標題: 無線區域網路安全監視器之設計
The Design of a Security Monitor for Wireless Local Area Networks
作者: 陳柏謙
Bor-Chyan Chen
張明峰
Ming-Feng Chang
資訊科學與工程研究所
關鍵字: 無線區域網路;網路安全;監聽程式;網路攻擊;wireless LAN;network security;sniffer;network attack
公開日期: 2002
摘要: 無線區域網路是籍由無線訊號來傳遞資料的區域網路。在訊號接收範圍中,任何人都可以輕易擷取到無線區域網路上傳輸的資料,而不需要與區域網路的接取裝置(如集線器或交換器)有任何實體上的接觸。因此,諸如資料加密、身份認證等安全機制,對於無線區域網路來說是必要的。然而,無線區域網路現有的安全標準並不安全,私自改良後的安全標準肯定也會被未來公訂的安全標準所取代。所以在本論文中,我們並不打算發明任何安全標準意圖來取代現有的標準,而是設計了一個可以輕易地適用於任何無線區域網路環境,且能與其它安全解決方案互補並存的安全程式。 在本論文中,我們描述一個我們命名為「無線區域網路安全監視器」的一個安全系統的設計。這個安全系統是個應用程式,可以像一般的網路監聽程式一樣抓取區域網路上的資料。除此之外,這個程式還可以主動地發送出假造的網路訊息來影響一個無線區域網路。籍由這兩個基本的功能(抓訊息和假造訊息),此程式可以在不修改任何現有網路裝置的彈性前提下,提供兩個進階的功能,分別是「連線阻斷」以及「防護SYN Flooding攻擊」。本論文除了描述「無線區域網路安全監視器」的各項功能外,也針對「連線阻斷」及「防護SYN Flooding攻擊」這兩個進階功能的效率進行測式,並展示出實驗的結果。
Wireless Local Area Networks (wireless LANs) are local area networks (LANs) where data are transmitted by radio waves. One can easily collect all the transmissions within a wireless LAN without any physical contact with the LAN devices (hubs or switches). As a result, security mechanisms such as encryption and authentication are necessary for wireless LANs. However, the current security standard for wireless LANs is not secure enough, and customized security solutions may become obsolete in the future when the new security standard is available. Therefore, we do not invent any new security standard to replace the existing one. Instead, we develop a security program that can easily compatible with any security solution. In this thesis, we describe the design of a program called Wireless LAN Monitor. This program can act as a sniffer that listens data transmissions in a wireless LAN. In addition, this program can actively send faked messages to affect the wireless LAN. By applying these two basic functions, this program can provide two advanced functions, which are “Connection Breaking” and “SYN Flooding Defense”, without modifying existing network devices. We describe all the functions in this thesis and present the experimental results on the efficiency of the two advanced functions.
URI: http://140.113.39.130/cdrfb3/record/nctu/#NT910392099
http://hdl.handle.net/11536/70162
Appears in Collections:Thesis