( 您好!臺灣時間:2022/05/20 11:07
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::


研究生(外文):Shih-Hsien Chan
論文名稱(外文):IP Traceback Mechanism of IDS System
外文關鍵詞:IP traceback
  • 被引用被引用:0
  • 點閱點閱:210
  • 評分評分:
  • 下載下載:31
  • 收藏至我的研究室書目清單書目收藏:3
近年來由於網路攻擊手法不斷更新,使得網路安全遭受到更嚴厲的挑戰;雖然目前有各種防制方法被提出,但大部分只能達到被動式的防禦功能;要能夠嚇阻駭客發動網路攻擊的做法之一,就是設計一有效找出攻擊來源的方法(我們稱之為IP traceback),藉此找到發動攻擊的駭客,加以法律或道德的制裁,使他們在發動攻擊時會有所顧忌,而不會任意的發動攻擊。

然而,IP traceback目前最困難的地方就是駭客可以輕易地偽造封包的IP來源位址,使得無法就封包的IP來源位址判斷真正的攻擊來源;針對IP來源位址被假冒的問題,有一種解決方式就是當封包經過其邊界路由器(Egress Router)時,由該路由器對此封包作簽章,之後當攻擊行為發生時,就可藉由驗證這些攻擊封包的簽章資訊,找到發動攻擊的來源處。

本論文將利用橢圓曲線密碼系統(elliptic curve cryptosystems)的身份碼簽章(identity-based signatures)技術,在Linux平台上實作一以IP位址為驗證公鑰之封包簽章機制(IP-Based Packet Signature,簡稱IPBPS)。在路由器上執行簽章勢必降低封包轉送的效率,因此本論文將結合”網路型入侵偵測系統(Network-based Intrusion Detection System,簡稱NIDS)”,當NIDS偵查到可疑封包時,即發送命令要求邊界路由器對那些可疑封包執行簽章,而在受害者端NIDS可透過驗證封包上的簽章,找到攻擊封包的來源位址。
Since network attacking technique keep renewing quickly everyday, the network safely is now facing a serious challenge. Although there are many ideas and methods being suggested to protect the network security, however, most of these methods could only achieve the purpose of passive protection. In order to stop these attacks from their unacceptable behavior, a better method must be use. For example, one of the methods is to identifying the actual source of attack packet sent across the Internet, by using the technology call “IP traceback”. As a result, these attacks can be catch immediately. By using “IP traceback”, people will behave themselves because the law will give attacker proper judgments, and therefore, the chances of network attacking will be reduce.

However, the most difficulty of “IP traceback” is that attacker can create a fake source address. As a result, “IP traceback” is unable to detect the attacker’s proper location by packet’s source address. To solve fake source address problem, we use an egress router to assign a signature. When discovery attack behavior, people can to test and verify packet’s signature, and therefore, attacker’s original location will be found.

In this paper will use the identity-based signatures technique based on elliptic curve cryptosystems, make a packet signature mechanism which verify use the common IP address to perform in Linux system (IP-Based Packet Signature, abbreviated as IPBPS). Will carry out the signature on the router inevitably to reduce the efficiency, therefore this system will unify “Network-based Intrusion Detection System” (abbreviated as NIDS).

When NIDS is investigated to the suspicious package, namely send the order and require Egress router to carry out stamped signature to those pass packages. We can find the attacker’s original location through verifying the stamped signature on the package in the victim''s NIDS.
中文摘要 iii
英文摘要 iv
目錄 v
圖目錄 vii
表目錄 ix
一、緒論 1
1.1 研究動機 1
1.2 相關研究 2
1.2.1 Link testing 3
1.2.2 Logging 4
1.2.3 Packet marking 5
1.2.4 ICMP Traceback(iTrace) 8
1.3 研究目的 9
1.4 論文架構 11
二、背景知識 13
2.1 橢圓曲線密碼系統(Elliptic Curve Cryptosystems) 13
2.1.1 橢圓曲線定義 13
2.1.2 橢圓曲線運算規則 16
2.2 橢圓曲線的Weil Pairing特性 17
2.2.1 非退化的雙線性配對(Nondegenerate Bilinear Pairing) 17
2.2.2 Weil Pairing 18
2.2.3 計算Weil Pairing 19
三、入侵偵測系統之IP回溯系統概觀 20
3.1 系統架構 20
3.1.1 符號說明 21
3.1.2 私鑰產生中心(Private Key Generator, PKG) 22
3.1.3 邊界路由器(Edge Router, ER) 22
3.1.4 驗證者(Verifier, VER) 23
3.2 系統運作概觀 23
四、各元件運作原理 27
4.1 私鑰產生中心(Private Key Generator, PKG) 27
4.2 邊界路由器(Edge Router, ER) 28
4.3驗證者(Verifier, VER) 32
五、分析與討論 36
六、結論與未來研究方向 37
參考文獻 38
[1] C. Dembeck, “E-Commerce Cites Crippled by Hacker Sabotage”, February 2000. http://newsfactor.com/perl/story/2466.html.
[2] L. Garber, “Denial-of-Service Attacks Rip the Internet”, Computer, Apr 2000, pp.12-17.
[3] R. Stone, “CenterTrack: An IP Overlay Network for Tracking DoS Floods”, Proc. 9th Usenix Security Symp., Usenix Assoc., 2000, pp.199-212.
[4] H. Burch, B. Cheswick, “Tracing Anonymous Packets to Their Approximate Source”, Unpublished paper, December 1999.
[5] A.C. Snoeren, C. Partridge, L.A. Sanchez, C.E. Jones, “Hash-Based IP Traceback”, SIGCOMM’01, Aug 2001, pp.27-31.
[6] D. Dean, M. Franklin, A. Stubblefield, “An Algebraic Approach to IP Traceback”, Information and System Security, 2001.
[7] S. Savage, D. Wetherall, A. Karlin, T. Anderson, “Practical Network Support for IP Traceback”, Department of Computer Science and Engineering, 2000.
[8] D.X. Song, A. Perring, “Advanced and Authenticated Marking Schemes for IP Traceback”, SIGCOMM, Jun 2000.
[9] S. Bellovin, “Internet Draft: ICMP Traceback Messages”, Aug 2003.
[10] T.W. Doeppner, P.N. Klein, A. Koyfman, “Using Router Stamping to Identify the Source of IP Packets”, CCS’00, 2000.
[11] A. Belenky, N. Ansari, “IP Trackback With Deterministic Packet Marking”, IEEE Communication Letters, Apr 2003.
[12] M.T. Goodrich, “Efficient Packet Marking for Large-Scale IP Traceback”, CCS’02, Nov 2002, pp.18-22.
[13] K. Park, H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack”, IEEE INFOCOM, 2001, pp.338-347.
[14] K.T. Law, J.C.S. Lui, D.K.Y. Yau, “You Can Run, But You Can’t Hide: An Effective Methodology to Traceback DDoS Attackers”, MASCOTS’02, 2002.
[15] M. Waldvogel, “GOSSIB vs. IP Traceback Rumors”, ACSAC’02, 2002.
[16] T. Baba, S. Matsuda, “Tracing Network Attacks to Their Sources”, IEEE Internet Computing, Mar 2002, pp.20-26.
[17] A. Mankin, D. Massey, “On Design and Evaluation of “Intention-Driven” ICMP Traceback”, IC3N''2001, Oct 2001.
[18] D. Boneh and M. Franklin,” Identity-Based Encryption from the Weil pairing”, in Proc. Crypto 2001, LNCS Vol. 2139, Springer, 2001, pp.213-229.
[19] D. Boneh and M. Franklin,” Identity-Based Encryption from the Weil pairing”, full version, available from http://crypto.stanford.edu/dabo/abstracts/ibe.html.
[20] R. Sakai, K. Ohgishi, M. Kasahara, “Cryptosystems based on pairing”, SCIS’00, Jan 2000, pp.26-28.
[21] D. Boneh, M. Franklin, H Shacham, “Short signatures from the weil pairing”, in Proc. AsiaCrypt 2001, LNCS Vol. 2248, Springer, 2001, pp.514-532.
[22] S.D. Galbraith, “Supersingular curves in cryptography”, in Proc. AsiaCrypt 2001, LNCS Vol. 2248, Springer, 2001, pp.495-513.
[23] K.G. Paterson, “ID-based Signatures from Pairings on Elliptic Curves”, Electronics Letters 38(18), 2002, pp.1025-1026.
[24] F. Hess, “Exponent group signature schemes and efficient identity based signature schemes based on pairings”, Available form http://eprint.iacr.org, 2002.
[25] N.P. Smart, “Identity-based authenticated key agreement protocol based on Weil pairing”, Electronic Letters, vol. 38, No.13, pp.630-632, 2002.
[26] RFC760 “DoD standard Internet Protocol”, Jan 1980.
[27] P. Ferguson and D. Senie, “Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing”, RFC 2827, May 2000.
[28] O. Spatscheck and L. Peterson, “Defending Against Denial of Service Attacks in Scout”, 1999 USENIX/ACM Symposium on Operating System Design and Implementation, Feb 1999, pp. 59-72.
[29] TCP Intercept, http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/
[30] M. Soshi, “Efficient and Robust IP Traceback”, http://www.jaist.ac.jp/is/GRP/Projects/
[31] H. Hazeyama, M. Oe and Y. Kadobayashi, "A Layer-2 Extension to Hash-based IP Traceback", In 1st International Forum on Information and Computer Science (IFICT 2003), Jan 2003.
[32] N. Nishio, N. Harashima, H. Tokuda, “Reflective Probabilistic Packet Marking Scheme for IP Traceback”, IPSJ Journal Abstract Vol.44 No.08 – 004, 2002.
[33] L. Jenshiuh, L. Zhi-Jian and C. Yeh-Ching, "Efficient Dynamic Probabilistic Packet Marking for IP Traceback", Proceedings of 11th IEEE International Conference on Network, pp. 475-480, Sep 2003.
[34] W. Yu, L.Y. Chao, Z.X. Shong, Z.J. Zhi, “A Method of IP Traceback for DOS”, IEEE, 2003.
[35] K.T Law, C.S. Lui, K.Y. Yau, “You Can Run, But You Can’t Hide: An Effective Methodology to Traceback DDoS Attackers”, MASCOTS, 2002.
[36] A. Belenky, N. Ansari, S. Member, “IP Traceback With Deterministic Packet Marking”, IEEE Communications Letters Vol. 7 No. 4, APR 2003.
[37] S. Matsuda, T. Baba, A. Hayakawa, “Design and Implementation of Unauthorized Access Tracing System”, SAINT, 2002.
[38] A. Belenky, N. Ansari, N. Jersey, “On IP Traceback”, IEEE Communications Magazine, JUL 2003.
第一頁 上一頁 下一頁 最後一頁 top