穿越自治系统联盟的域间路由安全机制

通过对SE-BGP (security enhanced BGP)的研究与分析，发现此方案不仅无法认证动态变化的跨联盟AS (autonomous system)，也无法抵御其自身所发起的主动攻击。为了解决SE-BGP存在的安全问题，设计了二层跨联盟等级结构CAHS (cross-alliance hierarchical structure)，基于CAHS结构，借鉴护照签证思想，利用递增散列——AdHASH (additive hash)的特性提出了一种跨联盟安全机制SCA-BGP(secure crossing alliance for BGP)。该机制具有更高的安全性，可以有效地认证跨联盟AS的身份及行为授权，还可对其所携带的信息进行安全验证。实验分析表明，SCA-BGP可以有效地减少所需证书的规模和额外的时间开销，具有更好的可扩展性和网络收敛性能。

Inter-domain routing security mechanism for crossing autonomous system alliance

Through studying and analyzing SE-BGP (security enhanced BGP),it was found that it couldn’t validate the cross-alliance AS (autonomous system) and defense the self-launched active attack.To solve the security problems,two-layer cross-alliance hierarchical structure CAHS (cross-alliance hierarchical structure) was designed.Based on CAHS,using the idea of passport visa and the features of AdHASH (additive hash),a cross-alliance BGP security mechanism SCA-BGP (secure crossing alliance for BGP) was proposed.The mechanism has higher security,which is able to effectively validate the identities and behavior authorization of the cross-alliance AS as well as the message carried by them.The experiment results show that SCA-BGP can effectively reduce the certificate scale and extra time overhead to get better scalability and convergence performance.