一种在无状态地址自动配置中DAD攻击的防御方法

宋广佳; 季振洲; 王晖

doi:10.3969/j.issn.1000-0801.2014.04.008

您当前的位置：

首页 >

文章列表页 >

一种在无状态地址自动配置中DAD攻击的防御方法

研究与开发 | 更新时间：2024-06-05

- 一种在无状态地址自动配置中DAD攻击的防御方法
- A Defense Approach of DAD Attack in Stateless Auto Configuration
- 电信科学 2014年30卷第4期页码：54-60
- 作者机构：
  
  1. 哈尔滨工业大学计算机科学与技术学院哈尔滨 150001
  2. 国家计算机网络应急技术处理与协调中心北京 100029
- 作者简介：
  
  [ "宋广佳，男，哈尔滨工业大学博士生、讲师，主要研究方向为IPv6网络、网络安全、学术信誉度评价。" ]
  [ "季振洲，男，博士，哈尔滨工业大学教授，主要研究方向为高级计算机体系结构、并行计算技术、计算机网络安全和QoS体系。" ]
  [ "王晖，男，博士，现就职于国家计算机网络应急技术处理与协调中心，主要研究方向为网络建模和卫星宽带网络拥塞控制。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61173024)
- DOI：10.3969/j.issn.1000-0801.2014.04.008
  中图分类号：
- 网络出版日期：2014-04，
  
  纸质出版日期：2014-04-20
- 稿件说明：
移动端阅览
宋广佳, 季振洲, 王晖. 一种在无状态地址自动配置中DAD攻击的防御方法[J]. 电信科学, 2014,30(4):54-60.

Guangjia Song, Zhenzhou Ji, Hui Wang. A Defense Approach of DAD Attack in Stateless Auto Configuration[J]. Telecommunications science, 2014, 30(4): 54-60.
宋广佳, 季振洲, 王晖. 一种在无状态地址自动配置中DAD攻击的防御方法[J]. 电信科学, 2014,30(4):54-60. DOI： 10.3969/j.issn.1000-0801.2014.04.008.

Guangjia Song, Zhenzhou Ji, Hui Wang. A Defense Approach of DAD Attack in Stateless Auto Configuration[J]. Telecommunications science, 2014, 30(4): 54-60. DOI： 10.3969/j.issn.1000-0801.2014.04.008.

摘要

在无状态地址自动配置中，新IP地址在使用前需要进行重复地址检测。在检测过程中，一旦有攻击节点声称解析地址已经被占用，将导致节点地址配置失败，从而形成重复地址检测攻击。针对这种情况，提出使用WAY机制作为防御手段，WAY机制使用逆向地址确认、自我声明及WAY-table检查的方法，对欺骗报文进行过滤，使欺骗节点攻击成本增加且无法进行二次欺骗。仿真实验表明，WAY机制弥补了邻居发现协议安全性的不足，可大幅提升无状态地址自动配置的成功率。

Abstract

In stateless address auto configuration

node needs to carry out duplicate address detection before using a new IP address. In the detection process

once a malicious node claims that the resolve IP address is occupied

the node's address configuration will fail. For this case

WAY（who are you）mechanism as a defensive approach was proposed. WAY mechanism uses reverse address confirmation

self-declaration and WAY-table inspection to filter the spoofing packets

which make attackers' cost increase and cannot carry out secondary attack. The experiments show that WAY mechanism can effectively compensate the security flaws of neighbor discovery protocol

significantly increase the success rate of stateless address auto configuration.

关键词

Keywords

references

Plummer D C . An ethernet address resolution protocol . http://tools.ietf.org/html/rfc826 http://tools.ietf.org/html/rfc826 , http://tools.ietf.org/html/rfc826 , 1982

Narten T , Nordmark E , Simpson W , et al . Neighbor discovery for IP version 6（IPv6） . http://tools.IETF.org/html/rfc4861 http://tools.IETF.org/html/rfc4861 , http://tools.IETF.org/html/rfc4861 , 2007

Gao J H , Xia K J . ARP spoofing detection algorithm using ICMP protocol . Proceedings of the IEEE International Conference on Computer Communication and Informatics , Coimbatore, India , 2013 : 1 ～ 6

Wang X L , Zhou G . Defence design for ARP spoofing based on NDIS intermediate driver . Proceedings of the IEEE International Conference on Computer Distributed Control and Intelligent Environmental Monitoring , Changsha, China , 2012 : 218 ～ 220

Pandey P . Prevention of ARP spoofing: a probe packet based technique . Proceedings of the IEEE International Advance Computing Conference , Ghaziabad, India , 2013 : 147 ～ 153

Thomson S , Narten T , Jinmei T . IPv6 stateless address auto configuration . http://tools.IETF.org/html/rfc4862 http://tools.IETF.org/html/rfc4862 , http://tools.IETF.org/html/rfc4862 , 2007

Nikander P , Kempf J , Nordmark E . IPv6 neighbor discovery （ND） trust models and threats . http://tools.IETF.org/html/rfc3756 http://tools.IETF.org/html/rfc3756 , http://tools.IETF.org/html/rfc3756 , 2004

Liu C H , Dai Q G . Design of security neighbor discovery protocol . Proceedings of the IEEE International Conference on Communication Systems and Network Technologies , Gwalior, India , 2013 : 538 ～ 541

Arkko J , Kempf J , Zill B , et al . Secure neighbor discovery （SEND） . http://tools.IETF.org/html/rfc3971 http://tools.IETF.org/html/rfc3971 , http://tools.IETF.org/html/rfc3971 , 2005

Aura J Cryptographically generated addresses （CGA） . http://tools.IETF.org/html/rfc3972 http://tools.IETF.org/html/rfc3972 , http://tools.IETF.org/html/rfc3972 , 2005

AlSa'deh A , Meinel C . Secure neighbor discovery: review, challenges, perspectives, and recommendations . IEEE Security ＆Privacy , 2012 , 10 ( 4 ): 26 ～ 34

Rafiee H , AlSa'deh A , Meinel C . Multicore-based auto-scaling secure neighbor discovery for windows operating systems . Proceedings of the IEEE International Conference on Information Networking , Bali , 2012 : 269 ～ 274

Alsaˊdeh A , Feng C , Meinel C . CS-CGA: compact and more secure CGA . Proceedings of the IEEE International Conference on Networks , Singapore , 2011 : 299 ～ 304

Siddiqi Q S , Anwar M U . A study of CGA-（cryptographically generated address）signature based authentication of binding update messages in low-end MIPv6 node . Proceedings of the IEEE International Conference on Computer and Communication Engineering , Kuala Lumpur, Malaysia , 2012 : 510 ～ 514

AlSa'deh A , Rafiee H , Meinel C . Stopping time condition for practical IPv6 cryptographically generated addresses . Proceedings of the IEEE International Conference on Information Networking , Bali , 2012 : 257 ～ 262

Su G X , Wang W D , Gong X Y . A quick CGA generation method . Proceedings of the IEEE International Conference on Future Computer and Communication , Wuhan, China , 2010 : 769 ～ 773

Rafiee H , AlSa'deh A , Meinel C . Winsend: windows secure neighbor discovery . Proceedings of the ACM International Conference on Security of Information and Networks , Sydney, Australia , 2011 : 243 ～ 246

Hou Y , Wang Z X , Wang Y , et al . Routing attack in the ND and SEND mixed environment . Proceedings of the IEEE International Conference on Multimedia Information Networking and Security , Nanjing, China , 2012 : 959 ～ 962

Jinhua G , Kejian X . ARP spoofing detection algorithm using ICMP protocol . Proceedings of 2013 International Conference on Computer Communication and Informatics（ICCCI） , Paris, France , 2013 : 1 ～ 6

Pandey P , Prevention of ARP spoofing: a probe packet based technique . Proceedings of Advance Computing Conference （IACC）, 2013 IEEE 3rd International , Los Angles, USA , 2013 : 147 ～ 153

浏览量

410

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

5G网络量子安全算法应用研究

基于改进长短期记忆网络的新能源场站网络安全评估方法研究

基于RPA技术的网络安全运营自动化实践应用研究

天地一体化网络安全挑战及创新方案

信息通信技术若干发展趋势