面向数据链路层的自主地址解析协议安全机制研究

发布时间：2017-12-31 06:25

本文关键词：面向数据链路层的自主地址解析协议安全机制研究　出处：《哈尔滨工业大学》2016年博士论文　论文类型：学位论文

【摘要】：计算机网络采用层次化的方法来简化网络的设计与实现。为了减少上下层之间的耦合程度,网络体系的每一层在设计过程中都尽可能的使用独立的通信属性,这种设计导致上下层间的通信属性要有明确的对应关系。地址解析协议则重点解决数据链路层物理地址与网络层的IP地址之间的对应关系。在现有的网络体系中,处理通信属性对应关系主要有两种模式:一种是以DNS为代表的集中解析方式;另外一种则是以地址解析协议为代表的自主发现模式。由于在自主发现模式中不存在权威的服务器,地址的产生与使用无需注册与认证,因此地址解析协议极易受到欺骗攻击,所以安全是地址解析协议不可回避的问题。针对当前地址解析协议面临的安全威胁,论文力求在协议机制、关键信息隐藏、地址解析的特殊性研究、安全协议设计等方面取得研究成果。首先,论文证明了与地址解析协议相关的两个重要问题:对应关系的不可判定性及地址解析与地址重复的等价性。以往的研究多采用判定的方式来提升解析过程的安全性,通过判定来过滤非法报文,这种判定或者使用自身的系统软件或者通过第三方设备来实现,但对应的不可判定性则表明采用判定的方式是不完美的,误判率是不可消除的。而地址解析与DAD的等价性则表明NDP、SEND等协议在设计上可以简化,部分功能可以合并,解析过程与DAD在安全方法上可以互相借鉴。进一步,针对协议设计缺少理论支撑问题,本文从博弈论角度对地址解析协议的安全性进行了研究。首先提出了钱包问题,通过对钱包问题的博弈树分析,指出了地址解析协议的设计的不合理之处。从博弈论的角度看,地址解析问题是一个三阶段的信号博弈。第一阶段即信号设计阶段,此阶段的目的是要最大限度提升主机的安全性;第二阶段为主机发出信号,其他参与人决定是否参与;第三阶段各个参与人根据博弈规则与收益函数决定最终收益。分析表明,如果协议机制设计的合理,理性的参与人会放弃无谓的攻击,因为攻击行为的收益会小于正常参与行为下的收益。其次,本文提出了WAY机制的重复地址检测过程。传统的重复地址检测过程在发起阶段直接将检测的目的地址(关键信息)在网络中进行广播,导致检测过程容易受到针对性的DoS攻击,结果是节点无法配置新地址。为克服这种弱点,论文提出了WAY。WAY机制将重复地址检测的目的地址视为关键信息,通过自我声明及WAY-table检查的方法,同时使用逆向地址确认使攻击节点暴露真实MAC地址,从而对欺骗报文进行过滤,使欺骗节点攻击成本增加且无法进行二次及多次欺骗。第三,本文提出了逆向地址解析机制Re-AR。机制设计理论表明,传统的地址解析协议的机制设计是不合理的,它并没有实现机制设计的目的,即机制设计者利益的最大化或者尽可能的公平。它使得恶意节点可以通过简单的欺骗手段就可以获取更多的收益。针对这些问题,论文提出了基于逆向机制的地址解析过程与重复地址检测过程。根据机制设计理论中的显示原理,逆向地址解析过程将主机的网络地址与物理地址视为私有类型,在地址解析过程中,节点收到地址解析广播报文后将私有类型单播给解析主机,解析主机根据事先确定的机制将通信权交给正确的被解析方。由于逆向地址解析在进行广播时不公开解析目的地址,使得欺骗节点无法根据目的地址进行攻击,有效防止了欺骗。在逆向重复地址检测过程Re-DAD中,检测主机并不直接给出检测的目的地址,而是通过前缀信息来给出检测范围,让应答节点主动声明符合条件的地址,主机通过验证这些地址,判断是否存在地址冲突,从而显著增加了攻击难度。第四,论文提出了寻找秘密人问题SSM及匿名地址解析协议AS-AR。现实中还存在很多问题与钱包问题类似,这些问题具有自身的特点,论文将这类问题称为寻找秘密人问题,地址解析是寻找秘密人问题的一个实例。论文针对寻找秘密人问题的特点,提出了一种新的安全协议,即寻找秘密人协议。寻找秘密人协议要解决的问题是:在关键信息必须公开的情况下,如何降低寻找秘密人的风险。论文设计了两种寻找秘密人协议的模型:一种基于随机预示机模型;另外一种则为综合安全协议。并在这两种模型的基础上设计了新的重复地址检测过程DAD-h与地址解析过程AS-AR。新的地址解析过程称为匿名的地址解析过程,这种地址解析过程不仅将解析的目的地址进行隐藏,同时还将解析节点的IP地址与MAC地址进行隐藏,实现了匿名地址解析。实验与对比分析表明,这种匿名的地址解析过程不但可以防止欺骗攻击,还有效的防止了拒绝服务攻击。
[Abstract]:Computer network adopts hierarchical method to simplify the design and implementation. In order to reduce the coupling degree between two layers, each layer of the network system in the design process as the communication attributes may use independently, this design leads to communication between the upper and lower properties that have a clear relationship. Then the address resolution protocol the key to solve the correspondence between the data link layer and network layer physical address IP address. In the existing network system, the corresponding relationship between communication attributes has two main modes: one is centralized analysis method represented by DNS; another is to address resolution protocol as the representative of the independent model. Due to the self discovery authority server does not exist mode, address generation and use without registration and certification, so vulnerable to ARP spoofing attacks, so the security is. The analytical protocol can not be avoided. In view of the current security threats facing the ARP protocol, in the paper the key mechanism, information hiding, study the particularity of address resolution, obtain research results of security protocol design. Firstly, the thesis proves that the solution of two important issues related to analysis and address: correspondence agreement undecidability and address resolution and address repeated equivalence. Previous studies using decision way to enhance the safety of the parsing process, by deciding to filter illegal message, this kind of judgement or use software itself or by third party equipment, but the corresponding undecidability is that the judge the way is not perfect, it is not possible to eliminate false positives. And the equivalence of DAD and analytic address indicates that NDP, SEND and other protocols can be simplified in the design, some of the work can be combined Then, the parsing process and DAD can learn from each other in security methods. Further, according to the protocol design lacks the support theory, this paper from the game theory angle of the safety of ARP was studied. First proposed the wallet problem, through the game tree on the wallet problem analysis, pointed out the unreasonable design of address resolution protocol the. From the perspective of game theory, address resolution problem is a signaling game in three stages. The first stage is signal design stage, this stage is designed to enhance the security of the host of the maximum; the second stage is the host signal, other participants to decide whether to participate in the third stages; in the game the rules and determine the final income income function. The results show that, if the protocol design is reasonable, rational participation of people will give up unnecessary attack, because the attack behavior will return Less than normal participation under income. Secondly, this paper presents the process WAY duplicate address detection mechanism. Duplicate address detection in traditional initiation stage directly to the destination address detection (key information) to broadcast on the network, resulting in the detection process vulnerable to targeted DoS attacks, results are unable to configure new nodes address. In order to overcome this weakness, this paper proposes the WAY.WAY mechanism to address duplicate address detection as the key information, through the method of self declaration and WAY-table examination, and confirm the attack node to expose the true MAC address using reverse address, thus to filter spoofing packets, which increase the cost of cheating node attack and can not be two times and repeatedly deceived. Third, is presented in this paper show that the reverse address resolution mechanism Re-AR. mechanism design theory, mechanism design of address resolution protocol is not traditional Reasonable, it does not achieve the aim of mechanism design, namely maximum mechanism designers benefit or as fair as possible. It makes the malicious nodes through simple deception can get more income. To solve these problems, the proposed process of reverse address resolution mechanism and duplicate address detection based on according to. The principle of mechanism design theory, reverse address resolution process network address and physical address of the host as a private type in the address resolution process, node receives a broadcast message will address resolution to resolve the host private type unicast communication, to resolve the host will power to the correct parse according to the predetermined mechanism. Because reverse address resolution not to open the destination address in analytical method for broadcasting, the deception node cannot attack according to the destination address, to effectively prevent the cheating. In the reverse duplicate address detection Re-DAD, destination address detection host can not give direct detection, but through the prefix information to give the detection range, to meet the conditions of the active node response statement addresses the host through the validation of these address, to determine whether there is conflict, which resulted in a significant increase in attack difficulty. Fourth, proposed the search for the secret the problem of SSM and anonymous address resolution protocol AS-AR. in reality, there are still many problems with the wallet problems similar to these problems, has its own characteristics, the problems of this type are called for secret issues, address resolution is an example of finding the secret people problems. According to the characteristics of the search for the secret of problems, put forward a a new security protocol, i.e. finding the secret agreement. In order to solve the problem of finding the secret agreement is: must be in the public key information about the case, how to reduce the The secret for risk. This paper designed two kinds of search for the secret agreement model: a prediction model based on random machine; another is the comprehensive security protocol. Based on these two models on the design process of AS-AR. address resolution DAD-h and address resolution process of duplicate address detection process of a new call to address the parsing process anonymous, this process will not only address resolution to address resolution to hide, also will parse node's IP address and MAC address are hidden, achieve anonymous address resolution. Experimental analysis and comparison show that this kind of anonymous address resolution process can not only prevent spoofing attacks, but also effectively prevent rejection service attack.

【学位授予单位】：哈尔滨工业大学
【学位级别】：博士
【学位授予年份】：2016
【分类号】：TP393.08

【相似文献】