向后兼容防缓存污染攻击的方法研究

发布时间：2018-07-02 08:14

本文选题：中间人攻击 + 缓存中毒攻击　；参考：《华中科技大学》2014年博士论文

【摘要】：随着科学技术的进步,计算机科学已经渗透到人们生活中的各个领域,人类对计算机网络的需求越来越强烈。Internet的诞生,使分布在世界上数以千计的网络互联起来。但是各类硬件、软件、数据和信息在网络上是共享使用的,这将导致很严重的安全问题。当今,中间人攻击仍是计算机网络资源的重大威胁之一,这种攻击通常伪装成一个合法用户的主机来恶意欺骗其它主机。这样,一个设备如果能够成功伪装成另一个主机,它就能在合法信息到达目标设备之前,中间拦截、读取、修改或破坏此信息。 ARP缓存污染是欺骗网络主机的一种手段。它利用ARP协议中IP地址要被转换为物理(MAC)地址的特性来实施攻击。ARP是无状态协议,这意味着,它在没发送请求的情况下,也将接受响应包。想要获取目的主机通信内容的攻击者可以发送伪造的、且匹配任何选定IP地址的ARP响应给请求主机。接受这些伪造的ARP响应的主机无法区分是否是合法的ARP响应,因此将发送带攻击者MAC地址的数据包。另一方面,利用DNS缓存攻击技术的攻击者还能把伪造的数据引入DNS服务器缓存表,目的是操作解析数据使得目标不可达或者转移信息给错误的地址,这也被认为是当今互联网用户的一大威胁。有许多方案已经提出用来解决ARP和DNS缓存污染问题,可是,截至目前为止,它们都还无法大规模部署开来。其中的主要原因是：这些方案并不向后兼容,因为它们包含加密技术,这将导致传统的ARP/DNS协议将要进行很大的修改,并增加了很大的复杂性。显然,管理员手工清除污染的方法会造成巨大开销和负担。另外,动态检测方法也可以用来解决管理缓存的污染问题。但是,它的误警太多,导致网络管理员无所适从。为此,提出了针对ARP和DNS协议中缓存欺骗引发不安全性问题的解决方案。第一个解决方案着眼于设计一种保护方法来提高DNS服务器的安全性。该方案称为DNS自适应缓存(ACDNS)。它依赖于缓存机制来阻止这类攻击。因为我发现,调整缓存的存储策略将提高安全性并提升网络访问效率。ACDNS的设计与当前DNS标准相兼容,并且完全适用于基本的协议流程和基础设施。我的方法仅仅是在把收到的DNS响应存入缓存之前添加一段延迟时间以构成新的缓存间隔。即在需要存储一个新的映射时ACDNS停留等待直到新的缓存间隔到,如果另一个有相同TXID的DNS响应在这个期间内来临,ACDNS将丢弃这些包。然后,它必须发送一个新的含有另一个TXID的查询。比较ACDNS和DNS的性能表明,本方案能完全保护域名解析者不受缓存污染的攻击。此外,ACDNS的延迟分布很接近于DNS查询解析延迟。另一方面,DNS查询的原过程和ACDNS是完全兼容的。因此,我的方案可以迅速得到部署,对任意单个DNS服务器都可以实现该改进措施,因为ACDNS不需要在当前的DNS基础设施上(对每一层)进行重大修改。第二个解决方案也是着眼于防止DNS缓存污染。引入一种称作“GDR--防止DNS缓存污染攻击(GDNS)"的方案来解析域名。设计的GDNS包含两个阶段：第一阶段是GDNS无故请求阶段(GDR),在这个阶段,GDNS必须对有效期内的每个域名再发送相应的DNS查询来更新它们的映射。这意味着,对最近缓存的DNS域名进行自动再查询(更新缓存记录)来提高缓存中的DNS查询命中率。因此,GDNS可使区域域名服务器(ZS)的高速缓存保存区域DNS新近的域信息而减少DNS解析时间,并无需为每个DNS请求向权威的顶级域名服务器(TLD)发出DNS查询。第二阶段是缓存定时,正如ACDNS方案那样在缓存收到对DNS缓存污染攻击检测和防御的应答之前加一段延迟时间。因此,GDR算法提供了两个好处。第一,它为解析域名接近最优的性能提供了一种有效的技术。第二,虽然在缓存接收响应之前增加了一段延迟时间,但GDI对GDNS在减少解析延迟上有显著的帮助。实验结果表明,GDNS可以有效的防止缓存污染攻击。同时还将极大地减少域名解析延迟时间,它是域名解析的重要性能参数。第三个解决方案是防止ARP欺骗。提出用“基于C/S的入侵检测系统(CSIDS)"来实现对ARP欺骗攻击的检测和防御。其主要思想是监控接收到的ARP数据包,如果发现可疑的ARP数据包,同一网络的CSIDS的系统将交换控制信息。这个控制信息容许CSIDS在更新ARP缓存之前指出恶意的数据包或者给发送方发送一个响应包。每一个异常的数据包必须被发送至CSIDS服务器以作检查,并且同网络的各CSIDS部分将投票决策以作出该数据包或真或假的回应给请求端。为了评估CSIDS检测和预防的能力,我对CSIDS和ARP的性能作了对比,结果表明,CSIDS系统被证明是很容易实现的,并可应用在局域网内来提高安全性。第四个解决方案主要是提供一个良好且廉价的方案,叫做“无偿决策的分组系统(GDPS)",旨在克服ARP协议的不安全性即IP地址的欺骗。它力图达到两个主要目标：(1)GDPS通过实时分析ARP数据包来探测出可疑ARP包；(2)通过发送修改后的ARP请求包来判断合法与非法的主机。在此方案中我着重于ARP的通信映射来提高ARP协议的安全性。因为GDPS取决于发送的一组改进的ARP请求,然后,GDPS计算响应的开销,这意味着用平均响应时间和ARP响应包的数量来区分合法或攻击者的MAC地址。结果表明,攻击者机器发送ARP应答包的数量是被害者发送数据包的数倍。为了对以上两种方案进行安全分析,我扩展了NS-2框架来仿真所有的协议,与ARP与DNS正常执行进行了各种比较。总之,我的方案有很多重要的优点,总结如下：(1)能够有效阻止普遍的缓存污染攻击；(2)能够向后兼容ARP和DNS协议的现有标准；(3)这些解决方案不使用密码,无单点失效问题；(4)能够以很低的代价轻易地被应用；(5)对于GDNS方法,它大大降低了DNS解析延迟；(6)作为第三和第四种解决方案,能够很好地在动态环境(DHCP)下匹配运行.
[Abstract]:With the progress of science and technology , computer science has infiltrated all fields in people ' s life , and human demand for computer networks is becoming more and more intense . The birth of the Internet connects thousands of networks in the world . But all kinds of hardware , software , data and information are shared on the network , which will lead to serious security problems .

Today , man - in - the - middle attacks are still one of the major threats to computer network resources , often disguised as a legitimate user ' s host for malicious spoofing of other hosts . As such , a device can intercept , read , modify , or destroy this information before legitimate information reaches the target device if it can be successfully disguised as another host .

ARP cache contamination is a means of spoofing a network host . It utilizes the characteristics of the IP address in the ARP protocol to be converted to a physical ( MAC ) address . ARP is a stateless protocol , which means that it will accept a response packet without sending a request . An attacker who wants to acquire the destination host communication content may send a forged , and match any ARP response to any selected IP address to the requesting host . The host that accepts these forged ARP responses cannot distinguish whether it is a legitimate ARP response , so packets with an attacker MAC address will be sent .

On the other hand , an attacker using DNS cache attack techniques can also introduce forged data into the DNS server cache table for the purpose of operating the resolution data so that the destination unreachable or the transfer of information to the wrong address is also considered a major threat to today ' s Internet users .

There are many scenarios that have been proposed to address the problem of ARP and DNS cache pollution , but so far , they have not been deployed on a large scale . The main reason is that these schemes are not backwards compatible because they contain encryption technology , which will lead to significant changes in traditional ARP / DNS protocols , and a large complexity . Obviously , manual cleanup of pollution by administrators can cause significant overhead and burden . Additionally , dynamic detection methods can also be used to address the problem of managing cache pollution . However , dynamic detection methods are too many to result in a network administrator doing nothing .

For this reason , a solution to the problem of non - security caused by cache spoofing in ARP and DNS protocols is proposed .

The first solution is to design a protection method to improve the security of the DNS server . The protocol is called the DNS Adaptive Cache ( ACDNS ) . It relies on caching mechanisms to prevent such attacks . The ACDNS is designed to be compatible with the current DNS standard and is fully applicable to basic protocol processes and infrastructure .

The second solution is to prevent DNS cache contamination . A solution called " GDR - - Prevention of DNS Cache Contamination Attack ( GDNS ) " is introduced to resolve the domain name . The design ' s GDNS includes two phases : the first phase is the GDNS latency request phase ( GDR ) . This means that GDNS provides two benefits to the DNS domain name server ( ZS ) . The second stage is cache timing . As a result , GDNS provides a significant help to resolve the domain name near optimal performance . The second is that GDNS can effectively prevent cache contamination attacks . The third solution is to prevent ARP spoofing . A C / S based intrusion detection system ( CSIDS ) is proposed to detect and protect ARP spoofing attacks . The main idea is to monitor received ARP packets . If a suspicious ARP packet is found , CSIDS of the same network will exchange control information . This control information allows CSIDS to indicate malicious packets before updating the ARP cache or to send a response packet to the sender . In order to evaluate the ability of CSIDS to detect and prevent , I compared the performance of CSIDS and ARP . The results show that the CSIDS system is proven to be easily implemented and can be applied to the local area network to improve security . The fourth solution is to provide a good and inexpensive solution , called a " decision - free packet system ( GDPS ) " , designed to overcome the unsecure IP address spoofing of the ARP protocol . It seeks to achieve two primary objectives : ( 1 ) GDPS determines the legitimate and illegal hosts by sending modified ARP request packets ; ( 2 ) By sending the modified ARP request packet , I focus on the ARP request and then , GDPS calculates the MAC address of the response . The results indicate that the number of ARP reply packets sent by the attacker machine is an integer multiple of the victim ' s sending packet . In order to secure the above two schemes , I extended the NS - 2 framework to simulate all protocols , and compared ARP with DNS . In summary , my scheme has many important advantages , summarized as follows : ( 1 ) can effectively prevent the common cache pollution attack ; ( 2 ) can be backwards compatible with the existing standards of ARP and DNS protocols ; ( 3 ) the solution does not use the password , has no single point failure problem ; ( 4 ) can be easily applied at a very low cost ; ( 5 ) For the GDNS method , the DNS resolution delay is greatly reduced ; and ( 6 ) As the third and fourth solutions , the operation can be well matched under the dynamic environment ( DHCP ) .
【学位授予单位】：华中科技大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TP393.08

【共引文献】