摘要
邻居发现协议(Neighbor Discovery Protocol)是IPv6协议的一个重要组成部分,它取代了IPv4中的ARP协议、ICMP路由发现和ICMP重定向功能。加密产生地址技术(Cryptographically Generated Addresses,CGA)可以有效解决邻居发现协议的伪造IP地址攻击,但是它忽略了伪造MAC地址攻击。在CGA的基础上提出基于MAC地址的CGA技术(MCGA),并详细阐述了MCGA地址的产生与验证过程,最后还对MCGA地址验证进行了防御实验。实验表明,该技术可以解决CGA技术无法解决的伪造MAC地址攻击。
Neighbor Discovery Protocol is an important part of IPv6 protocol, which corresponds to a combination of ARP protocol, ICMP router discovery and ICMP redirect function in IPv4.CGA (Cryptographieally Generated Addresses) can defend the attack of address resolution by spoofing IP,but ignore the attack of address resolution by spoofing MAC.MCGA which is a kind of CGA based on MAC address has been proposed,and can denfend the attack of address resolution by spoofing MAC.The generation and verification of MCGA are described,and the simulation using MCGA to denfend the attack of address resolution by spoofing MAC.The simulation using MCGA to denfend the attack of address resolution by spoofing MAC shows that MCGA method is fully effective.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第28期4-6,28,共4页
Computer Engineering and Applications
基金
国家自然科学基金(the National Natural Science Foundation of China under Grant No.70471042)。
