Kentaroh Toyoda, Yuta Kamiguchi, Shinichiro Inoue, I. Sasase
{"title":"有效的解决方案,以减少DoS攻击对IP地址所有权证明在移动IPv6的影响","authors":"Kentaroh Toyoda, Yuta Kamiguchi, Shinichiro Inoue, I. Sasase","doi":"10.1109/PIMRC.2011.6139694","DOIUrl":null,"url":null,"abstract":"In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim's IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.","PeriodicalId":262660,"journal":{"name":"2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Efficient solution to decrease the effect of DoS attack against IP address ownership proof in Mobile IPv6\",\"authors\":\"Kentaroh Toyoda, Yuta Kamiguchi, Shinichiro Inoue, I. Sasase\",\"doi\":\"10.1109/PIMRC.2011.6139694\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim's IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.\",\"PeriodicalId\":262660,\"journal\":{\"name\":\"2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PIMRC.2011.6139694\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PIMRC.2011.6139694","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Efficient solution to decrease the effect of DoS attack against IP address ownership proof in Mobile IPv6
In Mobile IPv6(MIPv6), a Mobile Node(MN) communicating with the Correspondent Node(CN) cannot prove the ownership of the claimed IP address. If a malicious node impersonates victim's IP address, it could hijack the session or forward packets to non-existing destination or other nodes. Currently, in order for a MN to prove the ownership of its own IP address, it is considered to use Feige-Fiat-Shamir (FFS) identification scheme [1]. However, there is one serious problem. In this scheme, a CN has to verify all of the Binding Update requests, and this leads to DoS(Denial of Service) attack. This paper shows a method which mitigates the effect of the DoS attack by making the challenge twice in a transaction. We make the first challenge easily verified to exclude the malicious nodes and the second one much more difficult than the first one to avoid impersonation. This method can efficiently exclude the malicious nodes which do not have proper IP addresses by verifying the first challenge. Furthermore, by making the challenge twice, our scheme can decrease the probability of impersonation over the previous scheme for equivalent calculation amount. By the computer simulation, we show that the proposed scheme is efficient to decrease the effect of the DoS attack and the probability of impersonation compared to the previous scheme.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
