节点文献
域间路由系统安全性测试技术研究与应用
Research and Application of Security Testing Technology for Inter-domain Routing System
【作者】 张建锋;
【导师】 蔡开裕;
【作者基本信息】 国防科学技术大学 , 计算机科学与技术, 2008, 硕士
【摘要】 随着社会的发展,Internet在人们的日常生活中发挥着越来越重要的作用,电子商务,网上银行等诸多网络应用服务的普及给人们的日常生活带来了极大的便利,但是同时也为不法分子提供一个非法牟利的平台。近年来通过网络实施的犯罪日益上升,所带来的经济损失也日益增大,给整个社会的和谐发展造成不好的影响。域间路由系统作为Internet的核心系统,它的安全性对整个Internet的安全尤为重要。论文在分析了域间路由系统安全脆弱性的基础上,探讨了由于这些安全脆弱性所带来的攻击威胁和危害,强调了域间路由系统安全性测试的必要性和重大意义。并在此基础上创新性地提出了一种新的针对路由器的强度攻击方法和基于路由毒素的大规模电子邮件发送方法,从理论上对这两种方法进行了详细的分析说明,通过与传统方法的对比阐述了它们给域间路由系统和所承载的应用服务安全带来的巨大威胁。在理论分析的基础上,设计实现了域间路由系统安全性测试工具En-Quagga,并对该系统的总体结构、主要功能和实现技术进行了详细的分析和说明。该系统由路由节点安全性测试子系统、BGP协议安全性测试子系统和基于路由毒素的应用子系统构成,从不同的侧重点对目标域间路由系统和承载的网络应用进行安全性测试。在对测试结果评估的基础上给出增强目标域间路由系统及电子邮件应用安全的具体措施。
【Abstract】 While a number of key Internet based application services such as e-commerce, e-banking are rolling out, the Internet is playing an increasingly role in people’s daily life. However, the Internet also provides a profit-making platform for the lawless elements when we are enjoying the convenience that it brings to us. In recent years, the rising network crimes have brought large economic losses and blocked the development of society badly. As the core of the Internet, the security of inter-domain routing system is particularly crucial to the whole Internet.On the basis of the analyzing on the security vulnerability of inter-domain routing system, we point out the potential threats and attacks brought by them. To solve these problems, the security testing in inter-domain routing system is necessary and of great significance. We propose a new method to attack routers using routing stress and to send mass emails based on routing poisoning. Compared with traditional methods, we show the enormous threats brought by the new methods to inter-domain routing system.Based on the theoretical analysis above, we design and implement an inter-domain routing system security tool, En-Quagga. Our tool consists of three major components, router security testing sub-system, BGP protocol security testing sub-system and the network application based on routing poison sub-system. We then use En-Quagga to test the inter-domain routing system in various conditions. With the help of experiment results, we give some advices on how to enhance the security of the inter-domain routing system and the network applications deployed in the inter-domain routing system.Finally, we conclude the contributions of our works, and then give an expectation of our future work.
【Key words】 routing system; stress attack; BGP protocol; routing poison; e-mail;