CAJ | 학술논문

BGP是一种重要的域间路由选择协议,路由器通过BGP协议的信息交换,可以实现域间选路.BGP协议存在的一些脆弱性,源于其最初的设计对安全性的考虑较少.现有的一种安全策略是对BGP邻居进行TCP MD5加密认证,但是这种简单的加密认证机制并不能确保安全.通过对TCP MD5认证过程进行分析研究,文章提出了利用密钥字典以及MD5碰撞原理破解TCP MD5加密认证的方法,并搭建真实路由器环境进行验证性测试,最终实现了对TCP MD5弱密钥加密认证的破解.
BGP시일충중요적역간로유선택협의,로유기통과BGP협의적신식교환,가이실현역간선로.BGP협의존재적일사취약성,원우기최초적설계대안전성적고필교소.현유적일충안전책략시대BGP린거진행TCP MD5가밀인증,단시저충간단적가밀인증궤제병불능학보안전.통과대TCP MD5인증과정진행분석연구,문장제출료이용밀약자전이급MD5팽당원리파해TCP MD5가밀인증적방법,병탑건진실로유기배경진행험증성측시,최종실현료대TCP MD5약밀약가밀인증적파해.
BGP is an important inter domain routing selection protocol, through which routers can exchange information and select inter domain routing. There are vulnerabilities in BGP protocol, coming from the little consideration for safety in its initial design. One existing security policy is to make the TCP MD5 encryption and authentication between BGP neighbors. However, this simple encryption and authentication mechanism can not ensure safety. After analysis and research on the TCP MD5 certification process,a method is proposed to break the TCP MD5 encryption and authentication in this paper, which takes use of the key dictionary, as well as the principle of MD5 collision. By establishing a real route environment, a breaking veriifcation for TCP MD5 encryption and authentication with a weak key is realized at last.