跳到主要內容

臺灣博碩士論文加值系統

(44.192.95.161) 您好!臺灣時間:2024/10/16 03:56
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:許安迪
研究生(外文):An-Ti Hsu
論文名稱:Wi-Fi定位欺騙攻擊及認證協定之研究
論文名稱(外文):The Research on Wi-Fi Positioning Spoofing Attacks and Authentication Protocols
指導教授:林峻立林峻立引用關係
指導教授(外文):Chun-Li Lin
學位類別:碩士
校院名稱:樹德科技大學
系所名稱:資訊工程系碩士班
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2016
畢業學年度:104
語文別:中文
論文頁數:50
中文關鍵詞:Wi-Fi定位欺騙攻擊認證協定
外文關鍵詞:Wi-Fi PositioningSpoofing AttackAuthentication Protocol.
相關次數:
  • 被引用被引用:0
  • 點閱點閱:152
  • 評分評分:
  • 下載下載:14
  • 收藏至我的研究室書目清單書目收藏:0
現今的科技、行動技術發展迅速,一支手機就擁有許多功能可以滿足不同需求,而在早期沒有考量到的安全機制,在先進的科技面前變成了明顯的漏洞,Wi-Fi定位就出現了此問題,Wi-Fi定位是除了GPS以外的輔助定位,透過周圍Access Point(AP)的MAC位址(Media Access Control Address)當作依據,可以減少定位時間也可以增加定位的精確度,而手機程式可以輕鬆擷取Wi-Fi AP的MAC位址,網路上的公開Wi-Fi AP的MAC位址地圖也可以輕易地查詢,使攻擊者能夠容易收集MAC位址,且目前的Wi-Fi定位沒有認證的機制,在Wi-Fi定位時,Wi-Fi定位系統伺服端沒有認證Wi-Fi AP身分的情況下,使偽冒的Wi-Fi AP或者MAC位址…等的欺騙攻擊容易成功,Wi-Fi定位系統伺服端無法認證偽冒Wi-Fi AP的真實身分,欺騙攻擊將無法預防、防止,讓攻擊者輕易的欺騙Wi-Fi定位系統伺服端的認證而偽造出真實的地理位置。

本論文提出了一個結合密碼學系統和搭載DD-WRT額外韌體的Wi-Fi AP的認證協定,防止Wi-Fi定位欺騙攻擊之認證協定,認證協定分為三個階段:1.註冊階段、2.檢核階段、3.定位認證階段,在註冊階段中,主要是為了讓Wi-Fi AP能夠向Wi-Fi定位系統伺服端註冊自己的身分,Wi-Fi AP要製造一把金鑰,以及將金鑰交給Wi-Fi定位系統伺服端儲存,形成對稱式金鑰的加密方法,在往後認證協定需要認證身分時,讓Wi-Fi AP可以使用金鑰回應(Response)Wi-Fi定位系統伺服端的挑戰(Challenge);在檢核階段中,因為剛註冊的Wi-Fi AP不能立即使用於Wi-Fi定位服務上,所以需要一個檢核的步驟讓註冊的Wi-Fi AP檢核通過,以便在未來可以使用在Wi-Fi定位服務上,通過檢核的方法是利用計數的方式,讓使用者同意Wi-Fi定位系統伺服端存取資訊權限,以資料匿名的方式傳送收集,每筆資料依次計數,當計數的數量通過門檻後,Wi-Fi定位系統伺服端就會將Wi-Fi AP檢核通過,當Wi-Fi AP在Wi-Fi定位系統伺服端資料庫中的資訊就可以使用於Wi-Fi定位服務上;在定位認證階段中,主要功能是在Wi-Fi定位時,認證Wi-Fi AP的身分,當Wi-Fi AP可以被認證身分後,防止欺騙攻擊會變得簡單,偽冒的Wi-Fi AP或者MAC位址的欺騙攻擊將會變得困難;因Wi-Fi AP有了金鑰可以認證身分與MAC位址有了認證的方法,Wi-Fi定位系統伺服端就可以認證Wi-Fi AP或MAC位址的真偽,使偽冒的Wi-Fi AP無法利用收集的MAC位址做欺騙攻擊。接著我們發現在移動Wi-Fi AP的情況下(例如從高雄移動到台北),認證協定將會有認證錯誤的可能,因此做了修正與改進,我們在認證協定中,我們讓使用者的程式多提供一些資訊,以便我們能夠確認Wi-Fi AP確切的地理位置,讓認證協定變得更完整。


Mobile phone technology is developing rapidly and it has many features to meet different needs. However, in the early stage no consideration to security mechanisms become obvious vulnerability. Wi-Fi positioning produced a problem. Wi-Fi positioning is based on the Media Access Control Address (MAC address) of the Access Point (AP), which can reduce positioning times and improve accuracy. However, the mobile phone apps can easily retrieve the MAC address of the AP and on the internet can also easily search public Wi-Fi AP''s MAC address map. it will be easier to collect by attacker, and Wi-Fi positioning is no authentication protocol to make spoofing attacks easily successful and easily forged real location. In this paper, we propose a combination of cryptographic systems and additional DD-WRT firmware AP, and named Authentication Protocol of Prevent Wi-Fi Positioning Spoofing Attacks. Since the MAC address with the authentication process, the server will be able to authentication the data that an attacker cannot use the collected MAC address to spoofing attacks.

In this paper, we propose a Authentication protocol, it is combination of cryptographic systems and Wi-Fi AP equipped with DD-WRT firmware, Authentication protocol to Prevent Wi-Fi positioning spoofing attack, The Authentication protocol have three phase: 1. Registration Phase, 2. Examination Phase, 3. Positioning Authentication Phase, In Registration Phase, Mainly to be able to make Wi-Fi AP to Wi-Fi positioning system server to register their identity, Wi-Fi AP to generate a key, and the key to the Wi-Fi Positioning System server storage, the formation of symmetric key encryption method in the next authentication protocol requires authentication identity, Wi-Fi AP can use the key Response Wi-Fi positioning system server Challenge; In Examination Phase, because Wi-Fi AP did not pass examination, it is not using on the Wi-Fi positioning services. Pass Examination phase method is the use of counting, allowing users to agree to Wi-Fi positioning system server authority to collect information, The information collected is anonymous, Each a collection of information, the count will increase, When the count number reaches the threshold, Wi-Fi AP will pass Examination phase, The Wi-Fi AP information can be used for Wi-Fi positioning system server database, it can be used in Wi-Fi positioning services, In Positioning Authentication Phase, Mainly in the Wi-Fi Positioning, Wi-Fi positioning system server can authenticate the identity of the Wi-Fi AP, When the Wi-Fi AP can be authenticated identity, prevent spoofing attacks will become simple, The forged Wi-Fi AP or MAC address spoofing attacks will become difficult; Because Wi-Fi AP has a key, identity and MAC address can be authenticated, Wi-Fi positioning system server can be certified Wi-Fi AP or MAC address authenticity, Make forged Wi-Fi AP cannot using collected "MAC address" to spoofing attacks. However, when the Wi-Fi AP are moved (e.g. Kaohsiung to Taipei), Authentication protocol will have the possibility of authentication error. Thus, the authentication protocol will be improved. In improved authentication protocol, we let the user’s application provide more information. To confirm Wi-Fi AP exact location, authentication protocol will become more complete.


摘要 I
ABSTRACT II
誌謝 IV
目錄 V
表目錄 VII
圖目錄 VIII
一、 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究目的 2
1.4 論文架構 3
二、 Wi-Fi定位系統 5
2.1 Wi-Fi定位系統資料庫 5
2.1.1 資料庫建立 6
2.1.2 資料庫更新 7
三、 Wi-Fi定位欺騙攻擊 9
3.1 收集MAC位址 11
3.2 查詢經緯度 12
3.3 欺騙攻擊 14
四、 防止Wi-Fi定位欺騙攻擊之認證協定 15
4.1 簡介 15
4.2 擴充韌體DD-WRT 15
4.3 防止 Wi-Fi 定位欺騙攻擊之認證協定 15
4.3.1 註冊階段(Registration Phase) 17
4.3.2 檢核階段(Examination Phase) 21
4.3.3 定位認證階段(Positioning Authentication Phase) 27
4.3.4 安全分析 30
五、 防止Wi-Fi Access Point移動欺騙攻擊定位之認證協定 33
5.1 Wi-Fi Access Point移動 33
5.2 防止Wi-Fi Access Point移動欺騙攻擊定位之認證協定 33
5.2.1 註冊階段(Registration Phase) 34
5.2.2 檢核階段(Examination Phase) 37
5.2.3 定位認證階段(Positioning Authentication Phase) 42
5.2.4 安全分析 46
六、 結論與未來研究 47
6.1 結論 47
6.2 未來研究 47
參考文獻 48
簡歷 50


[1]Curran, Kevin, et al., “An evaluation of indoor location determination technologies.,” Journal of Location Based Services, vol. 5,no. 2, pp. 61-78, 2011.
[2]Sebastian Anthony, Think GPS is cool? IPS will blow your mind, (http://www.extremetech.com/extreme/126843-think-gps-is-cool-ips-will-blow-your-mind), 2012
[3]改善定位精確度- Google 地圖行動版說明, (https://support.google.com/maps/answer/2839911?hl=zh-Hant&ref_topic=3137371&co=GENIE.Platform%3DAndroid&oco=1)
[4]Wikipedia, Google Play, (https://en.wikipedia.org/wiki/Google_Play)
[5]WiGLE: Wireless Network Mapping (https://wigle.net/)
[6]William Stallings(2005). Cryptography and Network Security Principles and Practices, Fourth Edition. United States: Prentice Hall.
[7]William Stallings, Cryptography and Network Security Principles and Practices, United States: Prentice Hall, 2005.
[8]Shaolin, Wi-Fi positioning system 欺騙 (1), (http://tech.shaolin.tw/posts/2013/07/13/wi-fi-pos itioning-system-spoofing-1), 2013
[9]Shaolin, Wi-Fi positioning system 欺騙 (2), (http://tech.shaolin.tw/posts/2013/08/05/wi-fi-pos itioning-system-spoofing-2), 2013
[10]Halevi, Shai, and Hugo Krawczyk., “Public-key cryptography and password protocols.,” Journal of ACM Transactions on Information and System Security (TISSEC), vol. 2, no. 3, pp. 230-268., 1999.
[11]DD-WRT (https://en.wikipedia.org/wiki/DD-WRT)
[12]ADMIN, What is firmware?, (http://incepator.pinzaru.ro/software/what-is-firmware/), 2013.
[13]Wikipedia, Wi-Fi positioning system, (https://en.wikipedia.org/wiki/Wi-Fi_positioning_ system)
[14]Oguejiofor, O. S., et al., “Trilateration based localization algorithm for wireless sensor network..,” International Journal of Science and Modern Engineering (IJISME), vol. 1, no. 10, pp. 21-27., 2013.
[15]Han, Guangjie, et al., “Path planning using a mobile anchor node based on trilateration in wireless sensor networks.,” Wireless Communications and Mobile Computing, vol. 13, no. 14, pp. 1324-1336., 2013.
[16]Thorsten Vaupel, Jochen Seitz, Frédéric Kiefer, Stephan Haimerl and Jörn Thielecke. “Wi-Fi Positioning: System Considerations and Device Calibration.,” IEEE In Indoor Positioning and Indoor Navigation (IPIN) International Conference, pp. 1-7., 2010.
[17]He, Suining, and S-H. Gary Chan. “Wi-Fi fingerprint-based indoor positioning: Recent advances and comparisons.,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 466-490., 2016.
[18]Han, Dongsoo, Byeongcheol Moon, and Giwan Yoon. “Address-based crowdsourcing radio map construction for Wi-Fi positioning systems.,” IEEE Indoor Positioning and Indoor Navigation (IPIN) International Conference, pp. 58-67., 2014.
[19]Warner, Jon S., and Roger G. Johnston. “GPS spoofing countermeasures.,” Homeland Security Journal, vol. 25, no. 2, pp. 19-27., 2003.
[20]Google Europe Blog: Data collected by Google cars, (http://googlepolicyeurope.blogspot.tw/2010/04/data-collected-by-google-cars.html), 2010.
[21]Google Maps Geolocation API, (https://developers.google.com/maps/documentation/geolocation/intro#wifi_access_point_object)
[22]Wikipedia, JSON, (https://en.wikipedia.org/wiki/JSON)
[23]cURL (https://curl.haxx.se)
[24]RADIOUS(https://zh.wikipedia.org/wiki/RADIUS)
[25]DD-WRT.com (http://www.dd-wrt.com/site/support/router-data base)
[26]Steve Heath, Embedded Systems Design,
[27]Kaur, Navjot, and Himanshu Aggarwal. “Web log Analysis for Identifying the number of visitors and their Behavior to Enhance the Accessibility and Usability of Website.,” International Journal of Computer Applications, vol. 110, no. 4, 2015.
[28]Kuhn, D. Richard, et al. “Introduction to public key technology and the federal PKI infrastructure.,” National Inst of Standards and Technology Gaithersburg MD, 2001.
[29]水中落葉, Google Maps定位的原理, (http://fallenleaf.csie.org/blog/2011/07/02/260), 2011
[30]郭文中,朱育萱. “無需驗證表的多伺服器認證協定之安全性分析與改良.,” 全國資訊安全會議. 中華民國資訊安全學會, pp. 151-156., 2010.


QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top