计算机应用 ›› 2013, Vol. 33 ›› Issue (08): 2212-2217.

• 信息安全 • 上一篇    下一篇

等级OSPF网的安全保护方案

孔令晶,曾华燊,李耀   

  1. 西南交通大学 信息科学与技术学院,成都 610031
  • 收稿日期:2013-02-04 修回日期:2013-03-21 出版日期:2013-08-01 发布日期:2013-09-11
  • 通讯作者: 孔令晶
  • 作者简介:孔令晶(1983-),女,甘肃兰州人,博士研究生,主要研究方向:下一代网络安全;
    曾华燊(1945-),男,四川成都人,教授,博士生导师,主要研究方向:下一代网络体系结构、高速交换、网络测试;
    李耀(1985-),男,四川南充人,博士研究生,主要研究方向:安全苛求系统可靠性与安全性。
  • 基金资助:

    国家自然科学基金资助项目;国家自然科学基金与中国工程院联合基金资助项目

Secure protection scheme for hierarchical OSPF network

KONG Lingjing,ZENG Huashen,LI Yao   

  1. School of Information Science and Technology, Southwest Jiaotong University, Chengdu Sichuan 610031, China
  • Received:2013-02-04 Revised:2013-03-21 Online:2013-09-11 Published:2013-08-01
  • Contact: KONG Lingjing

摘要: 开放式最短路径优先(OSPF)协议作为目前大规模网络应用最广泛的自治域内路由协议,其安全不仅仅关系到自治域内,同时也关系到自治域外乃至整个网络的正常运行。传统的基于非对称性加密算法的数字签名解决方案能够实现端到端的安全验证,但是却忽略了点对点的方式,而且存储量和额外开销也一直是急需解决的问题。基于对称性加密算法,提出了适宜于OSPF等级区域的安全防护方案HS-OSPF。HS-OSPF扩充了OSPF网原有的二层等级结构,设计了合理、高效的密钥分配与管理方案,克服了传统非对称性密码方案的不足,降低了密钥存储量和系统开销,提高了网内安全通信的实时性。

关键词: 开放式最短路径优先协议, 自治域内, 对称加密算法, 等级结构, 存储量, 实时性

Abstract: As the most widely used autonomous intra-domain routing protocol for large-scale network, the security of Open Shortest Path First (OSPF) is not only about the normal running of autonomous intra-domain, but also closely related to inter-domain even the whole network. Based on asymmetric encryption algorithm, the traditional digital signature solution can realize the security validation of end-to-end; however, it ignores the issue of point-to-point. Additionally, the problem of storage and extra overhead also needs to be solved urgently. On the basis of symmetrical encryption algorithm, a new solution named HS-OSPF was put forward. HS-OSPF extended the original two-level hierarchical structure as well as designed a reasonable, efficient key distribution and management scheme. The result shows that the shortcomings of traditional solution are overcome, key storage and system overhead are reduced and real-time of security communication is improved.

Key words: Open Shortest Path First (OSPF) protocol, intra-domain, symmetrical encryption algorithm, hierarchical structure, storage, real-time

中图分类号: