Detecting Wormhole Attacks on IPv6 Wireless Sensor Networks
IPv6, wireless sensor network, wormhole attack
近年來隨著IPv6與物聯網蓬勃發展,無線感測網路成為物聯網最重要部份之一,ZigBee聯盟於2013年發佈IPv6的ZigBee IP規範,將無線感測網路從IPv4升級到IPv6,提升ZigBee網路定址能力等功能,解決無線感測網路IP不足的問題。
然而IPv6無線感測網路中的蟲洞攻擊(Wormhole attacks)問題並沒有被解決。蟲洞攻擊的運作原理是攻擊者偽造路由通告封包,建立蟲洞隧道(Wormhole tunnel),在蟲洞隧道的兩端轉送資料封包,將周圍節點的流量吸入蟲洞隧道,攻擊者便能夠進行攔截、竊聽、竄改、或丟棄封包癱瘓網路等惡意行為,因此後果非常嚴重。
Recently, with the development of IPv6 and Internet, wireless sensor network becomes more popular in Internet of thing. ZigBee Alliance announced ZigBee IP specification in 2013, which upgraded the protocol of wireless sensor network from IPv4 to IPv6, and solved the issue of the insufficient IP addresses.
However, IPv6 wireless sensor network still faces wormhole attacks. The Wormhole attacks generate a wormhole tunnel, and cause neighbors to go through it. Which means the attackers can sniff, modify, or drop packets.
There are still some limitations in detecting method of wormhole attack in researches. For example, some researches require GPS support or precise synchronized time in the system.
This paper proposes wormhole detection system. Without any other hardware and system support, our solution analyst packets through RPL standard routing protocol only. We have a good detection rate, according to our experimental results.
目次 Table of Contents
論文審定書 i
誌謝 ii
摘要 iii
目錄 v
圖次 vii
表次 viii
第1章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 2
第2章 文獻探討 3
2.1 無線感測網路簡介 3
2.2 ZigBee IP網路標準與RPL路由協定 4
2.3 蟲洞攻擊介紹 8
2.4 防禦方法 11
第3章 研究方法 14
3.1 系統架構 14
3.2 蟲洞攻擊偵測系統 15
3.2.1 建立DODAG網路與RPL路由範例 16
3.2.2 out-of-band channel蟲洞攻擊範例 18
3.2.3 蟲洞攻擊偵測模組 20
第4章 系統評估 22
4.1 系統驗證 23
4.1.1 實驗一:系統驗證參數 24
4.1.2 實驗一:系統驗證結果 24
4.2 系統評估 31
4.2.1 系統評估的實驗參數 31
4.2.2 實驗二:評估實驗對照組 33
4.2.3 實驗三:Map size 33
4.2.4 實驗四:良性節點數 34
4.2.5 實驗五:良性節點傳輸距離上限 35
4.2.6 實驗六:Rain fade延遲權重 36
4.2.7 實驗七:蟲洞距離長度 37
4.2.8 實驗二至實驗七的實驗總結 38
第5章 結論與未來展望 40
參考文獻 41
參考文獻 References
