博碩士論文 104523043 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:25 、訪客IP:3.80.218.53
姓名 張友恆(Yu-Heng Chang)  查詢紙本館藏   畢業系所 通訊工程學系
論文名稱 一個伺服器端的地理位置偽造攻擊偵測機制
(Fake GPS Defender: A Server-side Solution to Detect Fake GPS)
相關論文
★ 非結構同儕網路上以特徵相似度為基準之搜尋方法★ 以系統呼叫為基礎改良式迴圈簡化演算法之異常入侵偵測系統理論與實作
★ 以階層式叢集聲譽為基礎之行動同儕網路拓撲架構★ 線上RSS新聞資料流中主題性事件監測機制之設計與實作
★ 耐延遲網路下具密度感知的路由方法★ 整合P2P與UPnP內容分享服務之家用多媒體閘道器:設計與實作
★ 家庭網路下簡易無縫式串流影音播放服務之設計與實作★ 耐延遲網路下訊息傳遞時間分析與高效能路由演算法設計
★ BitTorrent P2P 檔案系統下載端網路資源之可調式配置方法與效能實測★ 耐延遲網路中利用訊息編碼重組條件之資料傳播機制
★ 耐延遲網路中基於人類移動模式之路由機制★ 車載網路中以資料匯集技術改善傳輸效能之封包傳送機制
★ 適用於交叉路口環境之車輛叢集方法★ 車載網路下結合路側單元輔助之訊息廣播機制
★ 耐延遲網路下以靜態中繼節點(暫存盒)最佳化訊息傳遞效能之研究★ 耐延遲網路下以動態叢集感知建構之訊息傳遞機制
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2022-6-30以後開放)
摘要(中) 隨著時代演進,不僅僅是智慧型手持電話,有越來越多行動裝置、物聯網裝置配備有能感知自身地理位置的感測器,因而衍生出許多基於實體地理位置的網路服務。像是以地理位置判斷速度,進而藉由資料分析判斷路況,抑或是特定目標的定位提供大眾運輸的公開資料,甚至是以實體位置為基礎建造虛擬環境的擴增實境遊戲等。然而,這些服務再由裝置獲得其所在的地理位置的同時,多半缺少了驗證其資料完整性的機制,亦即伺服器端無條件地接收移動裝置所回傳的資料,如此情況下實則暴露了許多機會給攻擊者,利用各種方式偽造其位置結果,進而衍生出所謂 Fake GPS 問題,影響了整體系統的穩定性與公平性。現今所見的防範驗證方式多半僅能提供以國家為範圍大小的偵測,且無法防範某些位於底層的偽造手法,攻擊者依舊可以在以國家為範圍的前提下進行小維度的偽造。
本論文中我們為地理位置服務的服務提供商設計了一個基於邊境路由器的偵測方式:相較於先前提出的解決方式,本論文的檢測機制是以單純的網際網路控制方式實現,能有效的在上層驗證資料的合理性,解決針對在下層的干擾偽造攻擊。再者,現今大多數的方法僅能有效判斷以國家為單位的大範圍偵測,本論文設計的機制,根據其他群體的所在位置,與使用者網路環境之路由器對控制封包的開放程度,能有效的縮小偵測範圍,提供更加精準的檢測方法,並使得欲偽造GPS位置的攻擊者更加困難,藉此抵禦與解決 Fake GPS 問題。論文研究已完成進行大量的實體實驗,結果顯示所提出的檢測機制之可行性在實體位置與現今網路環境上皆能夠成立,研究更進一步分析有可能出現的 false positive 與 false negative 狀況,並提出相對應的解決方式。最後,我們提出針對本檢測機制還能進行強化的地方,並表示本系統若與現存系統合作改進之可能的優勢與好處。
摘要(英)
Nowadays, not merely smart phones, but also IoT devices are usually equipped with GPS sensors in order to obtain devices’ geo-location. This brings more and more network service based on GPS location to us. For instance, detect traffic jams by obtaining devices′ velocity, or some well-known real world location-based games like Pokémon GO, etc. However, most of those services lack the integrity check for GPS values they get. This leaves a good chance for attackers to manipulate GPS information results before sending it to server, affecting stability and fairness of the system, and cause so called "Fake GPS" problem.
In this paper, we design a pure network-based detection for the LBS provider. Compared with previous solutions, our mechanism is based on Internet control message, which can verify the correctness of the data in upper layer, and solve the signal interference problem happened on hardware. In addition, most of the existing detection methods today can only effectively work for country-scale detection. The mechanism we purposed can effectively narrow down the scope of detection by using to the location of other normal users. Our mechanism successfully provides a more accurate detection method, and makes the attacker more difficult to launch the attack. The study further analysis situations which may probably cause false positive and negative, and give possible solutions for each corresponding issue. Finally, we propose some aspects where Fake GPS Defender can be improved, and also the potential advantages and benefits when cooperating with other existing detection systems.
關鍵字(中) ★ 偽造
★ 地理位置
★ 路由器
關鍵字(英) ★ Location
★ Fake
★ Spoof
★ Router
論文目次
摘要 i
Abstract ii
致謝 iii
Table of Contents iv
List of Figures v
List of Tables vi
1. Introduction 1
2. Related Works 5
2.1. GeoIP [7] 5
2.2. Other Sensors 6
2.3. Adjacent Devices 7
3. Background 8
3.1. Maximum Transmission Unit (MTU) 8
3.2. Traceroute 9
4. System Design 10
4.1. Design Principle 10
4.2. System Architecture 12
5. Evaluation 15
5.1. Environment 15
5.2. Experiments 16
5.3. Results 16
6. Discussion 20
6.1. Accuracy 20
6.2. False Negatives 20
6.3. RTT Detection Enhancement 22
6.4. Mobile IP [16] 23
6.5. Next Generation Mobile Network 24
7. Conclusion 25
8. References 26
參考文獻

[1] "Pokémon GO Official Website," Niantic, Inc, http://www.pokemongo.com/.
[2] "LineageOS Android Distribution," https://lineageos.org/.
[3] "Xposed framework," http://repo.xposed.info/.
[4] hiking93, "PokeX: an Xposed module to control Pokémon GO player location with accelerometer.," https://github.com/hiking93/PokeX.
[5] "Reverse engineering and hacking radio with SDR," AIS3, https://ais3.org/class.html.
[6] "HackRF One," https://greatscottgadgets.com/hackrf/.
[7] "GeoIPTool," https://geoiptool.com/.
[8] Sashank Narain, Triet D. Vo-Huu, Kenneth Block and Guevara Noubir, "Inferring User Routes and Locations using Zero-Permission Mobile Sensors," in 2016 IEEE Symposium on Security and Privacy (SP), San Jose, California , 2016.
[9] Francesco Restuccia, Andrea Saracino, Sajal K. Das, and Fabio Martinelli, "LVS: A WiFi-based system to tackle Location Spoofing in location-based services," in 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2016.
[10] James F. Kurose , Keith W. Ross, "Internet Control Message Protocol," in COMPUTER NETWORKING A Top-Down Approach, 2013, pp. 353-355.

[11] V. Jacobson, "Traceroute Manual," http://www.zytek.com/traceroute.man.html.
[12] "WITCH - detects OpenVPN via MSS values," WITCH, http://witch.valdikss.org.ru/.
[13] "getIPIntel - machine learning proxy / VPN detection," getIPIntel, https://getipintel.net/.
[14] G. J. Kerns, "Outliers," in Introduction to Probability and Statistics Using R, p. 44.
[15] "Tukey′s range test," https://en.wikipedia.org/wiki/Tukey%27s_range_test.
[16] James F. Kurose , Keith W. Ross , "Mobile IP," in COMPUTER NETWORKING A Top-Down Approach , 2013, pp. 564-569.
[17] C. Perkins, "rfc 2003 IP Encapsulation within IP," 9 1996. https://tools.ietf.org/html/rfc2003.
[18] C. Perkins, "RFC 2004 Minimal Encapsulation within IP," 9 1996. https://tools.ietf.org/html/rfc2004.
[19] "3rd Generation Partnership Project (3GPP)," http://www.3gpp.org/.
[20] "GeoIP2 Databases," MaxMind, https://www.maxmind.com/en/geoip-demo.
指導教授 胡誌麟、許富皓(Chih-Lin Hu Fu-Hau Hsu) 審核日期 2017-7-18
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明