Abstract:In the BGP protocol plaintext transmission, attackers easily forge the prefix and path information, which thereby causes prefix hijacking with great harm. The AS path information protection mainly involves two aspects: path tamper-proofing and verification of illegal content. Resource public key infrastructure (RPKI) is an important security system to solve route hijacking. Currently, the path verification solutions under the RPKI system mainly include BGPSec, ASPA and Path-End, among which BGPSec mainly addresses path tampering, while ASPA and Path-End target path legality verification. However, these schemes have the defects of complicated calculation or weak path protection. A small number of signatures are introduced into the ASPA scheme to improve the granularity limiting path tampering. Therefore, this study proposes an improved path protection mechanism and designs comparison experiments with other schemes regarding the overhead and safety performance. The experimental results show that the performance of the improved scheme is better than that of the other schemes under the condition of introducing limited overhead.