论文信息 - An Infrastructure to Support Secure Internet Routing

An Infrastructure to Support Secure Internet Routing

This document describes an architecture for an infrastructure to support secure Internet routing. The foundation of this architecture is a public key infrastructure (PKI) that represents the allocation hierarchy of IP address space and Autonomous System Numbers; certificates from this PKI are used to verify signed objects that authorize autonomous systems to originate routes for specified IP address prefixes. The data objects that comprise the PKI, as well as other signed objects necessary for secure routing, are stored and disseminated through a distributed repository system. This document also describes at a high level how this architecture can be used to add security features to common operations such as IP address space allocation and route filter construction.

Stephen T. Kent | Matt Lepinski | M. Lepinski | S. Kent

[1] Charles Lynn,et al. Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[2] Geoff Huston,et al. Validation of Route Origination Using the Resource Certificate Public Key Infrastructure (PKI) and Route Origin Authorizations (ROAs) , 2012, RFC.