SIR: A Secure Identifier-Based Inter-Domain Routing for Identifier/Locator Split Network

摘要

We present the design of a secure identifier-based inter-domain routing, SIR, for the identifier/locator split network. On the one hand, SIR is a distributed path-vector protocol inheriting the flexibility of BGR On the other hand, SIR separates ASes into several groups called trust groups, which assure the trust relationships among ASes by enforceable control and provides strict isolation properties to localize attacks and failures. Security analysis shows that SIR can provide control plane security that can avoid routing attacks including some smart attacks which S-BGP/soBGP can be deceived. Meanwhile, emulation experiments based on the current Internet topology with 47,000 ASes from the CAIDA database are presented, in which we compare the number of influenced ASes under attacks of subverting routing policy between SIR and S-BGP/BGP. The results show that, the number of influenced ASes decreases substantially by deploying SIR.