关键词: OSPFV2协议, 源路由伪造, 内生安全, 标识密码

Abstract: Routing protocols like Open Shortest Path First Version 2(OSPFV2) TCP/IP internet routing protocol play a crucial role in the connectivity and secure transmission of information within networks. However, traditional OSPFV2 lacks the capability to defend against source route spoofing or route information tampering, making networks vulnerable to attacks. Existing security strategies are often add-on solutions, which can lead to new security issues or have low security effectiveness. To address this, a novel OSPFV2 protocol based on identity-based cryptography is proposed. This protocol embeds identity-based cryptography within the routing exchange process, enabling networks to efficiently defend against route tampering and spoofing attacks internally. Furthermore, considering various limitations in deploying secure OSPFV2 protocols on a large scale, an operational mechanism supporting incremental deployment is designed using opaque link state advertisements. Simulation experiments demonstrate that the proposed internally secure OSPFV2 protocol possesses the capability to resist source route spoofing and data tampering while minimizing convergence delay.

Key words: OSPFV2 protocol(open shortest path first version 2 protocol), source routing information modification, intrinsic security, identity cryptography