• Title, Summary, Keyword: MAC Address

Search Result 93, Processing Time 0.046 seconds

MAC Address Spoofing Attack Detection and Prevention Mechanism with Access Point based IEEE 802.11 Wireless Network (Access Point 기반 무선 네트워크 환경에서의 MAC Address Spoofing 공격 탐지 및 차단 기법)

  • Jo, Je-Gyeong;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.9 no.4
    • /
    • pp.85-96
    • /
    • 2008
  • An authentication procedure on wired and wireless network will be done based on the registration and management process storing both the user's IP address and client device's MAC address information. However, existent MAC address registration/administration mechanisms were weak in MAC Spoofing attack as the attacker can change his/her own MAC address to client's MAC address. Therefore, an advanced mechanism should be proposed to protect the MAC address spoofing attack. But, existing techniques sequentially compare a sequence number on packet with previous one to distinguish the alteration and modification of MAC address. However, they are not sufficient to actively detect and protect the wireless MAC spoofing attack. In this paper, both AirSensor and AP are used in wireless network for collecting the MAC address on wireless packets. And then proposed module is used for detecting and protecting MAC spoofing attack in real time based on MAC Address Lookup table. The proposed mechanism provides enhanced detection/protection performance and it also provides a real time correspondence mechanism on wireless MAC spoofing attack with minimum delay.

  • PDF

Secure MAC address-based Authentication on X.509 v3 Certificate in Group Communication (그룹 통신을 위한 안전 MAC 주소 기반 X.509 인증서에 관한 연구)

  • Hong, Sung-Hyuck
    • Journal of Internet Computing and Services
    • /
    • v.9 no.4
    • /
    • pp.69-77
    • /
    • 2008
  • I propose adding users’Media Access Control (MAC) addresses to standard X.509 certificates to provide more secure authentication. The MAC address can be added by the issuing Certification Authority (CA) to the "extensions" section of the X.509 certificate. I demonstrate that when two users with MAC address information on their digital certificates communicate, the MAC address on the first user’s certificate can be easily verified by the second user. In this way, security can be improved without markedly degrading system performance and the level of initial trust between participants in virtual communities will be improved.

  • PDF

Building Access Control System Using MAC Address of Smart Device (Smart Device의 MAC Address를 이용한 건물 출입통제 시스템)

  • Jung, Yong-jin;Lee, Jong-sung;Oh, Chang-heon
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.873-875
    • /
    • 2014
  • In this paper, we propose the access control system based bluetooth using the MAC address of the smart device. Access control system that propose compares the smart device MAC address entry and exit and MAC address that is registered with the server. Depending on whether the match was compared, access control is performed. Result of the experiment, control of door is possible only by bluetooth pairing of the bluetooth module and smart device. Therefore, it does not require access to another tool.In addition, Action for access approval is omitted. Therefore, the access authorization procedure is simplified compared to existing access control systems, it is possible to improve the convenience.

  • PDF

Address Auto-Resolution Network System for Neutralizing ARP-Based Attacks (ARP 기반 공격의 무력화를 위한 주소 자동 결정 네트워크 시스템)

  • Jang, RhongHo;Lee, KyungHee;Nyang, DaeHun;Youm, HeungYoul
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.6 no.4
    • /
    • pp.203-210
    • /
    • 2017
  • Address resolution protocol (ARP) is used for binding a logical address to a physical address in many network technologies. However, since ARP is an stateless protocol, it always abused for performing ARP-based attacks. Researchers presented many technologies to improve ARP protocol, but most of them require a high implementation cost or scarify the network performance for improving security of ARP protocol. In this paper, we present an address auto-resoultion (AAR) network system to neutralize the ARP-based attacks. The AAR turns off the communication function of ARP messages(e.g. request and reply), but does not disable the ARP table. In our system, the MAC address of destination was designed to be derived from destination IP address so that the ARP table can be managed statically without prior knowledge (e.g., IP and MAC address pairs). In general, the AAR is safe from the ARP-based attacks since it disables the ARP messages and saves network traffics due to so.

Address Mapping Scheme between Layer 3 and Layer 2 for Multicast over IEEE 802.16 Networks (IEEE 802.16 네트워크에서 멀티캐스트 전달을 위한 주소 정보 매핑 방법)

  • Kim, Sang-Eon;Yoon, Joo-Young;Jin, Jong-Sam;Lee, Seong-Choon;Lee, Sang-Hong
    • 한국정보통신설비학회:학술대회논문집
    • /
    • /
    • pp.336-340
    • /
    • 2007
  • This paper proposes a multicast scheme over IEEE 802.16 networks which support multiple upper layer protocols such as ATM, IPv4 packets, IPv6 packets, IEEE 802.3 over IPv4 and so on. The multicast capabilities over IEEE 802.16 are important both control plane and data plane. The proposed multicast scheme can be divided into two types: direct mapping and indirect mapping. The direct mapping scheme is that layer 3 address is directly mapped into CID information which is used for connection identifier at IEEE 802.16 link layer. The indirect mapping scheme has two steps for mapping between layer 3 address and layer 2 CID. Firstly, a layer 3 address translates to Ethernet MAC address with group MAC address. Secondly, a group MAC address is mapped into CID. The mapping scheme depends on the upper layer protocols.

  • PDF

A System Unauthorized Access using MAC Address and OTP (MAC Address와 OTP를 이용한 비인가 접근 거부 시스템)

  • Shin, Seung-Soo;Jeong, Yoon-Su
    • Journal of Digital Convergence
    • /
    • v.10 no.3
    • /
    • pp.127-135
    • /
    • 2012
  • This study improves the existing user identification method using user ID and password. The new protocol protecting unauthorized access is designed and developed using user's ID, password, and OTP for user certification as well as MAC address for computer identification on networks. The safety on trials of unauthorized certification is tested and analyzed for four types following the criterion of information acquisition.

Implementation of MAC address based illegal node IDS(Intrusion detection system) in Wireless Sensor Networks (무선 센서 네트워크에서 MAC 주소기반의 불법 노드의 침입탐지시스템 구현)

  • Seong, Ki-Taek;Kim, Gwan-Hyung
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.727-730
    • /
    • 2011
  • 본 논문에서는 무선 센서네트워크 환경에 적용할 수 있는 외부 노드의 침입을 탐지하는 방법을 제안하였다. 센서노드의 무선통신을 지원하는 네트워크 장치에 고유하게 부여된 MAC 주소를 이용하여 외부로부터의 허락되지 않는 노드의 네트워크 내부로의 침입을 감지하는 방안을 제안하였다. 실제 센서노드를 이용한 침입탐지 시스템을 개발, 실험을 통하여 효율성을 확인하였다.

  • PDF

Practical MAC address table lookup scheme for gigabit ethernet switch (기가비트 이더넷 스위치에서 빠른 MAC 주소 테이블의 검색 방법)

  • 이승왕;박인철
    • Proceedings of the IEEK Conference
    • /
    • /
    • pp.799-802
    • /
    • 1998
  • As we know, gigabit ethernet is a new technology to be substituted for current fast ethernet used widely in local area network. The switch used in gigabit ethernet should deal with frames in giga-bps. To do such a fast switching, we need that serveral processes meet the budgets, such as MAC address table lookup, several giga speed path setup, fast scheduling, and etc. Especially MAC address table lookup has to be processed in the same speed with speed of incoming packets, thus the bottleneck in the process can cause packet loss by the overflow in the input buffer. We devise new practical hardware hashing method to perform fast table lookup by minimizing the number of external memory access and accelerating with hardware.

  • PDF

For the development of software industry, extensive software certification scheme (소프트웨어 산업의 발전을 위한 확장된 소프트웨어 인증체계)

  • Seo, Hee Suk;Kim, Sang Ho;Lee, Seung Jae
    • Journal of the Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.3
    • /
    • pp.121-129
    • /
    • 2010
  • For the development of software industry, offers an expanded software authentication scheme caused by the unauthorized copying of software is to reduce the damage to software developers, retail sales and to promote the development of the software industry was studied. Serial Number of the current software registration is conducted in such a simple verification procedure if the Serial Number only illegal and can be installed on multiple computers, such as program code to allow third parties to enter the Serial Number, or the extract can be used without is a reality. The proposed extension to the software authentication system when you install the software, my phone authentication and MAC Address Authentication Service introduced to distinguish normal user, the user of the MAC Address of the server and software development company that was sent to the registered MAC Address of the computer to be run only by the use of genuine software and to make unauthorized copies of software generated by the software developer can reduce the damage of the proposed plan.

The core information protection mechanism in the BcN(Broadband Convergence Network) (BcN(Broadband Convergence Network) 환경에서의 중요정보에 대한 도청방지 메카니즘)

  • Oh, Sek-Hoan;Lee, Jae-Yong;Kim, Byung-Chul
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.45 no.1
    • /
    • pp.14-26
    • /
    • 2008
  • IP over Ethernet technology widely used as Internet access uses the ARP(Address Resolution Protocol) that translates an ip address to the corresponding MAC address. recently, there are ARP security attacks that intentionally modify the IP address and its corresponding MAC address, utilizing various tools like "snoopspy". Since ARP attacks can redirect packets to different MAC address other than destination, attackers can eavesdrop packets, change their contents, or hijack the connection. Because the ARP attack is performed at data link layer, it can not be protected by security mechanisms such as Secure Shell(SSH) or Secure Sockets Layer(SSL). Thus, in this paper, we classify the ARP attack into downstream ARP spoofing attack and upstream ARP redirection attack, and propose a new security mechanism using DHCP information for acquisition of IP address. We propose a "DHCP snoop mechanism" or "DHCP sniffing/inspection mechanism" for ARP spoofing attack, and a "static binding mechanism" for ARP redirection attack. The proposed security mechanisms for ARP attacks can be widely used to reinforce the security of the next generation internet access networks including BcN.