基于密钥协商的防范DHCP中间人攻击方案

doi:10.11959/j.issn.1000-436x.2021154

Abstract

Abstract:

In order to deal with the issue of the man-in-the-middle attack in the process of using dynamic host configuration protocol, a lightweight scheme was proposed.A new key agreement algorithm was developed based on public key cryptography to generate relevant keys, reducing the key storage burden.On the basis, a secure scheme was proposed, where two-way authentication of participants was designed to prevent the man-in-the-middle attack and digital signatures conforming to protocol specifications was constructed to ensure the legitimacy of the message source.By security analysis, the proposed scheme was demonstrated to be secure and valid against the man-in-the-middle attack and other common attacks.Experimental results show that the proposed scheme has the better performance compared with the related schemes, and can be compatible with both DHCPv4 and DHCPv6.

Key words: dynamic host configuration protocol, man-in-the-middle attack, key agreement, message authentication

CLC Number:

TP393

Zhiqiang YAO, Zhirong ZHU, Guohua YE. Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement[J]. Journal on Communications, 2021, 42(8): 103-110.

Figures/Tables 7

符号	含义
p, q	大素数
F_p	有限域
P	基点
G	循环群
H_i	哈希函数
ID_i	客户机标识
S_i	服务器标识
S_s	服务器私钥
S_p	服务器公钥
$x_{i}, M_{U_{i}}$	客户机部分私钥
d_i	客户机完整私钥
D_i	客户机公钥
$β_{U_{i}},cd$	认证参数
c₁, c₂, c₃	伪随机数
$A_{U_{i}}, F_{U_{i}}$	消息令牌
${sk}_{A}, {sk}_{B}$	会话密钥

References 22

[1]	WANG H B , WANG J H , WANG J L ,et al. Squeezing the gap:an empirical study on DHCP performance in a large-scale wireless network[J]. IEEE/ACM Transactions on Networking, 2020,28(2): 832-845.
[2]	AL-ANI A , ANBAR M , HASBULLAH I H ,et al. Authentication and privacy approach for DHCPv6[J]. IEEE Access, 2019,7: 73144-73156.
[3]	CONTI M , DRAGONI N , LESYK V . A survey of man in the middle attacks[J]. IEEE Communications Surveys ＆ Tutorials, 2016,18(3): 2027-2051.
[4]	DROMS R . Authentication for DHCP messages[R]. RFC Editor, 2001.
[5]	YOUNES O S . A secure DHCP protocol to mitigate LAN attacks[J]. Journal of Computer and Communications, 2016,4(1): 39-50.
[6]	YOO K J , KIM E G . Design and implementation of DHCP supporting network attack prevention[J]. Journal of the Korea Institute of Information ＆ Communication Engineering, 2016,20(4): 747-754.
[7]	ZHANG F Q , CHEN L . OTP_SAM:DHCP security authentication model based on OTP[C]// 2016 IEEE 20th International Conference on Computer Supported Cooperative Work in Design. Piscataway:IEEE Press, 2016: 346-350.
[8]	DINU D D , TOGAN M . DHCP server authentication using digital certificates[C]// 2014 10th International Conference on Communications. Piscataway:IEEE Press, 2014: 1-6.
[9]	TRIPATHI N , HUBBALLI N . A probabilistic anomaly detection scheme to detect DHCP starvation attacks[C]// 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems. Piscataway:IEEE Press, 2016: 1-6.
[10]	CALVERT C , KHOSHGOFTAAR T M , NAJAFABADI M M ,et al. A procedure for collecting and labeling man-in-the-middle attack traffic[J]. International Journal of Reliability,Quality and Safety Engineering, 2017,24(1): 1750002.
[11]	LV P , BAI L L , LIU T W ,et al. Detection of malicious domain names based on hidden Markov model[C]// 2018 IEEE Third International Conference on Data Science in Cyberspace. Piscataway:IEEE Press, 2018: 659-664.
[12]	AGYEMANG J O , JERRY K , ACQUAH I . Lightweight man-in-the-middle (MITM) detection and defense algorithm for WiFi-enabled Internet of things (IoT) gateways[J]. Information Security and Computer Fraud, 2019,7(1): 1-6.
[13]	OLANREWAJU R F , ISLAM T , KHALIFA O O ,et al. Data in transit validation for cloud computing using cloud-based algorithm detection of injected objects[J]. Indonesian Journal of Electrical Engineering and Computer Science, 2018,10(1): 348-353.
[14]	HUBBALLI N , TRIPATHI N . A closer look into DHCP starvation attack in wireless networks[J]. Computers ＆ Security, 2017,65(3): 387-404.
[15]	LIU Z , MOHIUDDIN G , ZHENG J ,et al. Privacy preserving IPv6 address DHCP configuration for Internet of things[J]. ACM Transactions on Information Systems, 2020,6(2): 595.
[16]	LI L S , REN G , LIU Y ,et al. Secure DHCPv6 mechanism for DHCPv6 security and privacy protection[J]. Tsinghua Science and Technology, 2018,23(1): 13-21.
[17]	TIAN Q , LIN Y , GUO X H ,et al. New security mechanisms of high-reliability IoT communication based on radio frequency fingerprint[J]. IEEE Internet of Things Journal, 2019,6(5): 7980-7987.
[18]	张艳硕, 王泽豪, 王志强 ,等. 基于特征值的可验证三方安全密钥交换协议[J]. 通信学报, 2019,40(12): 149-154.
	ZHANG Y S , WANG Z H , WANG Z Q ,et al. Verifiable three-party secure key exchange protocol based on eigenvalue[J]. Journal on Communications, 2019,40(12): 149-154.
[19]	杨亚涛, 韩新光, 黄洁润 ,等. 基于 RLWE 支持身份隐私保护的双向认证密钥协商协议[J]. 通信学报, 2019,40(11): 180-186.
	YANG Y T , HAN X G , HUANG J R ,et al. Bidirectional authentication key agreement protocol supporting identity’s privacy preservation based on RLWE[J]. Journal on Communications, 2019,40(11): 180-186.
[20]	CARRé S , DESJARDINS M , FACON A ,et al. Exhaustive single bit fault analysis.A use case against Mbedtls and OpenSSL’s protection on ARM and Intel CPU[J]. Microprocessors and Microsystems, 2019,71: 1-13.
[21]	LI Y , ZHU L , WANG H W ,et al. A cross-layer defense scheme for edge intelligence-enabled CBTC systems against MitM attacks[J]. IEEE Transactions on Intelligent Transportation Systems, 2021,22(4): 2286-2298.
[22]	MALLOULI F , HELLAL A , SAEED N S ,et al. A survey on cryptography:comparative study between RSA vs ECC algorithms,and RSA vs el-gamal algorithms[C]// 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud. Piscataway:IEEE Press, 2019: 173-176.

Metrics

Recommended 0

No Suggested Reading articles found!

Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 22

Related Articles 15

Metrics

Recommended 0

[1]	Haibo ZHANG, Kai LAN, Zhou CHEN, Ruyan WANG, Can ZOU, Mingyue WANG. Ring-based efficient batch authentication and group key agreement protocol with anonymity in Internet of vehicles [J]. Journal on Communications, 2023, 44(6): 103-116.
[2]	Yinghui ZHANG, Lingyun HU, Yixin LI, Jianting NING, Dong ZHENG. Secure and efficient batch authentication scheme based on dynamic revocation mechanism in space information network [J]. Journal on Communications, 2022, 43(4): 164-176.
[3]	Haibo ZHANG, Zhou CHEN, Hongwu HUANG, Xiaofan HE. Intra-group mutual authentication key agreement protocol based on Chinese remainder theorem in VANET system [J]. Journal on Communications, 2022, 43(1): 182-193.
[4]	Qimei CUI, Wenjing ZHAO, Xiaoyang GU, Zengbao ZHU, Xiaoxuan ZHU, Xiaofeng TAO, Wei NI. Efficient handover authentication and secure key-updating mechanism for B5G networks [J]. Journal on Communications, 2021, 42(12): 96-108.
[5]	Yanshuo ZHANG,Zehao WANG,Zhiqiang WANG,Huiyan CHEN. Verifiable three-party secure key exchange protocol based on eigenvalue [J]. Journal on Communications, 2019, 40(12): 149-154.
[6]	Ming XU,Xuru LI,Chaobin LIU,Yao MA. Dual-proxy key-based threshold signature scheme for ship ad-hoc network [J]. Journal on Communications, 2018, 39(7): 166-175.
[7]	Zijian ZHANG,Qi ZHOU,Chuan ZHANG,Xiaoyao TONG,Chunlei LI,Long WANG. New low-earth orbit satellites authentication and group key agreement protocol [J]. Journal on Communications, 2018, 39(6): 146-154.
[8]	Zhen WANG,Zhao-feng MA,Shou-shan LUO. Identity-based efficient authentication and key agreement protocol for mobile Internet [J]. Journal on Communications, 2017, 38(8): 19-27.
[9]	Xiao-wei LI,Deng-qi YANG,Ben-hui CHEN,Yu-qing ZHANG. Two-factor authenticated key agreement protocol based on biometric feature and password [J]. Journal on Communications, 2017, 38(7): 89-95.
[10]	Hang SU,Jian-wei LIU,Rui TAO. Hierarchical certificateless authenticated key agreement protocol [J]. Journal on Communications, 2016, 37(7): 161-171.
[11]	Ya-min WEN,Zheng GONG. New affiliation-hiding authenticated key exchange protocol [J]. Journal on Communications, 2015, 36(9): 82-90.
[12]	. Attribute-based authenticated key agreement protocol supporting revocation [J]. Journal on Communications, 2014, 35(5): 5-43.
[13]	Qiang LI,Deng-guo FENG,Li-wu ZHANG. Attribute-based authenticated key agreement protocol supporting revocation [J]. Journal on Communications, 2014, 35(5): 33-43.
[14]	. Improved direct anonymous attestation scheme for mobile computing platforms [J]. Journal on Communications, 2013, 34(6): 8-75.
[15]	Li YANG,Jun-wei ZHANG,Jian-feng MA,Zhi-hong LIU. Improved direct anonymous attestation scheme for mobile computing platforms [J]. Journal on Communications, 2013, 34(6): 69-75.