English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41143686      線上人數 : 180
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93434


    題名: 使用定位標識分離技術在P4交換機中防禦竊聽與竄改攻擊;Using Locator Identifier Separation Technology to Defense Eavesdropping and Tampering Attacks in P4 Switches
    作者: 陳碩偉;Chen, Shuo-Wei
    貢獻者: 資訊工程學系
    關鍵詞: 軟體定義網路;P4;竊聽攻擊;竄改攻擊;定位標示分離;訊息鑑別碼;Software Defined Networking;Programming Protocol-Independent Packet Processors;Eavesdropping Attack;Tampering Attack;Locator/Identifier Separation;Message Authentication Code
    日期: 2023-08-08
    上傳時間: 2024-09-19 17:01:40 (UTC+8)
    出版者: 國立中央大學
    摘要: 在現代網路環境中,攻擊者能夠利用受汙染的網路設備進行竊聽和竄改攻擊,以獲取隱私資料或導致主機做出錯誤決策。為了有效監控和管理網路流量,軟體定義網路(Software Defined Network, SDN)提供了一個集中式的控制平台。然而,由於SDN在封包處理方面的靈活性不足,因此Programming Protocol-independent Packet Processors(P4)被提出,P4允許網路管理人員定義封包的標頭(Header)以及處理流程,從而實現更靈活和可定制的網路功能。
    為了防止竊聽與竄改攻擊對網路環境的危害,本論文提出了Locator/Identifier Separation with Message Authentication Code(LISMAC)的機制與標頭,透過P4交換機將原始IP位址進行加密,對流量進行混淆,防止攻擊者透過竊聽攻擊和聚合封包來獲取隱私資訊。LISMAC使用定位標示分離技術作為IP位址加密後封包的路由依據,同時能夠減少中間網路節點儲存的路由表大小。此外LISMAC標頭中還包含封包的訊息鑑別碼(Message Authentication Code, MAC)值,可以透過檢驗MAC值來判斷封包在傳送過程中是否發生錯誤或被竄改。在實驗中,將LISMAC機制引入到3個中繼段(Hop)的環境中,在往返時間(Round-Trip Time, RTT)的部分,使平均RTT上升了1.19 ms,在沒有設置鏈路延遲時,平均RTT增加了53.43%,而在鏈路延遲設為1 ms時,平均RTT僅增加了1.55%,因此在真實世界存在鏈路延遲的情況下,引入LISMAC對平均RTT的上升幅度並不大。吞吐量(Throughput)部分則在引入LISMAC機制後下降了42.97%。儘管如此,在與SPINE與SR-TPP的比較中,LISMAC仍然具有較低的平均RTT和較高的throughput。
    ;In the modern networking environment, attackers can exploit compromised network devices for eavesdropping and tampering attacks to obtain private data or cause the host to make erroneous decisions. To effectively monitor and manage network traffic, Software Defined Networking (SDN) provides a centralized control platform. However, due to the limited flexibility in packet processing, Programming Protocol-independent Packet Processors (P4) have been proposed. P4 allows network administrators to define packet headers and processing workflows, enabling more flexible and customizable network functionalities.
    To mitigate the risks of eavesdropping and tampering attacks in the network environment, this paper proposes the Locator/Identifier Separation with Message Authentication Code (LISMAC). Through P4 switches, LISMAC encrypts the original IP addresses and confuses the traffic, preventing attackers from obtaining sensitive information through eavesdropping attacks and packet aggregation. LISMAC utilizes the technique of locator/identifier separation as the routing basis for encrypted packets, while also reducing the size of routing tables stored in intermediate network nodes. Additionally, LISMAC headers include a Message Authentication Code (MAC) value, which allows the verification of packet integrity and detection of potential errors or tampering during transmission.
    In the experiment, the LISMAC mechanism was introduced into a three-hop environment. Regarding Round-Trip Time (RTT), without setting any link delay, the average RTT increased by 53.43%. However, when the link delay was set to 1 ms, the average RTT only increased by 1.55%. Therefore, in real-world scenarios with existing link delays, LISMAC shows a relatively small increase in average RTT. The throughput decreased by 42.97% after introducing the LISMAC mechanism. Nevertheless, when compared to SPINE and SR-TPP, LISMAC still exhibits lower average RTT and higher throughput.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML11檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明