Prevention of Man-in-the-middle Attacks on BGP Using Certificateless Signatures

doi:10.15888/j.cnki.csa.008531

AIPUB归智期刊联盟

WeChat

Mobile website

2025-4-14- 22

Home > Archive>Volume 31, Issue 5, 2022 >254-261. DOI:10.15888/j.cnki.csa.008531

PDF HTML XML Export Cite reminder

Prevention of Man-in-the-middle Attacks on BGP Using Certificateless Signatures
DOI:
                        10.15888/j.cnki.csa.008531
                    
CSTR:
                        [cstr]
                    
Author:
                        HAN Zeng-JieHAN Zeng-Jie
College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
HU YangHU Yang
College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site
YAO Zhi-QiangYAO Zhi-Qiang
College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350117, China
Find this author on All Journals
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:
Fund Project:

Article

Figures

Metrics

Reference [19]

Related [20]

Cited by

Materials

Comments

Abstract:

The border gateway protocol (BGP) is used to exchange network reachability information between autonomous systems, but it is threatened by man-in-the-middle attacks. Therefore, an improved certificateless multi-signature scheme is proposed and applied to BGP. The inter-domain routing must be signed according to the route delivery order, and the autonomous systems can receive the route only after the multi-signatures are verified successfully. The public and private keys to the autonomous systems are generated interactively with the trusted center with a fixed length of the signature message and efficient calculations. The security analysis proves that the proposed scheme cannot be fabricated under the random oracle model and is valid for resisting the man-in-the-middle attacks on BGP.

Key words:certificateless signature;multi-signature;man-in-the-middle attack;prefix hijacking;border gateway protocol (BGP);signature scheme

Reference

[1] Conti M, Dragoni N, Lesyk V. A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials, 2016, 18(3): 2027–2051

[2] Kent S, Lynn C, Seo K. Secure border gateway protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 2000, 18(4): 582–592. [doi: 10.1109/49.839934

[3] 贾佳, 延志伟, 耿光刚, 等. 一种改进的BGP路由源认证机制. 计算机系统应用, 2017, 26(1): 240–245. [doi: 10.15888/j.cnki.csa.005541

[4] Liu YJ, Su JS, Chang RKC. LDC: Detecting BGP prefix hijacking by load distribution change. 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum. Shanghai: IEEE, 2012. 1197–1203.

[5] 黎松, 段海新, 李星. 域间路由中间人攻击的实时检测系统. 清华大学学报(自然科学版), 2015, 55(11): 1229–1234.

[6] Sermpezis P, Kotronis V, Gigis P, et al. ARTEMIS: Neutralizing BGP hijacking within a minute. IEEE/ACM Transactions on Networking, 2018, 26(6): 2471–2486. [doi: 10.1109/TNET.2018.2869798

[7] Li Q, Zhang XW, Zhang X, et al. Invalidating idealized BGP security proposals and countermeasures. IEEE Transactions on Dependable and Secure Computing, 2015, 12(3): 298–311. [doi: 10.1109/TDSC.2014.2345381

[8] Alkadi OS, Moustafa N, Turnbull B, et al. An ontological graph identification method for improving localization of IP prefix hijacking in network systems. IEEE Transactions on Information Forensics and Security, 2020, 15: 1164–1174. [doi: 10.1109/TIFS.2019.2936975

[9] 邓海莲, 刘宇靖, 葛一漩, 等. 域间路由异常检测技术研究. 信息网络安全, 2019, (11): 63–70

[10] Al-Riyami SS, Paterson KG. Certificateless public key cryptography. 9th International Conference on the Theory and Application of Cryptology and Information Security. Taipei: Springer, 2003. 452–473.

[11] 陈亚萌, 程相国, 王硕, 等. 基于双线性对的无证书群签名方案研究. 信息网络安全, 2017, (3): 53–58. [doi: 10.3969/j.issn.1671-1122.2017.03.009

[12] 刘帅, 陈建华. 无双线性对的无证书签名方案及其在配电网中的应用. 计算机科学, 2020, 47(9): 304–310. [doi: 10.11896/jsjkx.200500002

[13] 罗文俊, 李长英. 一种不含双线性对的无证书有序多重签名方案. 计算机应用研究, 2012, 29(4): 1427–1429. [doi: 10.3969/j.issn.1001-3695.2012.04.063

[14] 秦艳琳, 吴晓平. 高效的无证书有序多重签名方案. 通信学报, 2013, 34(7): 105–110.

[15] 许艳, 黄刘生, 田苗苗, 等. 可证安全的高效无证书有序多重签名方案. 通信学报, 2014, 35(11): 126–131.

[16] 杜红珍, 温巧燕. 改进的无证书有序多重签名方案. 通信学报, 2015, 36(10): 56–61. [doi: 10.11959/j.issn.1000-436x.2015196

[17] 孙玉, 刘贵全. 安全高效无证书有序多重签名方案. 重庆邮电大学学报(自然科学版), 2016, 28(3): 431–434, 442

[18] Karati A, Islam SKH, Biswas GP. A pairing-free and provably secure certificateless signature scheme. Information Sciences, 2018, 450: 378–391.

[19] He DB, Zeadally S, Xu BW, et al. An efficient identity-based conditional privacy-preserving authentication scheme for vehicular ad hoc networks. IEEE Transactions on Information Forensics and Security, 2015, 10(12): 2681–2691. [doi: 10.1109/TIFS.2015.2473820

Get Citation

韩增杰,胡杨,姚志强.抗BGP中间人攻击的无证书签名方法.计算机系统应用,2022,31(5):254-261

Copy

Article Metrics

Abstract:715
PDF: 1289
HTML: 1115
Cited by: 0

History

Received:August 02,2021
Revised:September 09,2021
Adopted:
Online: February 21,2022
Published:

Article QR Code

You are the first991220Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-3
Address：4# South Fourth Street, Zhongguancun,Haidian, Beijing,Postal Code：100190
Phone：010-62661041 Fax： Email：csa (a) iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063