{"title":"SC-OA:一种安全高效的云计算网络域间路由源认证方案","authors":"Zhongjian Le, N. Xiong, Bo Yang, Yuezhi Zhou","doi":"10.1109/IPDPS.2011.32","DOIUrl":null,"url":null,"abstract":"IP prefix hijacking is one of the top threats in the cloud computing Internets. Based on cryptography, many schemes for preventing prefix hijacks have been proposed. Securing binding between IP prefix and its owner underlies these schemes. We believe that a scheme for securing this binding should try to satisfy these seven critical requirements: no key escrow, no other secure channel, defending against Malicious Key Issuer (MKI) in the phase of prefix announcement, defending against MKI in the phase of key issuing, no certificate, in-band delegation attestation, and in-band public key witness. In this paper, we propose a new scheme, Origin Authentication based on Self-Certified public keys (SC-OA), using self-certified public keys to authenticate origin autonomous systems. To the best of our knowledge, it is the first work for securing prefix ownership using self-certified public keys to achieve an efficient and secure scheme that satisfies all seven requirements. The analyses show that SC-OA can defend against regular prefix, sub prefix, unassigned prefix, interception-based, and MKI hijacking, and improve performance in many aspects. It will be pushed ahead to practical deployment for preventing prefix hijacks.","PeriodicalId":355100,"journal":{"name":"2011 IEEE International Parallel & Distributed Processing Symposium","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"SC-OA: A Secure and Efficient Scheme for Origin Authentication of Interdomain Routing in Cloud Computing Networks\",\"authors\":\"Zhongjian Le, N. Xiong, Bo Yang, Yuezhi Zhou\",\"doi\":\"10.1109/IPDPS.2011.32\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IP prefix hijacking is one of the top threats in the cloud computing Internets. Based on cryptography, many schemes for preventing prefix hijacks have been proposed. Securing binding between IP prefix and its owner underlies these schemes. We believe that a scheme for securing this binding should try to satisfy these seven critical requirements: no key escrow, no other secure channel, defending against Malicious Key Issuer (MKI) in the phase of prefix announcement, defending against MKI in the phase of key issuing, no certificate, in-band delegation attestation, and in-band public key witness. In this paper, we propose a new scheme, Origin Authentication based on Self-Certified public keys (SC-OA), using self-certified public keys to authenticate origin autonomous systems. To the best of our knowledge, it is the first work for securing prefix ownership using self-certified public keys to achieve an efficient and secure scheme that satisfies all seven requirements. The analyses show that SC-OA can defend against regular prefix, sub prefix, unassigned prefix, interception-based, and MKI hijacking, and improve performance in many aspects. It will be pushed ahead to practical deployment for preventing prefix hijacks.\",\"PeriodicalId\":355100,\"journal\":{\"name\":\"2011 IEEE International Parallel & Distributed Processing Symposium\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE International Parallel & Distributed Processing Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IPDPS.2011.32\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Parallel & Distributed Processing Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IPDPS.2011.32","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SC-OA: A Secure and Efficient Scheme for Origin Authentication of Interdomain Routing in Cloud Computing Networks
IP prefix hijacking is one of the top threats in the cloud computing Internets. Based on cryptography, many schemes for preventing prefix hijacks have been proposed. Securing binding between IP prefix and its owner underlies these schemes. We believe that a scheme for securing this binding should try to satisfy these seven critical requirements: no key escrow, no other secure channel, defending against Malicious Key Issuer (MKI) in the phase of prefix announcement, defending against MKI in the phase of key issuing, no certificate, in-band delegation attestation, and in-band public key witness. In this paper, we propose a new scheme, Origin Authentication based on Self-Certified public keys (SC-OA), using self-certified public keys to authenticate origin autonomous systems. To the best of our knowledge, it is the first work for securing prefix ownership using self-certified public keys to achieve an efficient and secure scheme that satisfies all seven requirements. The analyses show that SC-OA can defend against regular prefix, sub prefix, unassigned prefix, interception-based, and MKI hijacking, and improve performance in many aspects. It will be pushed ahead to practical deployment for preventing prefix hijacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
