Table 2 Main routing security mechanisms.

Identification inspection

StackPi algorithm for judging the security of forwarding path based on check stack identification¹²; SNAPP algorithm for verification by adding message integrity verification code (MIC) at sender and intermediate node¹³

Node verification

The ICING mechanism checks the received data packets by deploying authentication servers in each node of the network, but it brings high transmission overhead¹⁴; OSP algorithm grants a certificate between the source and the router, and the intermediate node verifies the data packet according to the certificate, which improves the inspection efficiency but increases the management overhead¹⁵. RPKI uses digital signature and certificate to authenticate routing source, which can effectively prevent route hijacking¹⁶; due to the limited deployment of RPKI infrastructure, Tomas and others put forward DISCO, which is based on distributed trust architecture to authenticate routing¹⁷

Trusted hardware

TrueNet mechanism deploys TCB(Trusted Computing Base) in each node of the network, and determines malicious links through multi-node security information negotiation¹⁸

Centralization of control

SDN architecture is usually adopted, such as VeriDP algorithm, which verifies whether the data is transmitted normally through control plane policy, thus improving the accuracy of network behavior detection¹⁹. DFL mechanism collects the verification information of nodes in the transmission path in a centralized way, but it is difficult to avoid a single point of failure²⁰

Collaborative filtering

RISP uses RPKI to protect the inter-domain communication of source address, and completes traffic filtering through the cooperation of server, alliance center and AS border router²¹

New technology

Using blockchain to build a distributed trust framework can be used for inter-domain routing protocol to realize IP address prefix authentication²²