- 學位論文
在無線網路中對抗MAC位址欺騙威脅之代理人機制設計
Design of an Agent-based Mechanism to Counter MAC Address Spoofing Threats in Wireless Networks
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
無線網路提供了便利的網路存取服務,但是惡意使用者卻可以透過偽造MAC位址的方式來非法使用網路。在這種網路威脅中,惡意使用者不但可以自由存取網路,竊取使用者的機密,甚至可以對遠端伺服器達成阻斷式攻擊,或是對使用者正在進行的網路連線進行綁架攻擊。在目前的存取控制協定中,雖然有方法可以對抗偽造MAC位址所產生的威脅,但是其佈建或更新的代價相當高昂。針對於此,本論文中提出了一個代理人機制來對抗MAC位址偽造的威脅。此機制的作法主要是利用合法下載之代理人將傳送出去的封包加密,經由存取控管伺服器之驗證與解密,才進行正常傳送流程。由於惡意使用者無法取得合法代理人,傳送出去的封包便會變成無效封包,進而對抗MAC位址偽造所產生的威脅。我們將此機制以JAVA實作在Linux與Windows上,並驗證此機制可對抗MAC位址偽造的威脅,未來可進一步推廣在無線網路中。
並列摘要
Wireless networks provide convenient Internet services. Unfortunately, malicious users can illegally access the network using MAC address spoofing. They may also initiate othter network attacks to violate the rights of legal users. Although many approaches exist to counter MAC address spoofing threats in current access control protocols, their deployment costs are very high. In this thesis, we propose an agent-based mechanism to counter MAC address spoofing threats. Because malicious users cannot get the agent, the illegal transmitted packets will be treated as invalid packets and filtered out. We have implemented this mechanism on Linux and Windows in JAVA. We also show that the mechanism can counter MAC address spoofing threats.
參考文獻
[5] B. Aboba and D. Simon, “PPP EAP TLS Authentication Protocol,” RFC 2716 (Informational),1996.
[11] IEEE Standard for Local and metropolitan area networks Port-Based Network Access Control, IEEE Std 802.1X-2004 (Revision of IEEE Std 802.1X-2001), 2004.
[13] J. S. Park and D. Dicoi, “WLAN Security: Current and Future,” IEEE Internet Computing, vol. 7, no. 5, pp. 60–65, Sept. 2003.
[15] Z. Wan, R. H. Deng, F. Bao, and A. L. Ananda, “Access Control Protocols with Two-layer Architecture for Wireless Networks,” Computer Networks, vol. 51, pp. 655–670, Feb. 2007.
[16] H. Wang, A. Prasad, P. Schoo, K. Bayarou, and S. Rohr, “Security mechanisms and security analysis: hotspot WLANs and inter-operator roaming,” in Vehicular Technology Conference, 2004. VTC 2004-Spring. 2004 IEEE 59th, May 2004, pp. 2492–2496.
延伸閱讀
- 王裕仁(2006)。應用代理人程式於資訊安全系統之整合防禦系統〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2006.00274
- 董展羽, C. Y. T. (2014). 下世代指向性毫米波媒體(MAC)資源分配最佳化 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2014.00339
- Ciou, J. Y. (2016). 基於軟體定義網路於內部網路下之有效反欺騙方法應用於分散式阻斷攻擊防護 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU201602212
- Liao, C. H. (2009). A Distributed Cooperative MAC Protocol in Wireless Networks [master's thesis, National Tsing Hua University]. Airiti Library. https://doi.org/10.6843/NTHU.2009.00635
- Wang, H. H. (2006). An Asynchronous MAC protocol for Wireless Sensor Networks [master's thesis, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917235135