Security issues in Address Autoconfiguration Protocols

Langer, André, Kühnert, Tom

20 April 2007

Dynamic address assignment is one of the most important features in wireless ad hoc networks if nodes should be enabled to join and to work in the network by automatically configuring all necessary settings. Different approaches have been developed throughout the last years to achieve this objective of Dynamic Address Autoconfiguration but research primarily focused on efficiency and correctness, less on security issues. Whereas Duplicate Address Detection has become reliable in commonplace scenarios, it is still relatively easy to suspend the whole network functionality in extraordinary situations within the boundaries of a Dynamic Address Configuration Protocol. In this paper, we therefore want to point out shortcomings and weaknesses in existing protocol solutions which address dynamic IP address assignment. We concentrate on a leader-based approach called ODACP and want to propose several solutions which improve the original protocol in such a way that it is safer against malicious host activities. Finally, we will demonstrate the improvements of our solution in a separate test scenario.

Ad hoc networks

Address Autoconfiguration

ODACP

malicious nodes

ddc:000

ddc:004

Computersicherheit

DoS-Attacke

Drahtloses lokales Netz

Dynamic Host Configuration Protocol

Konfiguration <Informatik>

Malware

Uma proposta de arquitetura para o protocolo NETCONF sobre SOAP / An architecture proposal for the NETCONF protocol over SOAP

Lacerda, Fabrizzio Cabral de

30 August 2007

Orientador: Mauricio Ferreira Magalhães / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica e de Computação / Made available in DSpace on 2018-08-10T08:14:26Z (GMT). No. of bitstreams: 1 Lacerda_FabrizzioCabralde_M.pdf: 1883686 bytes, checksum: c6ae7f1ec9d40594dd97e011ec07e59b (MD5) Previous issue date: 2007 / Resumo: A gerência de redes é formada por cinco áreas funcionais: Falha, Configuração, Contabilidade, Desempenho e Segurança. A área de configuração é responsável pela operação e manutenção da rede, acompanhando as mudanças de configuração realizadas em cada dispositivo da rede. As principais ferramentas de gerência disponíveis, CLI e SNMP, não atendem aos requisitos de configurações das redes atuais. Novas tecnologias Web estão se tornando comuns na gerência de redes, com destaque para o uso da linguagem XML e do protocolo HTTP. Com o objetivo de aplicar estas novas tecnologias na configuração de redes foi definido, no âmbito do IETF, um novo protocolo de gerência de configuração denominado NETCONF. Este trabalho faz um estudo do protocolo NETCONF procurando destacar as suas vantagens e limitações. Este trabalho propõe, também, uma arquitetura de implementação para o NETCONF baseada no protocolo de transporte SOAP sobre HTTP, ou sobre HTTPs. Com o objetivo de validar a arquitetura, apresentamos a implementação de um protótipo totalmente aderente à proposta NETCONF para o qual foi especificado um modelo de dados para configuração de VLANs de switches de fabricantes diferentes / Abstract: Network management is formed by five functional areas: Failure, Configuration, Accounting, Performance and Security. The configuration area is responsible for the network¿s operation and maintenance, following the configuration changes done in each network¿s device. The main management tools available, CLI and SNMP, do not take care of the configuration requirements of current networks. New Web technologies are becoming widespread in network management, with prominence of XML language and HTTP protocol. A new protocol of configuration management named NETCONF has been defined, in the scope of the IETF, in order to apply these new technologies for configuration of networks. This work studies the NETCONF protocol aiming to highlight its advantages and limitations. This work also proposes an architecture of implementation for the NETCONF based on the transport protocol SOAP over HTTP, or HTTPs. Aiming to validate such architecture, we present the implementation of a prototype fully adherent to the NETCONF proposal, for which it has specified a model of data for configuration of VLANs of switches from different manufacturers / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Redes de computadores - Gerência

Serviços Web

Redes de computadores - Protocolos

XLM

Network management

Web services

Configuration protocol

Data model

Java

XML

Security issues in Address Autoconfiguration Protocols

Langer, André, Kühnert, Tom

20 April 2007

Dynamic address assignment is one of the most important features in wireless ad hoc networks if nodes should be enabled to join and to work in the network by automatically configuring all necessary settings. Different approaches have been developed throughout the last years to achieve this objective of Dynamic Address Autoconfiguration but research primarily focused on efficiency and correctness, less on security issues. Whereas Duplicate Address Detection has become reliable in commonplace scenarios, it is still relatively easy to suspend the whole network functionality in extraordinary situations within the boundaries of a Dynamic Address Configuration Protocol. In this paper, we therefore want to point out shortcomings and weaknesses in existing protocol solutions which address dynamic IP address assignment. We concentrate on a leader-based approach called ODACP and want to propose several solutions which improve the original protocol in such a way that it is safer against malicious host activities. Finally, we will demonstrate the improvements of our solution in a separate test scenario.

info:eu-repo/classification/ddc/000

ddc:000

info:eu-repo/classification/ddc/004

ddc:004

Computersicherheit

DoS-Attacke

Drahtloses lokales Netz

Dynamic Host Configuration Protocol

Konfiguration <Informatik>

Malware

Ad hoc networks

Address Autoconfiguration

ODACP

malicious nodes