Detection and Prevention of Distributed Denial-of-Service on WiMAX Environment 白宗祐、林清同

Detection and Prevention of Distributed Denial-of-Service on WiMAX Environment 白宗祐、林清同

E-mail: [email protected]

ABSTRACT

IEEE announces 802.16 standards in A.D. 2001, but WiMAX safe and normal core is the layer of something small and hard of security based on MAC one floor of communication protocol, but the hacker can still bring in and join with the user terminal by force through setting up the hostile base platform, this is a problem that must be solved further under the environment of WiMAX.

The attacking way of DDoS will be spread to disturbed form the invader can control several zombies to lanch an attack to target server at the same time. In this study we will use VI as confirm’s mark preventing the DDoS attack that Mobile WiMAX internet may take in. We will compare using VI mechanism system to no-using VI mechanism system, and then observe that how use VI can decrease the system’s afford under DDoS attack.

Keywords : WiMAX ; DDoS ; zombies

Table of Contents

中文摘要　．．．．．．．．．．．．．．．．．．．．． iii 英文摘要　．．．．．．．．．．．．．．．．．．．．．

iv 誌謝辭　　．．．．．．．．．．．．．．．．．．．．． v 內容目錄　．．．．．．．．．．．．．．．．．．．．

． vi 表目錄　　．．．．．．．．．．．．．．．．．．．．． viii 圖目錄　　．．．．．．．．．．．．．．．．．．

．．． ix 第一章　　緒論．．．．．．．．．．．．．．．．．．． 1 　　第一節　　研究背景．．．．．．．．．．．

．．．． 1 　　第二節　　研究動機．．．．．．．．．．．．．．． 4 　　第三節　　研究目的．．．．．．．．．．

．．．．． 7 第二章　　文獻探討．．．．．．．．．．．．．．．．． 8 　　第一節　　WiMAX的安全性 ．．．．．

．．．．．． 8 　　第二節　　802.16 D3版本的安全機制 ．．．．．．． 11 　　第三節　　DDoS攻擊概述 ．．．．．

．．．．．．． 16 　　第四節　　D DDoS攻擊體系結構 ．．．．．．．．． 18 　　第五節　　DDoS攻擊工作原理分 析 ．．．．．．．． 21 　　第六節　　攻擊步驟．．．．．．．．．．．．．．． 21 　　第七節　　DDoS攻擊類型與 分析 ．．．．．．．．． 23 　　第八節　　DDoS攻擊工具分析 ．．．．．．．．．． 24 　　第九節　　常見DDoS攻 擊 ．．．．．．．．．．．． 27 　　第十節　　DDoS的發展 ．．．．．．．．．．．．． 27 　　第十一節　Idle模式 和Location Update ．．．．．．． 29 　　第十二節　BS和ASN GW上的DDoS攻擊 ．．．．． 29 　　第十三節　NS-2模 擬WiMAX環境 ．．．．．．．． 31 　　第十四節　設計NIST WiMAX模組架構 ．．．．．． 33 　　第十五節

　WiMAX模擬設計 ．．．．．．．．．．． 37 第三章　　WiMAX環境下防禦DDoS攻擊 ．．．．．．． 42 　　第一節 　　引言．．．．．．．．．．．．．．．．． 42 　　第二節　　VERIFY INFORMATION ．．．．．．．． 42 第四 章　　模擬和分析．．．．．．．．．．．．．．．． 45 　　第一節　　模擬概述．．．．．．．．．．．．．．． 45 　　第二節　　NS2模擬DDoS攻擊．．．．．．．．．． 49 　　第三節　　VERIFY INFORMATION過程 ．．．．．

． 51 第五章　　結論與研究建議．．．．．．．．．．．．．． 34 　　第一節　　結論．．．．．．．．．．．．．．

．．． 53 　　第二節　　後續研究建議．．．．．．．．．．．．． 53 參考文獻　．．．．．．．．．．．．．．．．

．．．．． 54 表目錄 表 1- 1 無線網路技術比較表．．．．．．．．．．．．． 2 表 2- 1 無線網路比較表．．．．．．．

．．．．．．．． 13 表 2- 2 DDoS攻擊所採用的協定類型分散圖 ．．．．．． 17 表 2- 3 常見DDoS攻擊 ．．．．．．．

．．．．．．．． 27 表 2- 4 國內外WiMAX MAC模擬模組功能比較表．．．． 32 表 2- 5 NIST WiMAX模組功能表整理

．．．．．．．．． 33 圖目錄 圖 2- 1 直接攻擊．．．．．．．．．．．．．．．．．．． 19 圖 2- 2 反射攻擊．．．．

．．．．．．．．．．．．．．． 20 圖 2- 3 Trin00運作原理圖 ．．．．．．．．．．．．．． 26 圖 2- 4 NIST 802.16 MAC NS-2物件類別圖 ．．．．．．． 34 圖 2- 5 NIST 802.16 MAC NS-2訊框結構關係圖 ．．．．． 35 圖 2- 6 NIST WiMAX NS-2各封包流入流出處理流程 ．．． 37 圖 2- 7 CGU-III WiMAX模組系統架構圖 ．．．．．．．． 38 圖 2- 8 CGU-III WiMAX模組關係圖 ．．．．．．．．．． 40 圖 3- 1 驗證資訊的過程．．．．．．．．．．．．．．．． 43 圖 4- 1 模擬流程示意圖．．．．．．．．．．．．．．．． 48 圖 4- 2 系統遭受DDoS攻擊流量示意圖 ．．．．．．．．．

50 圖 4- 3 遭受疑似攻擊啟動防禦機制 ．．．．．．．．．． 51 REFERENCES

Beomjoon, K., Jaesung, P., & Yong-Hoon, C. (2006). Power saving mechanisms of IEEE 802.16e: Sleep mode v.s. idle mode. Computer Science,

4331, 142-149. Burness, A. L. (2005). Mobility, wireless and QoS. BT Technology Journal, 23(2), 12-23. Bellardo, J., & Savage, S. (2003). 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In P. Usenix (Ed.), Security Symposium. Washington, U.S.A.: D.C. CERT Coordination Center. (2001). Distributed denial of service tools [Online]. Available: http://www.cert.org/incident_notes/IN-99- 07.html [2001, January 15]. Daniel, S. (2006). WiMax operator’s manual. Apress, 9, 187-194. Dittrich, D. (2007). The tribe flood network distributed denial of service attack tool [Online]. Available: http://staff.washington. edu/dittrich/misc/tfn.analysis.txt [2007, July 10]. Gupta, V., Krishnamurthy, S.,

& Faloutsos, M. (2002). Denial-of- service attacks at the MAC layers in wireless. Ad Hoc Networks, Anaheim, U.S.A.: California. Jeffrey, G. A., Arunabha G., & Rias M. (2007). Fundamentals of WiMAX. New York: Prentice Hall, 26-30. Lee, P. C., Bu, T., & Woo, T. (2007). On the detection of signaling DoS attacks on 3G wireless networks. Anchorage: Alaska. Liang, W., & Wang, W. (2005). Quantitative study of authentication and QoS in wireless IP networks. U.S.A.: Miami. Ng, H. S., Sim, M. L., & Tan, C. M. (2006). Security issues of wireless sensor networks in healthcare applications. BT Technology Journal, 24(2), 184. Power, R. (2002). Computer security issues & trends. 2002 CSI/FBI Computer Crime and Security Survey, 8(1), 1-12. Syed, A. A., & Mohammad, I. (2007). WiMAX: Standards and security. CRC: Press, 78-80.

Song, J. H., Vincent, W., S. W., & Victor, C. M. L. (2007). Secure position-based routing protocol for mobile ad hoc networks. Ad Hoc Networks, 5(1), 76-86. Song, J. H., Poovendran, R., Lee, J., & Iwata, T. (2006). The AES-CMAC algorithm. IETF RFC, 4493, 176-287. Thomas, H., &

Lakshminath, R. D. (2005). Security in Wireless LANS and MANS. Artech House Publishers, 30, 132-137. Zhang, M., & Fang, Y. (2005). Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Trans on WIRELESS COMMUNICATIONS, 4(2), 734-742.