KR20170080957A - ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network - Google Patents
ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network Download PDFInfo
- Publication number
- KR20170080957A KR20170080957A KR1020150191027A KR20150191027A KR20170080957A KR 20170080957 A KR20170080957 A KR 20170080957A KR 1020150191027 A KR1020150191027 A KR 1020150191027A KR 20150191027 A KR20150191027 A KR 20150191027A KR 20170080957 A KR20170080957 A KR 20170080957A
- Authority
- KR
- South Korea
- Prior art keywords
- iot
- internet
- gateway
- mac address
- attacker
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
According to an embodiment of the present invention, when a predefined event occurs in the Internet of Things (IoT) device or when the MAC address of the gateway to which the Internet of Things (IoT) device is connected changes, Scanning the IP and MAC address of all connected Internet (IoT) devices; And a step of selecting an object Internet (IoT) device having a duplicated MAC address in the scanned result and processing it as an attacker. Lt; / RTI >
Description
The present invention relates to a system, method, and program for preventing ARP spoofing for IoT security in an Internet Internet (IoT) network.
Computers that use the network manage the translation table between the IP address and the MAC address, called the Addressing Protocol (ARP) table.
On the other hand, an ARP spoofing attack in which attackers attack the ARP table as if they are gateways is often performed, and countermeasures against such ARP spoofing attacks are disclosed (see, for example, 2011-0060271).
However, there is no effective countermeasure against the ARP spoofing attack in the Internet (IoT) network composed of a mobile environment in which operations such as roaming are performed.
According to an embodiment of the present invention, there is provided a system, method, and program for preventing ARP spoofing for IoT security in an Internet Internet (IoT) network capable of preventing ARP spoofing in a mobile Internet (IoT) A recording medium may be provided.
According to one embodiment of the present invention
On the computer,
When a predefined event occurs in the Internet of Things (IoT) device or when the MAC address of the gateway to which the Internet of Things (IoT) device is connected is changed, the IP of all Internet (IoT) devices connecting to the gateway Scanning a MAC address; And
(IoT) device having a duplicated MAC address in a scanned result, and processing the object Internet (IoT) device as an attacker, wherein the computer readable recording medium records a program for executing an ARP spoofing prevention method for IoT security Can be provided.
According to another embodiment of the present invention,
What is claimed is: 1. An ARP spoofing prevention system for IoT security in an Internet (IoT) network including a plurality of Internet (IoT) devices and a gateway,
Wherein at least one of the plurality of Internet < RTI ID = 0.0 > (IoT) <
When a predefined event occurs in the Internet of Things (IoT) device or when the MAC address of the gateway to which the Internet of Things (IoT) device is connected is changed, the IP of all Internet (IoT) devices connecting to the gateway Scanning the MAC address,
(IoT) device in which the MAC address is duplicated in the scanned result is selected and processed as an attacker, and an ARP spoofing prevention system for IoT security in the Internet (IoT) network is provided have.
According to one or more embodiments of the present invention, ARP spoofing can be effectively prevented by correctly distinguishing between roaming in the Internet of Things (IoT) network to which the mobile device belongs and the case of ARP spoofing.
1 is a view for explaining an ARP spoofing prevention system for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
2 is a diagram for explaining an ARP spoofing prevention program for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
FIG. 3 is a view for explaining an operation of selecting and blocking an attacker according to an embodiment of the present invention.
4 is a diagram for explaining roaming operation according to an embodiment of the present invention.
5 is a diagram for explaining an ARP spoofing prevention method for IoT security in the Internet of Things (IoT) network.
BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, and advantages of the present invention will become more readily apparent from the following description of preferred embodiments with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. Rather, the embodiments disclosed herein are provided so that the disclosure can be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
Also, terms used herein are for the purpose of illustrating embodiments and are not intended to limit the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms "comprises" and / or "comprising" used in the specification do not exclude the presence or addition of one or more other elements.
Hereinafter, the present invention will be described in detail with reference to the drawings. In describing the specific embodiments below, various specific details have been set forth in order to explain the invention in greater detail and to assist in understanding it. However, it will be appreciated by those skilled in the art that the present invention may be understood by those skilled in the art without departing from such specific details. In some instances, it should be noted that portions of the invention that are not commonly known in the description of the invention and are not significantly related to the invention do not describe confusing reasons for explaining the present invention.
1 is a view for explaining an ARP spoofing prevention system for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
Referring to FIG. 1, an ARP spoofing prevention system (hereinafter referred to as 'ARP spoofing prevention system') for IoT security in an Internet Internet (IoT) network according to an embodiment of the present invention includes a gateway (GW) (IoT)
The gateway (GW) 10 and the plurality of Internet (IoT)
The gateway (GW) 10 and the plurality of Internet (IoT)
Hereinafter, for the purpose of explanation of the present invention, a configuration, operation, and effect of an Object Internet (IoT)
The Internet of Things (IoT)
The predetermined event may be, for example, when it is desired to transmit important data. Whether or not it is important data is predetermined by the user in advance. For example, data sent to a specific destination can be defined as important data. Data sent to the bank as specific destination data to be transmitted can all be defined as important data. In this case, each time the object Internet (IoT)
The Internet (IoT)
The address determination protocol (ARP) table includes the MAC address and the IP address of each of the Internet 10 (IoT)
The Internet (IoT)
The Internet (IoT)
The normal object Internet (IoT)
The object Internet (IoT)
In detail, the Internet (IoT)
In this embodiment, the action for the device detected as the attacker is possible according to the known techniques, and alternatively, the action according to the embodiment of the present invention is also possible.
The action according to one embodiment of the present invention for the device detected as an attacker is that when there is an Internet Internet Protocol (IoT) device processed as an attacker, the Internet, which is not an attacker connected to the
Although the above description has been described by taking the object Internet (IoT)
2 is a diagram for explaining an ARP spoofing prevention program for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
2, an Internet Internet (IoT)
The ARP
The ARP
The ARP
The ARP
The ARP
The ARP
The ARP
In detail, the ARP
Although the foregoing has been described by way of example to the Internet (IoT)
FIG. 3 is a view for explaining an operation of selecting and blocking an attacker according to an embodiment of the present invention.
1 and 3, an operation of selecting and blocking an attacker according to an embodiment of the present invention will now be described. In the normal Internet (IoT)
In this situation, it is assumed that the
In the updated address determination protocol (ARP) table, there is a case where the MAC addresses are different from each other. This is because the
The following table shows the cases where the IP addresses are different and the MAC addresses are the same.
.
.
.
.
Referring to Table 1, there is a case where the IP address is different but the MAC address is different. If the gateway is IP: 00: 00: 01, the MAC address is 102.166. In the device with the 0.1, IP: If case 00:00:07, changed to a device with the MAC address of 102.166.0.1, to later gateway Changed IP : 00:00:07, Device with MAC address 102.166.0.1 It can be treated as an attacker.
4 is a diagram for explaining roaming operation according to an embodiment of the present invention.
Referring to Figures 1 and 4, a normal Internet (IoT)
In this situation, the
Since the IoT device 1 (20) roams to another local network, it renews its own address determination protocol (ARP) table. Then, check whether there is a device whose MAC address is duplicated in the updated address determination protocol (ARP) table.
In the network situation shown in Fig. 4 (i.e., no attacker exists, and the IoT device 1 (20) roams), there is no device whose MAC address is duplicated.
Thereafter, the IoT device 1 (20) performs the operation described with reference to FIG.
That is, the Internet of Things (IoT)
5 is a diagram for explaining an ARP spoofing prevention method for IoT security in an Internet (IoT) network according to an embodiment of the present invention.
Referring to FIG. 5, an ARP spoofing prevention method for IoT security in the Internet of Things (IoT) network may be implemented as an ARP spoofing prevention system for IoT security in the Internet (IoT) network described with reference to FIG. . ≪ / RTI >
Assuming that the ARP spoofing prevention method for IoT security in the Internet (IoT) network according to the embodiment of the present invention is implemented in the system as shown in FIG. 1, The ARP anti-spoofing method for IoT security includes monitoring whether a predefined event occurs in the Internet of Things (IoT) device, or whether the MAC address of the gateway to which the Internet (IoT) device is connected is changed (S101 (IoT) device, or when the MAC address of the gateway to which the Internet (IoT) device is connected is changed (S103), all the objects Internet (IoT) Scanning and updating the IP address and the MAC address of the devices (S105); (IoT) device having a duplicated MAC address in the scanned result (S107), and selecting (S109) an object Internet (IoT) device having an overlapping MAC address as an attacker .
The method also includes providing at least one of the Internet (IoT) devices (non-attacking Internet (IoT) devices) that are not attackers connected to the gateway, IoT) device may inform the user that there is an Internet (IoT) device processed as an attacker.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, And variations are possible.
The scope of the present invention should not be limited to the above-described embodiments, but should be determined by the scope of the appended claims and equivalents thereof.
10, 60: Gateway
20, 30, 40, 50, 70, 80: Object Internet Device
21: Processor
23: Memory
25: LAN card
Claims (8)
When a predefined event occurs in the Internet of Things (IoT) device or when the MAC address of the gateway to which the Internet of Things (IoT) device is connected is changed, the IP of all Internet (IoT) devices connecting to the gateway Scanning a MAC address; And
And a step of selecting an object Internet (IoT) device having a duplicated MAC address from the scanned result and processing the object Internet (IoT) device as an attacker.
Monitoring whether a predefined event occurs in the Internet of Things (IoT) device, or whether the MAC address of the gateway to which the Internet of Things (IoT) device is connected is changed; and A computer readable recording medium.
And updating an address determination protocol (ARP) table by reflecting a result of performing the scanning step,
(IoT) device having a duplicate MAC address in an updated address determination protocol (ARP) table, and processing the object Internet (IoT) device as an attacker. The computer readable recording medium media.
If there is an Internet (IoT) device processed as an attacker, at least one Internet (IoT) device among the Internet (IoT) devices (non-attacking Internet (IoT) devices) other than the attacker connected to the gateway Further comprising the step of informing the user that an Internet (IoT) device processed as an attacker is present.
Wherein at least one of the plurality of Internet < RTI ID = 0.0 > (IoT) <
When a predefined event occurs in the Internet of Things (IoT) device or when the MAC address of the gateway to which the Internet of Things (IoT) device is connected is changed, the IP of all Internet (IoT) devices connecting to the gateway Scanning the MAC address,
(IoT) device in which the MAC address is duplicated in the scanned result is selected and processed as an attacker. The ARP spoofing prevention system for IoT security in the Internet (IoT) network.
Wherein the at least one Internet (IoT) device
Further comprising the step of monitoring whether a predefined event occurs in the Internet of Things (IoT) device, or whether the MAC address of the gateway to which the Internet (IoT) device is connected is changed. ARP Spoofing Prevention System for IoT Security in IoT Networks.
Wherein the at least one Internet (IoT) device
In addition, an operation of updating an address determination protocol (ARP) table is performed by reflecting the result of performing the scanning step,
(IoT) device having a duplicate MAC address in an updated address determination protocol (ARP) table, and processes the object Internet (IoT) device as an attacker. ARP spoofing prevention system for.
Wherein the at least one Internet (IoT) device
If there is an Internet (IoT) device processed as an attacker, at least one Internet (IoT) device among the Internet (IoT) devices (non-attacking Internet (IoT) devices) other than the attacker connected to the gateway (IoT) device as an attacker to the user. The anti-spoofing system for IoT in an Internet Internet (IoT) network comprises:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150191027A KR20170080957A (en) | 2015-12-31 | 2015-12-31 | ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150191027A KR20170080957A (en) | 2015-12-31 | 2015-12-31 | ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20170080957A true KR20170080957A (en) | 2017-07-11 |
Family
ID=59354924
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150191027A KR20170080957A (en) | 2015-12-31 | 2015-12-31 | ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20170080957A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768937A (en) * | 2018-04-13 | 2018-11-06 | 上海连尚网络科技有限公司 | A kind of method and apparatus for detecting ARP deceptions in WLAN |
-
2015
- 2015-12-31 KR KR1020150191027A patent/KR20170080957A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768937A (en) * | 2018-04-13 | 2018-11-06 | 上海连尚网络科技有限公司 | A kind of method and apparatus for detecting ARP deceptions in WLAN |
CN108768937B (en) * | 2018-04-13 | 2021-06-25 | 上海尚往网络科技有限公司 | Method and equipment for detecting ARP spoofing in wireless local area network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10616246B2 (en) | SDN controller | |
EP3522475A1 (en) | Apparatus, method and device for encapsulating heterogeneous function equivalent bodies | |
US11902320B2 (en) | Moving target defense systems and methods | |
US20190058731A1 (en) | User-side detection and containment of arp spoofing attacks | |
CN105991655B (en) | Method and apparatus for mitigating neighbor discovery-based denial of service attacks | |
JP5878501B2 (en) | Method and system for protecting a terminal in a dynamically configured network | |
JP6138714B2 (en) | Communication device and communication control method in communication device | |
CN107241313B (en) | Method and device for preventing MAC flooding attack | |
US20210112093A1 (en) | Measuring address resolution protocol spoofing success | |
JP2017204721A (en) | Security system | |
JP2008271242A (en) | Network monitor, program for monitoring network, and network monitor system | |
Gashinsky et al. | Operational neighbor discovery problems | |
KR101593897B1 (en) | Network scan method for circumventing firewall, IDS or IPS | |
US9686311B2 (en) | Interdicting undesired service | |
US20210329454A1 (en) | Detecting Unauthorized Access to a Wireless Network | |
CN112383559B (en) | Address resolution protocol attack protection method and device | |
CN112583841B (en) | Virtual machine safety protection method and system, electronic equipment and storage medium | |
Bi et al. | Source address validation improvement (SAVI) solution for DHCP | |
KR20170080957A (en) | ARP SPOOFING DEFENDING SYSTEM FOR IoT Security in IoT Network | |
CN1980231A (en) | Method for renewing fire-retardant wall in mobile IPv6 | |
KR101747144B1 (en) | Method and system for preventing rogue access point | |
KR20170080958A (en) | System for maintaining and enhancing security of Internet of Things(IoT) network | |
US7484094B1 (en) | Opening computer files quickly and safely over a network | |
JP2019041176A (en) | Unauthorized connection blocking device and unauthorized connection blocking method | |
US20200314108A1 (en) | Information processing apparatus and network connection determining method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |