Identity-based secure inter-domain routing protocol

The paper proposes a secure inter-domain routing protocol which adopts identity-based cryptographic system-id2r (identity-based inter-domain routing). id2r consists of a key management mechanism, an origin AS verification mechanism LAP (the longest assignment path), and an AS_PATH authenticity verification mechanism IDAPV (Identity-based Aggregate Path Verification). The key management mechanism adopts a distributed and hierarchical key issuing protocol DHKI (distributed and hierarchical key issuing) to solve the inherent key escrow problem in the identity-based cryptographic system. The basic idea of LAP is that all ASes must provide the assignment path and attestations of their announced prefixes, and for a prefix, the AS which provides the longest valid assignment path is its legitimate origin AS. With identity-based aggregate signature scheme, IDAPV generates a route aggregate attestation to guarantee the authenticity of AS_PATH. Performance evaluation results indicate that based on RouteViews data on December 7, 2007, an id2r router only consumes 1.71Mbytes additional memory, which is 38% of S-BGP router; id2r has shorter UPDATE message than S-BGP; convergence time of id2r with hardware implementation of cryptographic algorithm approximately equals BGP. © by Institute of Software, the Chinese Academy of Sciences. All rights reserved.