针对移动IPv6环境下DoS攻击的改进SEND协议

2009 IEEE International Conference on Network Infrastructure and Digital Content Pub Date : 2009-12-31 DOI:10.1109/ICNIDC.2009.5360962

Meigen Huang, Jianrong Liu, Yunjie Zhou

{"title":"针对移动IPv6环境下DoS攻击的改进SEND协议","authors":"Meigen Huang, Jianrong Liu, Yunjie Zhou","doi":"10.1109/ICNIDC.2009.5360962","DOIUrl":null,"url":null,"abstract":"Neighbor Discovery protocol can be used to communicate between neighboring nodes in the Mobile IPv6 environment. For a secure Neighbor Discovery protocol, the IETF SEND working group standardized a Secure Neighbor Discovery protocol, and a Cryptographically Generated Address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, Denial-of-Service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of Secure Neighbor Discovery protocol in Mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.","PeriodicalId":127306,"journal":{"name":"2009 IEEE International Conference on Network Infrastructure and Digital Content","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"An improved SEND protocol against DoS attacks in Mobile IPv6 environment\",\"authors\":\"Meigen Huang, Jianrong Liu, Yunjie Zhou\",\"doi\":\"10.1109/ICNIDC.2009.5360962\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Neighbor Discovery protocol can be used to communicate between neighboring nodes in the Mobile IPv6 environment. For a secure Neighbor Discovery protocol, the IETF SEND working group standardized a Secure Neighbor Discovery protocol, and a Cryptographically Generated Address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, Denial-of-Service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of Secure Neighbor Discovery protocol in Mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.\",\"PeriodicalId\":127306,\"journal\":{\"name\":\"2009 IEEE International Conference on Network Infrastructure and Digital Content\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 IEEE International Conference on Network Infrastructure and Digital Content\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICNIDC.2009.5360962\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IEEE International Conference on Network Infrastructure and Digital Content","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNIDC.2009.5360962","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

在移动IPv6环境下，邻居发现协议可以用于相邻节点之间的通信。对于安全邻居发现协议，IETF SEND工作组标准化了安全邻居发现协议和加密生成地址协议。通过增加RSA签名选项和CGA参数选项，可以为邻居发现协议提供安全功能。但是仍然有针对SEND本身的攻击，特别是拒绝服务攻击。由于CGA验证会消耗大量的计算资源，攻击者可能会伪造大量的攻击数据包，导致节点资源耗尽。为了在移动IPv6环境下提供安全邻居发现协议的安全保障，我们提出了一种机制，通过在CGA验证之前添加一组消息交互来防止SEND受到部分DoS攻击，而不需要认证机构或任何安全基础设施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

An improved SEND protocol against DoS attacks in Mobile IPv6 environment

Neighbor Discovery protocol can be used to communicate between neighboring nodes in the Mobile IPv6 environment. For a secure Neighbor Discovery protocol, the IETF SEND working group standardized a Secure Neighbor Discovery protocol, and a Cryptographically Generated Address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, Denial-of-Service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of Secure Neighbor Discovery protocol in Mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 IEEE International Conference on Network Infrastructure and Digital Content

自引率

0.00%

发文量

期刊最新文献

A novel web page duplication detection framework A new generation process of conceptual architecture based on component The implementation and comparison analysis of subtree filtering and Xpath capability in NETCONF Single image defogging Multiple description coding for wideband audio signal transmission