A DSA-based and Efficient Scheme for Preventing IP Prefix Hijacking

IP prefix hijacking poses a serious threat the security of the Internet. Cryptographic authenticating origin ASes (Autonomous Systems) of advertised prefix, which is an effective way of preventing IP prefix hijacking, has received wide acceptance. However, these existing schemes received various critical comments on their inefficiency when cryptographic authenticating origin ASes. For improving efficiency, we take full advantage of specific characteristics of DSA (Digital Signature Algorithm) and thus present a scheme for preventing IP prefix hijacking. There are two characteristics, which are DSA-based and efficient, in the proposed scheme. Firstly, because DSA is an United States Federal Government standard for digital signatures, the DSA-based can maintain compatibility with the DSA and its analytical tools, and thus it is easier for proposed scheme to be widely accepted and applied into practice. Secondly, public key certificates are not necessary because public keys can be computed by using a formula. Separated verifying signatures in these certificates, which is inevitable in almost all existing cryptography-based schemes, can be replaced with computing of a multi-exponentiation fomula. Thus, the efficient is achieved.