Title :
EOAP: An Efficient Origin Authentication Protocol for Preventing Origin AS Confilict(OASC) Events in BGP
Author :
Wang, Na ; Zhi, Yingjian ; Wang, Binqiang
Author_Institution :
Univ. of Inf. Eng., Zhengzhou
Abstract :
In BGP, an IP prefix may be announced by an illegitimate origin AS, leading to the conflict with the legitimate origin AS, in the paper which is referred to as origin as conflict (OASC) event. OASC event results in the widespread subversion of Internet connectivity. For verifying the propriety of IP prefix origination, the paper proposes a novel origin verification mechanism, namely the efficient origin authentication protocol (EOAP), which adopts a simpler and more feasible PKI to issue public key certificate to each AS through the existing Internet AS number assignment chain, and introduces a digital signature issued by AS, named prefix attestation, to bind IP prefix and it´s origin AS. Compared with current BGP origin verification mechanisms, EOAP verifies route withdrawal message, supports route aggregation and incremental deployments, and needs the smallest memory. EOAP will be more easily implemented and deployed across Internet.
Keywords :
IP networks; internetworking; message authentication; public key cryptography; telecommunication security; transport protocols; BGP; EOAP; IP prefix origination; Internet connectivity; OASC events; border gateway protocol; digital signature; efficient origin authentication protocol; origin AS conflict events; origin autonomous system conflict events; origin verification mechanism; prefix attestation; public key certificate; route aggregation; route withdrawal message; Authentication; Authorization; Digital signatures; IP networks; Internet; Protocols; Public key; Resists; Security; Space technology;
Conference_Titel :
Communication Technology, 2006. ICCT '06. International Conference on
Conference_Location :
Guilin
Print_ISBN :
1-4244-0800-8
Electronic_ISBN :
1-4244-0801-6
DOI :
10.1109/ICCT.2006.341761
