approach for our study.AS Alliance-oriented security extended mechanism AS Alliance provides new ideas and platforms to enhance the security of inter-domain routing system. Four AS Alliance-oriented security enhanced mechanisms are proposed: 1) AS Alliance-oriented DRCM (Distributed Resource Certificate Mechanism); 2) AS Alliance-oriented TTM (Translator Trust Model); 3) AS Alliance-oriented PCDARF (Prefix Collision Detection and Resolution Framework), including UPCDR (Usedspace-based Prefix Collision Detection Rules) and T-PCRA (Three-Phase Prefix Collision Resolution Algorithm); 4) ARL-RSA (Alliance-Relation -List based Route Stabilization Algorithm).DRCM realizes distributed and registered management with resource certificate through AS Alliance structure.TTM is an intermediate state between hierarchy trust and web of trust. It simplifies the trust relation within the same Alliance and realizes the trust relation in-band transfer among different Alliances through key nodes.PCDARF can be used for prefix collision detection in DRCM and collision resolution. UPCDR builds a class model for used prefix space and collision detection rules through extended RPSL (Routing Policies Specification Language). The validity of UPCDR is verified. T-PCRA has three phases: collision orientation, collision negotiation and self-decision. It provides a complete mechanism for negotiation and decision and restrains the irresponsible nodes by reputation degree.ARL-RSA uses the Alliance relation list and cost function to restrain the WITHDRAW message during a period of time. It effectually reduces the route flapping caused by link temporary failure and significantly improves the stability in inter-domain routing system.AS Alliance-oriented security extended BGPIn order to implement AS Alliance and above-mentioned security extended mechanism, we design SE-BGP as a novel AS Alliance-oriented security extended BGP. The SE-BGP uses ROC (route of certificate) to protect the route credibility and the DRCM is used as the certificate architecture. The trust transfer between different Alliance is in-band by the using of TTM-based two signatures translation mechanism in key nodes. The routing property, algorithm and configuration are extended in SE-BGP.It is demonstrated that SE-BGP has the same security performance with S-BGP under a rational assumption. Compared with the traditional inter-domain routing protocols, SE-BGP can adapte to the evolution of network structure and has good scalability. Implementation of SE-BGPBased on Linux operating system and MRT (Multi-Threaded Routing Toolkit), a notable soft router, we finally implement SE-BGP. The SE-BGP has similar software architecture with S-BGP. Configuration, such as AS Alliance, certificates, can be loaded by automatic or manual mode. The authentication and signature algorithm in the key node is different from normal node. The testing results show that SE-BGP protects the credibility of the route and the security capability is almost equal to S-BGP. Besides, SE-BGP has good performance scalability.

节点文献中: