Using a Variation of Elgamal Signature to Support Fast and Lazy Authenticating Origin Autonomous Systems

Abstract

About the schemes for authenticating origin autonomous systems, related documents think it is appropriate to authenticate address attestations and related public keys only using the information of update messages. However, this approach is infeasible in existing schemes because update messages are limited in length to 4096 bytes and thus are too small to carry the necessary public key certificates. For realizing this approach, in this paper, we make full use of specific characteristics of a variation of ELGamal signature and thus present a method for fast and lazy authenticating origin ASs. In the process of hierarchical issuing keys of proposed method, an efficient formula of computing public keys is achieved. For authenticating public keys, it is not necessary for a verifier to check a series of certificates existing in certification path from the owner of advertised prefix to the IANA (Internet Assigned Numbers Authority). Thus the lazy authentication of origin ASs is achieved because a verifier can authenticate address attestations and related public keys only using the information of update messages. The path validation from IANA to the owner of advertised prefix, where signatures can only be verified separately in existing asymmetric cryptography based solutions of IP prefix hijacking, can be replaced with efficient computing of only a single formula, which can bring about fast authentication of origin ASs. To the best of our knowledge, it is the first work for authenticating origin autonomous systems by using ELGamal signature to achieve a fast scheme that can authenticate address attestations and related public keys only using the information of update messages.