【作者】 杨波；

【导师】 勒中坚；

【作者基本信息】 江西财经大学 ， 管理科学与工程， 2012， 博士

【摘要】 因特网中存在大量严重的安全隐患,其中IP前缀劫持是重大威胁之一。现有IP前缀劫持防范机制未能达到安全性和处理负担均令人满意的平衡点,这也是现有安全方案实施所面临的主要障碍之一。为此,本文提出基于公钥自证明路由通告验证的IP前缀劫持防范(SC-DPH, Defending against Prefix Hijacking based on Self-certified Public Key Cryptosystems)机制。本文将公钥自证明密码体制引入防范机制的设计,提出基于前缀地址块的密钥分配结构和分发协议,给出了SC-DPH中安全绑定签名及其自证明公钥验证方法,构造了基于公钥自证明路由通告验证的IP前缀劫持防范机制。在处理负担方面,该机制消除了公钥证书的存储和管理负担而不降低安全性,同时降低了公钥的验证计算量；在安全性方面,该机制在基本不增加在线计算量的前提下可以进行签名重放攻击的防范。与现有的防范机制比较,本文所提出的安全防范机制从安全性和处理负担两个方面得到一定程度的改进,可望促进基于密码的安全防范机制的部署实施。针对本文提出的SC-DPH防范机制,所做主要工作如下：将非对称密码中的公钥自证明密码体制引入路由通告验证机制的设计,使路由通告的发送者往路由通告中加入不需要证书验证的签名,路由通告的接收者能够验证这些签名从而识别出对路由通告前缀源的篡改,验证过程不需要证书和密钥托管.该机制不仅能防范常见IP前缀劫持,而且有效降低了路由通告验证过程中的计算处理负担。进一步对路由通告中的签名重放攻击进行防范,详细剖析现有协议和方案在签名重放攻击面前存在的安全漏洞,并给出一种针对性的防范方法。此防范方法为路由通告加上序列号并采用带消息恢复功能的公钥自证明签名验证方案,在保留基于公钥自证明IP前缀劫持防范中安全绑定签名及其自证明公钥验证方法特点的同时增加对签名重放攻击的防范。分析表明这种方法在基本没有增加计算量的情况下起到了对签名重放攻击的防范作用。本文主要创新之处如下：(1)基于前缀地址块的密钥分配结构和自证明密钥层次分发协议。路由通告是以前缀地址块为单位进行发送的。基于前缀地址块的密钥分配结构,使每个前缀地址块都拥有各自的公／私钥对,比基于组织的密钥分配结构更适应路由通告传输、签名和验证的具体环境。现有的基于非对称密码的IP前缀劫持防范机制中,密钥分配结构大多基于组织,这种密钥分配结构主要目的是降低公钥证书存储管理任务的复杂性。本文提出的防范机制完全消除了公钥证书,不需要采用基于组织的密钥分配结构来降低公钥证书存储管理任务的复杂性。根据基于前缀地址块的密钥分配结构,结合公钥自证明密码方案,提出自证明密钥层次分发协议。沿着密钥分配链条进行回溯计算,直到根结点IANA (Internet Assigned Numbers Authority),即可通过多幂乘计算得到公钥,从而为无证书验证安全绑定签名提供保障。(2)基于公钥自证明的IP前缀劫持防范中安全绑定签名及其自证明公钥验证方法。基于公钥自证明的IP前缀劫持防范过程不需要存储或搜索相关的公钥证书,直接使用路由通告中的一系列公钥证明值,通过一个多幂乘公式将需要的公钥计算出来,大幅度降低前缀源自治系统验证过程中的计算处理负担和存储空间需求。(3)前缀劫持防范机制中签名重放攻击的防范方法。现有前缀劫持防范机制没有对签名重放攻击进行详述并给出相应的防范方法。在深入剖析这种攻击及其危害的基础上,结合公钥自证明密码体制无证书和无密钥托管的特点,通过序列号的添加、缓存和对比判断机制,在基本不增加计算量的情况下提出针对签名重放攻击的防范方法。更多还原

【Abstract】 The Internet is faced with a great number of security threats of which IP prefix hijacking is one of the most serious threats. Existing mechanisms for preventing IP prefix hijacking still can not achieve the satisfactory balance between the stronger security and the less dealing burden, which is one of the greatest obstacles for their deployment.For this, this research presents a mechanism for preventing prefix hijacking based on self-certified public key cryptosystems. In the thesis, self-certified public key cryptosystems are introduced in the design of mechanism for defending against prefix hijacking. A key distribution architecture based on IP prefix address blocks and a hierarchy protocol for issuing self-certified public keys are presented, respectively. The method which generates signatures for secure binding and verifies these signatures using self-certified public keys has been given. In terms of dealing burden, this mechanism eliminates the burden of storage and management of public key certificates without reducing security. The computing overhead is also reduced when verifying public keys. In terms of security, this mechanism can prevent signature replay attacks without increase of computing overhead. Comparing with existing mechanisms, the proposed mechanism has made a certain improvement on both security and dealing burden, which may push ahead the deployment of cryptography-based mechanisms for preventing IP prefix hijacking.The main contributions in this research are summarized as follows.Self-certified public key cryptosystems are introduced in the design of mechanism for defending against prefix hijacking. Thus, the senders can add signatures to update messages, while the receivers of update messages can find tampers about origin autonomous systems by verifying these signatures. In the process of verifying these signatures, neither public key certificates nor key escrow is required. The mechanism can both prevent various common IP prefix hijackings and reduce dealing burden without reducing security.Besides preventing common prefix hijacking, the new mechanism can also prevent signature replay attacks. The security holes which are brought by signature replay attacks are in-depth analyzed. Based on them, a corresponding method for preventing this attack is given. In this method, serial numbers are put into update messages. Meanwhile, signatures with message recovery and self-certified public key cryptosystems are used. Analyses show that the method can prevent signature replay attack almost without introducing extra burden of computation.The main innovation points of this research can be summarized as follows.(1) An architecture of prefix address block based key issuing and a hierarchy protocol for issuing self-certified public keys are presented.Update messages are sent taking address block as unit. Thus, the architecture of prefix-based key issuing, which assigns a pair of public/private keys for each address block, is more suitable for the environment where update messages are transported, signed, and verified. In the existing cryptography-based mechanisms for preventing IP prefix hijacking, architectures for issuing asymmetric keys are always based on organizations, whose main purpose is to reduce the complexity of storage and management of public key certificates. However, in the mechanism proposed by this research, it is not necessary to use organization-based architecture to reduce complexity of storage and management of certificates because public key certificates are eliminated.Based on the architecture of prefix-based key issuing and self-certified public key cryptosystems, a hierarchy protocol for issuing self-certified public keys is presented. Public key cryptosystems can be computed backward along the authorized chain from IANA (Internet Assigned Numbers Authority) to current node by applying a multi-exponentiation formula, which can provide guarantee to verify signatures of securing binding when public key certificates are absent.(2) The method which generates signatures for secure binding and verifies these signatures using self-certified public keys has been given.In the self-certified public key based process of preventing IP prefix hijacking, it is not necessary for verifiers to store and search public certificates. The public key of signer can be computed by using a multi-exponentiation formula and a series of public key witnesses, which can considerably reduce dealing burden and storage space requirement in the process of authenticating origin autonomous systems.(3) A method for preventing signature replay attacks is presented. Existing security mechanisms do not explain this kind of replay attack in detail. So far, no security mechanisms can prevent the signature replay attack. This research in-depth analyzes this kind of attack and its hazards. Based on it, sequence number for every update message and self-certified public key cryptosystems are used. This method can prevent signature replay attack almost without introducing extra burden of computation by sequence numbers’adding, caching and comparing.更多还原