电信科学 ›› 2021, Vol. 37 ›› Issue (3): 75-89.doi: 10.11959/j.issn.1000-0801.2021050

• 专题:内生安全 • 上一篇    下一篇

资源公钥基础设施RPKI:现状与问题

苏莹莹1, 李丹1,2, 叶洪琳1   

  1. 1 清华大学,北京 100084
    2 清华大学深圳国际研究生院,广东 深圳 518055
  • 修回日期:2021-03-15 出版日期:2021-03-20 发布日期:2021-03-01
  • 作者简介:苏莹莹(1997- ),女,清华大学计算机科学与技术系博士生,主要研究方向为互联网体系结构及其安全。
    李丹(1981- ),男,清华大学计算机科学与技术系教授,主要研究方向为互联网架构与协议设计、数据中心网络、软件定义网络。
    叶洪琳(1998- ),女,清华大学网络科学与网络空间研究院硕士生,主要研究方向为互联网体系结构及其安全。
  • 基金资助:
    国家重点研发计划项目(2018YFB1800100);广东省重点领域研发计划项目(2018B010113001);国家自然科学基金资助项目(61772305);国家自然科学基金资助项目(61672499)

Resource public key infrastructure RPKI: status and problems

Yingying SU1, Dan LI1,2, Honglin YE1   

  1. 1 Tsinghua University, Beijing 100084, China
    2 Tsinghua Shenzhen International Graduate School, Shenzhen 518055, China
  • Revised:2021-03-15 Online:2021-03-20 Published:2021-03-01
  • Supported by:
    The National Key Research and Development Program of China(2018YFB1800100);Guangdong Provincial Research and Development Program(2018B010113001);The National Natural Science Foundation of China(61772305);The National Natural Science Foundation of China(61672499)

摘要:

BGP(border gateway protocol,边界网关协议)在设计之初并没有充分考虑安全问题,随着互联网规模的日益壮大,其安全风险也暴露得愈加明显。学术界和工业界提出了诸多方案解决域间路由面临的安全问题,目前真正得以部署的是IETF(the Internet Engineering Task Force,互联网工程任务组)推动的资源公钥基础设施(resource public key infrastructure,RPKI)。综述了RPKI的技术现状和研究进展,重点分析了RPKI存在的问题、现有的解决方案以及不足之处,介绍了RPKI功能扩展的相关研究,最后指出了未来有潜力的研究方向。

关键词: RPKI, BGP, 域间路由, 前缀劫持

Abstract:

The BGP (border gateway protocol) did not fully consider security issues at the beginning of its design.With the rapid growth of the Internet, its security risks have become incrementally obvious.Academia and industry have proposed many solutions to the security issues faced by inter-domain routing, and what is really deployed is the RPKI (resource public key infrastructure) promoted by the IETF (the Internet Engineering Task Force).The development status and research advances of RPKI were surveyed, with emphasis on problems of RPKI, existing solutions, and related limitations.Moreover, latest achievements on RPKI function extension were introduced.Finally, future research directions were concluded.

Key words: RPKI, BGP, interdomain routing, prefix hijacking

中图分类号: 

No Suggested Reading articles found!