信息网络安全
信息網絡安全
신식망락안전
Netinfo Security
2015年
9期
37-40
,共4页
BGP协议%TCPMD5%密钥字典%MD5碰撞%弱密钥
BGP協議%TCPMD5%密鑰字典%MD5踫撞%弱密鑰
BGP협의%TCPMD5%밀약자전%MD5팽당%약밀약
BGP protocol%TCP MD5%key dictionary%MD5 collision%weak key
BGP是一种重要的域间路由选择协议,路由器通过BGP协议的信息交换,可以实现域间选路.BGP协议存在的一些脆弱性,源于其最初的设计对安全性的考虑较少.现有的一种安全策略是对BGP邻居进行TCP MD5加密认证,但是这种简单的加密认证机制并不能确保安全.通过对TCP MD5认证过程进行分析研究,文章提出了利用密钥字典以及MD5碰撞原理破解TCP MD5加密认证的方法,并搭建真实路由器环境进行验证性测试,最终实现了对TCP MD5弱密钥加密认证的破解.
BGP是一種重要的域間路由選擇協議,路由器通過BGP協議的信息交換,可以實現域間選路.BGP協議存在的一些脆弱性,源于其最初的設計對安全性的攷慮較少.現有的一種安全策略是對BGP鄰居進行TCP MD5加密認證,但是這種簡單的加密認證機製併不能確保安全.通過對TCP MD5認證過程進行分析研究,文章提齣瞭利用密鑰字典以及MD5踫撞原理破解TCP MD5加密認證的方法,併搭建真實路由器環境進行驗證性測試,最終實現瞭對TCP MD5弱密鑰加密認證的破解.
BGP시일충중요적역간로유선택협의,로유기통과BGP협의적신식교환,가이실현역간선로.BGP협의존재적일사취약성,원우기최초적설계대안전성적고필교소.현유적일충안전책략시대BGP린거진행TCP MD5가밀인증,단시저충간단적가밀인증궤제병불능학보안전.통과대TCP MD5인증과정진행분석연구,문장제출료이용밀약자전이급MD5팽당원리파해TCP MD5가밀인증적방법,병탑건진실로유기배경진행험증성측시,최종실현료대TCP MD5약밀약가밀인증적파해.
BGP is an important inter domain routing selection protocol, through which routers can exchange information and select inter domain routing. There are vulnerabilities in BGP protocol, coming from the little consideration for safety in its initial design. One existing security policy is to make the TCP MD5 encryption and authentication between BGP neighbors. However, this simple encryption and authentication mechanism can not ensure safety. After analysis and research on the TCP MD5 certification process,a method is proposed to break the TCP MD5 encryption and authentication in this paper, which takes use of the key dictionary, as well as the principle of MD5 collision. By establishing a real route environment, a breaking veriifcation for TCP MD5 encryption and authentication with a weak key is realized at last.