主页期刊介绍编委会编辑部服务介绍道德声明在线审稿编委办公编辑办公English
2020年专刊出版计划 微信服务介绍 最新一期:2019年第12期
     
在线出版
各期目录
纸质出版
分辑系列
论文检索
论文排行
综述文章
专刊文章
美文分享
各期封面
E-mail Alerts
RSS
旧版入口
中国科学院软件研究所
  
投稿指南 问题解答 下载区 收费标准 在线投稿
吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务增强机制.软件学报,2010,21(7):1704-1716
域间IP欺骗防御服务增强机制
Enhancing the Ability of Inter-Domain IP Spoofing Prevention
投稿时间:2008-07-28  修订日期:2008-12-29
DOI:
中文关键词:  IP欺骗防御  BGP(border gateway protocol)  可信网络
英文关键词:IP spoofing prevention  BGP (border gateway protocol)  trustworthy network
基金项目:Supported by the National Basic Research Program of China under Grant Nos.2005CB321801, 2009CB320503 (国家重点基础研究发展计划(973))
作者单位
吕高锋 国防科学技术大学 计算机学院,湖南 长沙 410073 
孙志刚  
卢锡城  
摘要点击次数: 3631
全文下载次数: 3957
中文摘要:
      IP地址真实性验证成为构建可信网络的基础,基于源-目的标识(密钥)的自治域级IP欺骗过滤和基于源标识(公钥)的端系统级IP认证均采用了端-端方式试图解决IP欺骗.端-端认证方式实现简单,但却忽略了IP欺骗报文对中间网络的泛洪攻击,防御效果差.提出面向IP欺骗防御联盟成员的域间IP欺骗防御服务增强机制——ESP(enhanced spoofing prevention).ESP引入开放的路由器协同机制,提供了源-目的路径中ESP节点信息通告和协同标记的框架.基于源标识IP欺骗防御,ESP融入了路径标识,不仅减小了源标识冲突概率,而且混合型标识支持了ESP节点根据报文标识提前过滤IP欺骗报文.基于BGP(border gateway protocol),提出前缀p-安全节点的概念和检测理论,有效控制了源标识传播范围,减小了ESP节点的标记和过滤开销.ESP继承了基于标识的防御机制的可部分部署性,能够很好地支持动态路由和非对称路由.应用Routeview提供的RIB(routing information base)进行评估,ESP增强了IP欺骗防御服务的能力,而且能够提前过滤IP欺骗报文.
英文摘要:
      The validation of source IP addresses becomes the key technique for devising a trustworthy network. However, inter-domain IP spoofing preventions based on source-destination labels and end-hosts IP authentications based on source labels both adopt end to end mode to solve the problem, which ignores the flooding of spoofing packets on middle networks. To address this problem, an enhancing mechanism for the inter-domain IP spoofing prevention service, ESP (enhanced spoofing prevention), is proposed. Via integrating path labels into source labels, ESP reduces the collision of source labels at destination networks and enables filtering IP spoofing packets toward other nodes in middle networks, thus prevents flooding attacks in advance and extends the protected domain of the spoofing prevention. Based on BGP (border gateway protocol) update ESP develops the validation of prefix security to restrict the scope of the propagation of labels, thus decreases the cost of computing and storing of labels. The abilities of IP spoofing prevention and filtering spoofing packets in advance are demonstrated in the topology, which is constructed based on RIB (routing information base) provided by Routeview.
HTML  下载PDF全文  查看/发表评论  下载PDF阅读器
 

京公网安备 11040202500064号

主办单位:中国科学院软件研究所 中国计算机学会 京ICP备05046678号-4
编辑部电话:+86-10-62562563 E-mail: jos@iscas.ac.cn
Copyright 中国科学院软件研究所《软件学报》版权所有 All Rights Reserved
本刊全文数据库版权所有,未经许可,不得转载,本刊保留追究法律责任的权利