| 摘要 |
A method and apparatus for authenticating routing data in a network. In one embodiment, the described method includes the step of generating routing data that described a topology of the network. The routing data has a length equal to a routing data length. A variable output length (VOL) tag length is selected for the output of a VOL one-way function. The VOL one-way function is performed on the routing data, the routing data length and the adjustable VOL tag length to generate a VOL tag having a length equal to the VOL tag length. In one embodiment, the VOL tag is digitally signed using a private key of the box that generates the VOL tag. The routing data, the routing data length, the adjustable VOL tag length, the VOL tag and the signature are transferred in a packet from a first box, which is the box that generates the VOL tag, to a second box. The second box that receives the packet generates a comparison tag using the VOL one-way function based on data received from the packet. The comparison tag is compared against the received VOL tag to confirm the authenticity of the data of the packet. In one embodiment, the public key of the first box is used to verify the source of the VOL tag based on the received signature. In one embodiment, the VOL tag length may be adjusted to accommodate the workloads of the first and second boxes.
|
