本文關(guān)鍵詞：面向數(shù)據(jù)鏈路層的自主地址解析協(xié)議安全機(jī)制研究　出處：《哈爾濱工業(yè)大學(xué)》2016年博士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 地址解析 鄰居發(fā)現(xiàn) 博弈 WAY機(jī)制 逆向機(jī)制設(shè)計(jì) 匿名解析

【摘要】：計(jì)算機(jī)網(wǎng)絡(luò)采用層次化的方法來簡(jiǎn)化網(wǎng)絡(luò)的設(shè)計(jì)與實(shí)現(xiàn)。為了減少上下層之間的耦合程度,網(wǎng)絡(luò)體系的每一層在設(shè)計(jì)過程中都盡可能的使用獨(dú)立的通信屬性,這種設(shè)計(jì)導(dǎo)致上下層間的通信屬性要有明確的對(duì)應(yīng)關(guān)系。地址解析協(xié)議則重點(diǎn)解決數(shù)據(jù)鏈路層物理地址與網(wǎng)絡(luò)層的IP地址之間的對(duì)應(yīng)關(guān)系。在現(xiàn)有的網(wǎng)絡(luò)體系中,處理通信屬性對(duì)應(yīng)關(guān)系主要有兩種模式:一種是以DNS為代表的集中解析方式;另外一種則是以地址解析協(xié)議為代表的自主發(fā)現(xiàn)模式。由于在自主發(fā)現(xiàn)模式中不存在權(quán)威的服務(wù)器,地址的產(chǎn)生與使用無需注冊(cè)與認(rèn)證,因此地址解析協(xié)議極易受到欺騙攻擊,所以安全是地址解析協(xié)議不可回避的問題。針對(duì)當(dāng)前地址解析協(xié)議面臨的安全威脅,論文力求在協(xié)議機(jī)制、關(guān)鍵信息隱藏、地址解析的特殊性研究、安全協(xié)議設(shè)計(jì)等方面取得研究成果。首先,論文證明了與地址解析協(xié)議相關(guān)的兩個(gè)重要問題:對(duì)應(yīng)關(guān)系的不可判定性及地址解析與地址重復(fù)的等價(jià)性。以往的研究多采用判定的方式來提升解析過程的安全性,通過判定來過濾非法報(bào)文,這種判定或者使用自身的系統(tǒng)軟件或者通過第三方設(shè)備來實(shí)現(xiàn),但對(duì)應(yīng)的不可判定性則表明采用判定的方式是不完美的,誤判率是不可消除的。而地址解析與DAD的等價(jià)性則表明NDP、SEND等協(xié)議在設(shè)計(jì)上可以簡(jiǎn)化,部分功能可以合并,解析過程與DAD在安全方法上可以互相借鑒。進(jìn)一步,針對(duì)協(xié)議設(shè)計(jì)缺少理論支撐問題,本文從博弈論角度對(duì)地址解析協(xié)議的安全性進(jìn)行了研究。首先提出了錢包問題,通過對(duì)錢包問題的博弈樹分析,指出了地址解析協(xié)議的設(shè)計(jì)的不合理之處。從博弈論的角度看,地址解析問題是一個(gè)三階段的信號(hào)博弈。第一階段即信號(hào)設(shè)計(jì)階段,此階段的目的是要最大限度提升主機(jī)的安全性;第二階段為主機(jī)發(fā)出信號(hào),其他參與人決定是否參與;第三階段各個(gè)參與人根據(jù)博弈規(guī)則與收益函數(shù)決定最終收益。分析表明,如果協(xié)議機(jī)制設(shè)計(jì)的合理,理性的參與人會(huì)放棄無謂的攻擊,因?yàn)楣粜袨榈氖找鏁?huì)小于正常參與行為下的收益。其次,本文提出了WAY機(jī)制的重復(fù)地址檢測(cè)過程。傳統(tǒng)的重復(fù)地址檢測(cè)過程在發(fā)起階段直接將檢測(cè)的目的地址(關(guān)鍵信息)在網(wǎng)絡(luò)中進(jìn)行廣播,導(dǎo)致檢測(cè)過程容易受到針對(duì)性的DoS攻擊,結(jié)果是節(jié)點(diǎn)無法配置新地址。為克服這種弱點(diǎn),論文提出了WAY。WAY機(jī)制將重復(fù)地址檢測(cè)的目的地址視為關(guān)鍵信息,通過自我聲明及WAY-table檢查的方法,同時(shí)使用逆向地址確認(rèn)使攻擊節(jié)點(diǎn)暴露真實(shí)MAC地址,從而對(duì)欺騙報(bào)文進(jìn)行過濾,使欺騙節(jié)點(diǎn)攻擊成本增加且無法進(jìn)行二次及多次欺騙。第三,本文提出了逆向地址解析機(jī)制Re-AR。機(jī)制設(shè)計(jì)理論表明,傳統(tǒng)的地址解析協(xié)議的機(jī)制設(shè)計(jì)是不合理的,它并沒有實(shí)現(xiàn)機(jī)制設(shè)計(jì)的目的,即機(jī)制設(shè)計(jì)者利益的最大化或者盡可能的公平。它使得惡意節(jié)點(diǎn)可以通過簡(jiǎn)單的欺騙手段就可以獲取更多的收益。針對(duì)這些問題,論文提出了基于逆向機(jī)制的地址解析過程與重復(fù)地址檢測(cè)過程。根據(jù)機(jī)制設(shè)計(jì)理論中的顯示原理,逆向地址解析過程將主機(jī)的網(wǎng)絡(luò)地址與物理地址視為私有類型,在地址解析過程中,節(jié)點(diǎn)收到地址解析廣播報(bào)文后將私有類型單播給解析主機(jī),解析主機(jī)根據(jù)事先確定的機(jī)制將通信權(quán)交給正確的被解析方。由于逆向地址解析在進(jìn)行廣播時(shí)不公開解析目的地址,使得欺騙節(jié)點(diǎn)無法根據(jù)目的地址進(jìn)行攻擊,有效防止了欺騙。在逆向重復(fù)地址檢測(cè)過程Re-DAD中,檢測(cè)主機(jī)并不直接給出檢測(cè)的目的地址,而是通過前綴信息來給出檢測(cè)范圍,讓應(yīng)答節(jié)點(diǎn)主動(dòng)聲明符合條件的地址,主機(jī)通過驗(yàn)證這些地址,判斷是否存在地址沖突,從而顯著增加了攻擊難度。第四,論文提出了尋找秘密人問題SSM及匿名地址解析協(xié)議AS-AR。現(xiàn)實(shí)中還存在很多問題與錢包問題類似,這些問題具有自身的特點(diǎn),論文將這類問題稱為尋找秘密人問題,地址解析是尋找秘密人問題的一個(gè)實(shí)例。論文針對(duì)尋找秘密人問題的特點(diǎn),提出了一種新的安全協(xié)議,即尋找秘密人協(xié)議。尋找秘密人協(xié)議要解決的問題是:在關(guān)鍵信息必須公開的情況下,如何降低尋找秘密人的風(fēng)險(xiǎn)。論文設(shè)計(jì)了兩種尋找秘密人協(xié)議的模型:一種基于隨機(jī)預(yù)示機(jī)模型;另外一種則為綜合安全協(xié)議。并在這兩種模型的基礎(chǔ)上設(shè)計(jì)了新的重復(fù)地址檢測(cè)過程DAD-h與地址解析過程AS-AR。新的地址解析過程稱為匿名的地址解析過程,這種地址解析過程不僅將解析的目的地址進(jìn)行隱藏,同時(shí)還將解析節(jié)點(diǎn)的IP地址與MAC地址進(jìn)行隱藏,實(shí)現(xiàn)了匿名地址解析。實(shí)驗(yàn)與對(duì)比分析表明,這種匿名的地址解析過程不但可以防止欺騙攻擊,還有效的防止了拒絕服務(wù)攻擊。
[Abstract]:Computer network adopts hierarchical method to simplify the design and implementation. In order to reduce the coupling degree between two layers, each layer of the network system in the design process as the communication attributes may use independently, this design leads to communication between the upper and lower properties that have a clear relationship. Then the address resolution protocol the key to solve the correspondence between the data link layer and network layer physical address IP address. In the existing network system, the corresponding relationship between communication attributes has two main modes: one is centralized analysis method represented by DNS; another is to address resolution protocol as the representative of the independent model. Due to the self discovery authority server does not exist mode, address generation and use without registration and certification, so vulnerable to ARP spoofing attacks, so the security is. The analytical protocol can not be avoided. In view of the current security threats facing the ARP protocol, in the paper the key mechanism, information hiding, study the particularity of address resolution, obtain research results of security protocol design. Firstly, the thesis proves that the solution of two important issues related to analysis and address: correspondence agreement undecidability and address resolution and address repeated equivalence. Previous studies using decision way to enhance the safety of the parsing process, by deciding to filter illegal message, this kind of judgement or use software itself or by third party equipment, but the corresponding undecidability is that the judge the way is not perfect, it is not possible to eliminate false positives. And the equivalence of DAD and analytic address indicates that NDP, SEND and other protocols can be simplified in the design, some of the work can be combined Then, the parsing process and DAD can learn from each other in security methods. Further, according to the protocol design lacks the support theory, this paper from the game theory angle of the safety of ARP was studied. First proposed the wallet problem, through the game tree on the wallet problem analysis, pointed out the unreasonable design of address resolution protocol the. From the perspective of game theory, address resolution problem is a signaling game in three stages. The first stage is signal design stage, this stage is designed to enhance the security of the host of the maximum; the second stage is the host signal, other participants to decide whether to participate in the third stages; in the game the rules and determine the final income income function. The results show that, if the protocol design is reasonable, rational participation of people will give up unnecessary attack, because the attack behavior will return Less than normal participation under income. Secondly, this paper presents the process WAY duplicate address detection mechanism. Duplicate address detection in traditional initiation stage directly to the destination address detection (key information) to broadcast on the network, resulting in the detection process vulnerable to targeted DoS attacks, results are unable to configure new nodes address. In order to overcome this weakness, this paper proposes the WAY.WAY mechanism to address duplicate address detection as the key information, through the method of self declaration and WAY-table examination, and confirm the attack node to expose the true MAC address using reverse address, thus to filter spoofing packets, which increase the cost of cheating node attack and can not be two times and repeatedly deceived. Third, is presented in this paper show that the reverse address resolution mechanism Re-AR. mechanism design theory, mechanism design of address resolution protocol is not traditional Reasonable, it does not achieve the aim of mechanism design, namely maximum mechanism designers benefit or as fair as possible. It makes the malicious nodes through simple deception can get more income. To solve these problems, the proposed process of reverse address resolution mechanism and duplicate address detection based on according to. The principle of mechanism design theory, reverse address resolution process network address and physical address of the host as a private type in the address resolution process, node receives a broadcast message will address resolution to resolve the host private type unicast communication, to resolve the host will power to the correct parse according to the predetermined mechanism. Because reverse address resolution not to open the destination address in analytical method for broadcasting, the deception node cannot attack according to the destination address, to effectively prevent the cheating. In the reverse duplicate address detection Re-DAD, destination address detection host can not give direct detection, but through the prefix information to give the detection range, to meet the conditions of the active node response statement addresses the host through the validation of these address, to determine whether there is conflict, which resulted in a significant increase in attack difficulty. Fourth, proposed the search for the secret the problem of SSM and anonymous address resolution protocol AS-AR. in reality, there are still many problems with the wallet problems similar to these problems, has its own characteristics, the problems of this type are called for secret issues, address resolution is an example of finding the secret people problems. According to the characteristics of the search for the secret of problems, put forward a a new security protocol, i.e. finding the secret agreement. In order to solve the problem of finding the secret agreement is: must be in the public key information about the case, how to reduce the The secret for risk. This paper designed two kinds of search for the secret agreement model: a prediction model based on random machine; another is the comprehensive security protocol. Based on these two models on the design process of AS-AR. address resolution DAD-h and address resolution process of duplicate address detection process of a new call to address the parsing process anonymous, this process will not only address resolution to address resolution to hide, also will parse node's IP address and MAC address are hidden, achieve anonymous address resolution. Experimental analysis and comparison show that this kind of anonymous address resolution process can not only prevent spoofing attacks, but also effectively prevent rejection service attack.

【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 徐國(guó)天;;地址解析協(xié)議的安全問題研究[J];遼寧大學(xué)學(xué)報(bào)(自然科學(xué)版);2009年02期

2 李芳;夏宇;;地址解析協(xié)議病毒攻擊與防御分析[J];軟件;2013年02期

3 朱安凱;劉鳳榮;張宇;;校園網(wǎng)網(wǎng)絡(luò)地址解析協(xié)議被攻擊的解決方法[J];科技信息(學(xué)術(shù)研究);2008年20期

4 馬軍;王巖;;ARP協(xié)議攻擊及其解決方案[J];微計(jì)算機(jī)信息;2006年15期

5 路建民;;淺析ARP欺騙原理及解決方法[J];鐵道通信信號(hào);2011年07期

6 王湘渝;邱春榮;;基于“ARP攻擊與防范”課程實(shí)驗(yàn)設(shè)計(jì)[J];實(shí)驗(yàn)室研究與探索;2009年05期

7 王學(xué)麗;;ARP協(xié)議欺騙與預(yù)防[J];黑龍江科技信息;2012年20期

8 李揚(yáng)繼,方勇,蘭昆,陳超;ARP協(xié)議的攻擊與防范[J];兵工自動(dòng)化;2004年04期

9 ;QA答疑室[J];少年電腦世界;2009年Z1期

10 胡若云,胡建偉,楊紹全;利用地址解析協(xié)議的地址空間欺騙技術(shù)[J];信息與電子工程;2005年03期

相關(guān)會(huì)議論文 前2條

1 劉鵬;李治國(guó);;論網(wǎng)絡(luò)地址解析協(xié)議被攻擊的解決方法[A];山東電機(jī)工程學(xué)會(huì)第五屆供電專業(yè)學(xué)術(shù)交流會(huì)論文集[C];2008年

2 劉寧;王靖;高成英;;基于ARP Agent的透明防火墻技術(shù)[A];全國(guó)第十五屆計(jì)算機(jī)科學(xué)與技術(shù)應(yīng)用學(xué)術(shù)會(huì)議論文集[C];2003年

相關(guān)重要報(bào)紙文章 前2條

1 武孟軍;ARP導(dǎo)致的網(wǎng)絡(luò)故障[N];電腦報(bào);2004年

2 朱文博;認(rèn)識(shí)TCP/IP和ISO-OSI[N];電腦報(bào);2003年

相關(guān)博士學(xué)位論文 前1條

1 宋廣佳;面向數(shù)據(jù)鏈路層的自主地址解析協(xié)議安全機(jī)制研究[D];哈爾濱工業(yè)大學(xué);2016年

相關(guān)碩士學(xué)位論文 前2條

1 王素蘋;IPv6 over DVB系統(tǒng)中地址解析協(xié)議的設(shè)計(jì)與實(shí)現(xiàn)[D];內(nèi)蒙古大學(xué);2008年

2 張黃勵(lì);針對(duì)ARP攻擊的主動(dòng)防范策略研究與實(shí)現(xiàn)[D];重慶大學(xué);2010年

，

本文編號(hào)：1358569