摘要
为了增强OSPF(开放最短路径优先)路由协议的安全性能,在OSPF的LSA(链路状态通告)数据中增加数字签名,以保护路由协议的信息交换。文中阐述了携带数字签名的OSPF的设计思想和实现的关键技术,并从路由器公钥和携带数字签名的LSA的发送与接收等方面测试了该设计的合理性和可行性。实验结果表明:使用携带数字签名的OSPF路由协议可以防止网络中非法路由器的恶意攻击,为LSA数据提供端到端的集成认证。
In order to strengthen the security performance of open shortest path first(OSPF) protocol, digital signature is added to the link state advertisement (LSA) data, which protects the information exchange of the OSPF routing protocol. This paper expounds on the theory and crucial technology in designing OSPF with digital signature. In addition, the sending and receiving of the public key and LSA with digital signature have been tested to verify the rationales and feasibility of the design. The results show that the use of digital signature in OSPF can prevent malicious attacks from illegal routers in the network and provide LSA data with end-to-end integrated authentication.
出处
《南京邮电学院学报(自然科学版)》
2005年第2期86-90,共5页
Journal of Nanjing University of Posts and Telecommunications
基金
国家自然科学基金(70271050)
江苏省自然科学基金和江苏省自然科学基金预研项目(BK2004218)
国家高科技"八六三"计划(2002AA712037)
江苏省计算机信息处理重点实验室基金(kjs04)资助项目