基于密钥协商的防范DHCP中间人攻击方案

姚志强; 竺智荣; 叶帼华

doi:10.11959/j.issn.1000-436x.2021154

您当前的位置：

首页 >

文章列表页 >

基于密钥协商的防范DHCP中间人攻击方案

学术论文 | 更新时间：2024-06-05

- 基于密钥协商的防范DHCP中间人攻击方案
- Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement
- 通信学报 2021年42卷第8期页码：103-110
- 作者机构：
  
  1. 福建师范大学计算机与网络空间安全学院，福建福州 350108
  2. 福建省公共服务大数据挖掘与应用工程技术研究中心，福建福州 350108
- 作者简介：
  
  [ "姚志强（1967- ），男，福建莆田人，博士，福建师范大学教授、博士生导师，主要研究方向为大数据安全与隐私保护、多媒体安全、应用安全" ]
  [ "竺智荣（1993- ），男，浙江宁波人，福建师范大学硕士生，主要研究方向为大数据安全与隐私保护" ]
  [ "叶帼华（1976- ），女，福建霞浦人，福建师范大学副教授，主要研究方向为大数据安全与隐私保护、信息安全" ]
- 基金信息：
  
  国家自然科学基金资助项目(61872090);国家自然科学基金资助项目(61972096);国家自然科学基金资助项目(61872088);福建省引导性科技项目计划基金资助项目(2019H0010)
- DOI：10.11959/j.issn.1000-436x.2021154
  中图分类号： TP393
- 网络首发：2021-08，
  
  纸质出版：2021-08-25
- 稿件说明：
移动端阅览
姚志强, 竺智荣, 叶帼华. 基于密钥协商的防范DHCP中间人攻击方案[J]. 通信学报, 2021,42(8):103-110.

Zhiqiang YAO, Zhirong ZHU, Guohua YE. Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement[J]. Journal on Communications, 2021, 42(8): 103-110.
姚志强, 竺智荣, 叶帼华. 基于密钥协商的防范DHCP中间人攻击方案[J]. 通信学报, 2021,42(8):103-110. DOI： 10.11959/j.issn.1000-436x.2021154.

Zhiqiang YAO, Zhirong ZHU, Guohua YE. Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement[J]. Journal on Communications, 2021, 42(8): 103-110. DOI： 10.11959/j.issn.1000-436x.2021154.

摘要

为应对动态主机设置协议在使用过程中遇到的中间人攻击问题，提出一种轻量的解决方案。引入公钥密码技术，设计新的密钥协商算法并产生相关密钥，以减轻密钥存储负担；基于该算法提出安全方案，通过参与方的双向认证防范攻击行为，构造符合协议规范的数字签名确保消息来源。安全分析表明，该算法可有效抵御中间人攻击以及其他常见攻击类型；实验结果表明，所提方案较同类方案具有更好的性能表现，且可同时兼容DHCPv4与DHCPv6。

Abstract

In order to deal with the issue of the man-in-the-middle attack in the process of using dynamic host configuration protocol

a lightweight scheme was proposed.A new key agreement algorithm was developed based on public key cryptography to generate relevant keys

reducing the key storage burden.On the basis

a secure scheme was proposed

where two-way authentication of participants was designed to prevent the man-in-the-middle attack and digital signatures conforming to protocol specifications was constructed to ensure the legitimacy of the message source.By security analysis

the proposed scheme was demonstrated to be secure and valid against the man-in-the-middle attack and other common attacks.Experimental results show that the proposed scheme has the better performance compared with the related schemes

and can be compatible with both DHCPv4 and DHCPv6.

关键词

Keywords

references

WANG H B , WANG J H , WANG J L , et al . Squeezing the gap:an empirical study on DHCP performance in a large-scale wireless network [J ] . IEEE/ACM Transactions on Networking , 2020 , 28 ( 2 ): 832 - 845 .

AL-ANI A , ANBAR M , HASBULLAH I H , et al . Authentication and privacy approach for DHCPv6 [J ] . IEEE Access , 2019 , 7 : 73144 - 73156 .

CONTI M , DRAGONI N , LESYK V . A survey of man in the middle attacks [J ] . IEEE Communications Surveys ＆ Tutorials , 2016 , 18 ( 3 ): 2027 - 2051 .

DROMS R . Authentication for DHCP messages [R ] . RFC Editor , 2001 .

YOUNES O S . A secure DHCP protocol to mitigate LAN attacks [J ] . Journal of Computer and Communications , 2016 , 4 ( 1 ): 39 - 50 .

YOO K J , KIM E G . Design and implementation of DHCP supporting network attack prevention [J ] . Journal of the Korea Institute of Information ＆ Communication Engineering , 2016 , 20 ( 4 ): 747 - 754 .

ZHANG F Q , CHEN L . OTP_SAM:DHCP security authentication model based on OTP [C ] // 2016 IEEE 20th International Conference on Computer Supported Cooperative Work in Design . Piscataway:IEEE Press , 2016 : 346 - 350 .

DINU D D , TOGAN M . DHCP server authentication using digital certificates [C ] // 2014 10th International Conference on Communications . Piscataway:IEEE Press , 2014 : 1 - 6 .

TRIPATHI N , HUBBALLI N . A probabilistic anomaly detection scheme to detect DHCP starvation attacks [C ] // 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems . Piscataway:IEEE Press , 2016 : 1 - 6 .

CALVERT C , KHOSHGOFTAAR T M , NAJAFABADI M M , et al . A procedure for collecting and labeling man-in-the-middle attack traffic [J ] . International Journal of Reliability,Quality and Safety Engineering , 2017 , 24 ( 1 ): 1750002 .

LV P , BAI L L , LIU T W , et al . Detection of malicious domain names based on hidden Markov model [C ] // 2018 IEEE Third International Conference on Data Science in Cyberspace . Piscataway:IEEE Press , 2018 : 659 - 664 .

AGYEMANG J O , JERRY K , ACQUAH I . Lightweight man-in-the-middle (MITM) detection and defense algorithm for WiFi-enabled Internet of things (IoT) gateways [J ] . Information Security and Computer Fraud , 2019 , 7 ( 1 ): 1 - 6 .

OLANREWAJU R F , ISLAM T , KHALIFA O O , et al . Data in transit validation for cloud computing using cloud-based algorithm detection of injected objects [J ] . Indonesian Journal of Electrical Engineering and Computer Science , 2018 , 10 ( 1 ): 348 - 353 .

HUBBALLI N , TRIPATHI N . A closer look into DHCP starvation attack in wireless networks [J ] . Computers ＆ Security , 2017 , 65 ( 3 ): 387 - 404 .

LIU Z , MOHIUDDIN G , ZHENG J , et al . Privacy preserving IPv6 address DHCP configuration for Internet of things [J ] . ACM Transactions on Information Systems , 2020 , 6 ( 2 ): 595 .

LI L S , REN G , LIU Y , et al . Secure DHCPv6 mechanism for DHCPv6 security and privacy protection [J ] . Tsinghua Science and Technology , 2018 , 23 ( 1 ): 13 - 21 .

TIAN Q , LIN Y , GUO X H , et al . New security mechanisms of high-reliability IoT communication based on radio frequency fingerprint [J ] . IEEE Internet of Things Journal , 2019 , 6 ( 5 ): 7980 - 7987 .

张艳硕 , 王泽豪 , 王志强 , 等 . 基于特征值的可验证三方安全密钥交换协议 [J ] . 通信学报 , 2019 , 40 ( 12 ): 149 - 154 .

ZHANG Y S , WANG Z H , WANG Z Q , et al . Verifiable three-party secure key exchange protocol based on eigenvalue [J ] . Journal on Communications , 2019 , 40 ( 12 ): 149 - 154 .

杨亚涛 , 韩新光 , 黄洁润 , 等 . 基于 RLWE 支持身份隐私保护的双向认证密钥协商协议 [J ] . 通信学报 , 2019 , 40 ( 11 ): 180 - 186 .

YANG Y T , HAN X G , HUANG J R , et al . Bidirectional authentication key agreement protocol supporting identity’s privacy preservation based on RLWE [J ] . Journal on Communications , 2019 , 40 ( 11 ): 180 - 186 .

CARRÉ S , DESJARDINS M , FACON A , et al . Exhaustive single bit fault analysis.A use case against Mbedtls and OpenSSL’s protection on ARM and Intel CPU [J ] . Microprocessors and Microsystems , 2019 , 71 : 1 - 13 .

LI Y , ZHU L , WANG H W , et al . A cross-layer defense scheme for edge intelligence-enabled CBTC systems against MitM attacks [J ] . IEEE Transactions on Intelligent Transportation Systems , 2021 , 22 ( 4 ): 2286 - 2298 .

MALLOULI F , HELLAL A , SAEED N S , et al . A survey on cryptography:comparative study between RSA vs ECC algorithms,and RSA vs el-gamal algorithms [C ] // 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud . Piscataway:IEEE Press , 2019 : 173 - 176 .

浏览量

1036

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向车联网的轻量级认证密钥协商协议

面向数据出域安全的鲁棒认证密钥协商协议

基于毫米波MIMO信道多维优势提取的密钥协商方法

空间信息网络中基于动态撤销机制的安全高效批量认证方案

基于特征值的可验证三方安全密钥交换协议