適用於行動隨意網路之蟲洞攻擊入侵預防機制 劉邦正、曹偉駿

適用於行動隨意網路之蟲洞攻擊入侵預防機制 劉邦正、曹偉駿

E-mail: [email protected]

摘 要

近年來，無線隨意網路(Wireless Ad Hoc Networks)是越來越熱門的話題，它是點對點的傳輸模式，節點之間彼此透過無線 網路技術互相溝通，進而形成一個無線區域網路。目前已有文獻指出，此種架構下遭受到諸多的安全威脅，例如揭露位 置(Location Disclosure)、毒藥攻擊(Routing Table Poisoning)、或是蟲洞攻擊(Wormhole Attack)等。然而這些攻擊中，蟲洞攻 擊是較為嚴重的攻擊威脅，因為多數安全路由機制無法有效克服它。此種攻擊手法是透過兩個共謀的惡意節點，藉由較快 速傳輸方式以取得相對於正常路由更好的傳輸參數，進而控制某個區段環境下的路由運作，以便肆意的進行破壞或竊取機 密性資料。雖然目前已有眾多學者提出以入侵偵測的方法偵測蟲洞攻擊，但絕大多數的偵測機制均需仰賴特殊硬體設備、

消耗大量的系統資源或是設立一些不符合無線狀態下的假設。有鑑於此，本論文設計一個具有低系統資源需求的於行動隨 意網路入侵預防機制，使其能有效地躲避蟲洞攻擊。

關鍵詞 : 蟲洞攻擊 ; 行動隨意網路 ; 入侵預防 ; 網路安全

目錄

中文摘要　．．．．．．．．．．．．．．．．．．．．． iii 英文摘要　．．．．．．．．．．．．．．．．．．．．．

iv 誌謝辭　　．．．．．．．．．．．．．．．．．．．．．． v 內容目錄　．．．．．．．．．．．．．．．．．．．

．． vi 表目錄　　．．．．．．．．．．．．．．．．．．．．．． viii 圖目錄　　．．．．．．．．．．．．．．．．

．．．．．． ix 第一章　　緒論．．．．．．．．．．．．．．．．．．．． 1 　　第一節　　研究背景．．．．．．．

．．．．．．．．． 1 　　第二節　　研究動機與目的．．．．．．．．．．．．． 2 　　第三節　　研究流程．．．．

．．．．．．．．．．．． 3 　　第四節　　論文架構．．．．．．．．．．．．．．．． 4 第二章　　文獻探討．．．

．．．．．．．．．．．．．． 6 　　第一節　　現行無線區域網路通訊架構．．．．．．． 6 　　第二節　　MANETs 路由協定．．．．．．．．．．． 8 　　第三節　　MANETs環境下所遭遇的安全威脅．．．． 9 　　第四節　　現行偵 測ＭANETs蟲洞攻擊行為之相關研究．．．．．．．．．．．．．．．．．． 14 第三章　　低系統資源需求的行動隨意 網路之蟲洞攻擊 入侵預防機制．．．．．．．．．．．．．．． 22 　　第一節　　機制架構．．．．．．．．．．．．

．．． 22 　　第二節　　路由搜尋階段．．．．．．．．．．．．． 24 　　第三節　　基於輪盤選擇法之路由選擇階段

．．．．． 31 　　第四節　　路由建立與維護階段．．．．．．．．．． 34 第四章　　模擬與分析．．．．．．．．．

．．．．．．．．． 36 　　第一節　　軟硬體規格．．．．．．．．．．．．．．．． 36 　　第二節　　模擬測試工具

．．．．．．．．．．．．．．． 37 　　第三節　　模擬環境與結果．．．．．．．．．．．．．． 38 第五章　　成果 討論．．．．．．．．．．．．．．．．．． 42 第六章　　結論與未來發展方向．．．．．．．．．．．． 45 　　第一 節　　結論．．．．．．．．．．．．．．．．． 45 　　第二節　　未來發展方向．．．．．．．．．．．．． 45 參考 文獻　．．．．．．．．．．．．．．．．．．．．． 46

參考文獻

一、中文部份 曹偉駿，白浩廷(2007)，行動隨意網路之安全路由現況與趨勢，電信國家型科技計畫簡訊，國家科學委員會，20-25。 任 上鳴，賴溪松(2007)，無線隨意網路之蟲洞攻擊研究與防禦，第六屆離島資訊技術與應用研討會，132-140。 二、英文部份 Aad, I., Hubaux, J. P., & Knightly E. W. (2004). Denial of Service Resilience in Ad Hoc Networks. Proceedings of the 10th Annual International

Conference on Mobile Computing and Networking (pp. 202-215). USA: Philadelphia. Argyroudis, P. G., & O'Mahony, D. (2005). Secure Routing for Mobile Ad Hoc Networks. IEEE Communications Surveys & Tutorials, 7(3), 2-21. Banerjee, N., & Das, S. K. (2001). Fast Determination of QoS-Based Multicast Routes in Wireless Networks Using Genetic Algorithm. Proceedings of Computing and Communications Conference (pp.

2588-2592). Finland: Helsinki. Buttyfin, L., & Hubaux, J. P. (2003). Report on a Working Session on Security in Wireless Ad Hoc Networks.

Mobile Computing and Communications Review, 7(1), 74-94. Clausen, T., Jacquet, P., & Viennot, L. (2002). Comparative Study of Routing Protocols for Mobile Ad-Hoc Networks. Proceedings of the First Annual Mediterranean Ad Hoc Networking Workshop (pp. 10-18). Italy:

Sardegna. Corson, S., & Macker, J. (1999). In Internet RFC2501 Draft: Mobile Ad Hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations [Online]. Available: http://www.faqs.org/ftp/rfc/pdf/rfc2501.txt.pdf [2008, March 11]. Deng, H., Li, W.,

& Agrawal, D. P. (2002). Routing Security in Ad Hoc Networks. IEEE Communications Magazine, 40(10), 70-75. Djenouri, D., Khelladi, L., &

Badache, N. (2005). A Survey of Security Issues in Mobile Ad Hoc and Sensor Networks. IEEE Communications Surveys & Tutorials, 7(4), 2-28.

Gupta, V., Krishnamurthy, S., & Faloutsos, M. (2002). Denial-of-Service Attacks at the MAC Layer in Wireless Ad Hoc Networks. Proceedings of IEEE 2002 MILCOM (pp. 1118-1123). USA: Anaheim of California. Hu, L., & Evans, D. (2004). Using Directional Antennas to Prevent Wormhole Attacks. In Network and Distributed System Security Symposium (NDSS). USA: San Diego of California. Hu, Y. C., Perrig, A., &

Johnson, D. B. (2003). Packet Leashes: a Defense Against Wormhole Attacks in Wireless Networks. Twenty-Second Annual Joint Conference of the IEEE Computer and Communication Societies (pp. 1976-1986). USA: San Francisco. Hu, Y. C., Perrig, A., & Johnson, D. B. (2006). Wormhole Attacks in Wireless Networks. IEEE Journal on Selected Areas in Communications, 24(2), 370-380. Johnson, D. B., Maltz, D. A., Hu, Y., &

Jetcheva, J. G. (2002). IETF Internet Draft: The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR) [Online]. Available:

http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-07.txt[2008, March 11]. Kahn, R. E. (2003). The Organization of Computer Resources into a Packet Radio Network. IEEE Transactions on Communications, 25(1), 169-178. Khalil, I., Bagchi, S., & Shroff, N. B. (2007). LITEWORP:

Detection and Isolation of the Wormhole Attack in Static Multihop Wireless Networks. Computer Networks, 51(13), 3750-3772. Lazos, L., Poovendran, R., Meadows, C., Syverson, P., & Chang, L. W. (2005). Preventing Wormhole Attacks on Wireless Ad Hoc Networks: A Graph Theoretic Approach, Proceedings of 2005 IEEE Wireless Communications and Networking Conference (pp. 1193-1199). USA: Louisiana. Macker, J., & Corson, S. (1998). Mobile Ad Hoc Networking and the IEFE. ACM Mobile Computing and Communication Review, 2(1), 9-14. McCanne, S., & Floyd, S. (1997). NS-2 Network Simulator [Online]. Available: http://www.isi.edu/nsnam/ns [2008, February 11]. Mishra, A., Nadkarni, K., & Patcha, A. (2004). Intrusion Detection in Wireless Ad Hoc Networks. IEEE Transactions on Wireless Communications, 11(1), 48-60.

Murphy, S. (2002). IETF Internet Draft: Routing Protocol Threat Analysis [Online]. Available: http://www.ietf.org/ internet- drafts / draft-murphy-threat-00.txt [2007, January 11]. Perkins, C. E., & Bhagwat, P. (1994). Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers. Proceedings of the SIGCOMM’94 Conference on Communications Architecture Protocols and Applications (pp. 234-244). UK: London. Perkins, C. E., & Royer, E. M. (2003). IETF Internet RFC 3561 Draft: Ad Hoc On-Demand Distance Vector (AODV) Routing [Online]. Available: http://www.ietf.org/rfc/rfc3561.txt [2008, May 26]. PSPad. (2008). PSPad-Text and Code Editor [Online]. Available: http://www.pspad.com/ [2008, February 11]. Qian, L., Song, N., & Li, X. (2007). Detection of Wormhole Attacks in Multi-path Routed Wireless Ad Hoc Networks: A Statistical Analysis Approach. Journal of Network and Computer Applications, 30(1), 308-330.

Raymond, J. F. (2000). Traffic Analysis: Protocols, Attacks, Design Issues and Open Problems. Proceedings on Workshop Design Privacy Enhancing Technologies: Issues in Anonymity and Unobservability (pp. 7-26). USA: California. Roy, A., Banedee, N., & Das, S. K. (2002). An Efficient Multi-Objective QoS-Routing Algorithm for Wireless Multicasting. Proceedings of Vehicular Technology Conference (pp. 1160-1164).

UK: Birmingham. Royer, E. M., & Toh, C. K. (1999). A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks. IEEE Wireless Communications, 6(2), 46-55. Song, N., Qian, L., & Li, X. (2005). Wormhole Attacks Detection in Wireless Ad Hoc Networks: A

Statistical Analysis Approach. Proceedings on 19th IEEE International Parallel and Distributed Processing Symposium (pp. 289-298). USA: Denver of Colorado. Stajano, F., & Anderson, R. (1999). The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. Proceedings of 7th International Workshop in Computer Science (pp. 172-182). USA: Anderson. Toh, C. K. (2002). Ad Hoc Mobile Wireless Networks: Protocols and Systems. Prentic-Hall. Tran1, P. V., Hung, L. X., Lee, Y. K., Lee, S., & Lee, H. (2007). TTM:An Efficient Mechanism to Detect Wormhole Attacks in Wireless Ad-hoc Networks. Proceedings of the 4th IEEE Consumer Communications and Networking Conference (pp. 593-598). USA:

Las Vegas. Tsaur, W. J., & Pai, H. T. (2007). A New Security Scheme for On-Demand Source Routing in Mobile Ad Hoc Networks. Proceedings of the 2007 International Conference on Wireless Communications and Mobile Computing (pp. 577-582). USA: Hawaii. Wang, S., Tao, R., Wang, Y., & Zhang, J. (2003). WLAN and It's Security Problems. Proceedings of the Fourth International Conference on Parallel and Distributed Computing (pp. 241-244). China: Chengdu. Wang, W., & Bhargava, B. (2004). Visualization of Wormholes in Sensor Networks. Proceedings of the 3rd ACM Workshop on Wireless Security (pp. 51-60). USA: Philadelphia. Weichao, W., Bhara, B., Lu, Y., & Wu, X. (2006). Defending Against Wormhole Attacks in Mobile Ad Hoc Networks. Wiley Journal on Wireless Communications and Mobile Computing, 6(4), 483-503. Weile, D. S.,

& Michielssen, E. (1997). Genetic Algorithm Optimization Applied to Electromagnetics: A Review. IEEE Transactions on Antennas and Propagation, 45(3), 343-353. Wu, J., & Stojmenovic, I. (2004). Ad Hoc Networks. Computer, 37(2), 29-31. Yang, H., Luo, H., Ye, F., Lu, S., &

Zhang, L. (2004). Security in Mobile Ad Hoc Networks: Challenges and Solutions. IEEE Transactions on Wireless Communications, 11(1), 38-47.

Yen, Y. S, Chan, Y. K., Chao, H. C., & Park, J. H. (2008). A Genetic Algorithm for Energy-Efficient Based Multicast Routing on MANETs.

Journal of Computer Communications, 31(10), 2632-2641. Zhang, Y., & Lee, W. (2000). Intrusion Detection in Wireless Ad Hoc Networks.

Proceedings of 6th International Conference on Mobile Computing and Networks (pp. 275-283). USA: Boston of Massachusetts. Zhen, J., &

Srinivas, S. (2003). Preventing Replay Attacks for Secure Routing in Ad Hoc Networks. Proceedings of 2nd Ad Hoc Networks & Wireless (pp.

140-150). Canada: Montreal.