Method of preventing TCP-based denial-of-service attacks on mobile devices
First Claim
1. A method of preventing a Denial of Service (DoS) attack by checking flow of packets transmitted between a base station and a mobile station using a Transmission Control Protocol (TCP) protocol, the method comprising the steps of:
- transmitting, at the mobile station, a connection request acknowledgement SYN/ACK—
1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile station, and the mobile station receives the transmitted connection request SYN packet;
transmitting, at the base station, an acknowledgement ACK—
2 packet corresponding to the connection request acknowledgement SYN/ACK—
1 packet to the mobile station when the transmitted connection request acknowledgement SYN/ACK—
1 packet is received;
establishing the TCP connection when the mobile station receives the transmitted acknowledgement ACK—
2 packet; and
determining that the established TCP connection is abnormal and terminating the established TCP connection if the mobile station receives a packet, in which a reset RST or connection request SYN flag is set, transmitted from the base station, wherein when the TCP connection is established, and then the mobile station cannot receive any packet during a previously set timeout period, the base station is determined to have abnormally terminated the TCP connection, and the mobile station safely terminates the TCP connection.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method of preventing a Transmission Control Protocol (TCP)-based Denial of Service (DoS) attack on a mobile device. The method efficiently prevents a DoS attack on a mobile device, which wirelessly and constantly transmits TCP packets to the mobile device using a TCP protocol and thereby exhausts resources of a wireless network and also battery power of the mobile device depending on a battery. An attack conventionally made in a wired network by abusing TCP-based three-way handshaking is more severe in the wireless network of mobile devices. To prevent such an attack on a mobile device, the method capable of checking three-way handshaking and each transition operation makes the mobile device check whether or not a received TCP packet is valid. Therefore, it is possible to efficiently prevent a DoS attack from exhausting wireless resources and battery power of the mobile device.
-
Citations
12 Claims
-
1. A method of preventing a Denial of Service (DoS) attack by checking flow of packets transmitted between a base station and a mobile station using a Transmission Control Protocol (TCP) protocol, the method comprising the steps of:
-
transmitting, at the mobile station, a connection request acknowledgement SYN/ACK—
1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile station, and the mobile station receives the transmitted connection request SYN packet;transmitting, at the base station, an acknowledgement ACK—
2 packet corresponding to the connection request acknowledgement SYN/ACK—
1 packet to the mobile station when the transmitted connection request acknowledgement SYN/ACK—
1 packet is received;establishing the TCP connection when the mobile station receives the transmitted acknowledgement ACK—
2 packet; anddetermining that the established TCP connection is abnormal and terminating the established TCP connection if the mobile station receives a packet, in which a reset RST or connection request SYN flag is set, transmitted from the base station, wherein when the TCP connection is established, and then the mobile station cannot receive any packet during a previously set timeout period, the base station is determined to have abnormally terminated the TCP connection, and the mobile station safely terminates the TCP connection. - View Dependent Claims (2, 7)
-
-
3. A method of preventing a Denial of Service (DoS) attack by checking flow of packets transmitted between a base station and a mobile device using a Transmission Control Protocol (TCP) protocol, the method comprising the steps of
transmitting, at the mobile device, a connection request acknowledgement SYN/ACK— - 1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet;
receiving, at the base station, the transmitted connection request acknowledgement SYN/ACK—
1 packet and then, in response to the SYN/ACK—
1 packet, transmitting a finish FIN packet to the mobile device; anddetermining that the TCP connection is abnormal and terminating the TCP connection if the mobile device receives the transmitted finish FIN packet, wherein when the mobile device cannot receive any packet during a previously set timeout period after transmitting the connection request acknowledgement SYN/ACK—
1 packet to the base station, the base station is determined to have abnormally terminated the TCP connection, and the mobile device safely terminates the TCP connection. - View Dependent Claims (8, 11)
- 1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet;
-
4. A method of preventing a Denial of Service (DoS) attack by checking flow of packets transmitted between a base station and a mobile device using a Transmission Control Protocol (TCP) protocol, the method comprising the steps of
transmitting, at the mobile device, a connection request acknowledgement SYN/ACK— - 1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet;
receiving, at the base station, the transmitted connection request acknowledgement SYN/ACK—
1 packet and then, in response to the SYN/ACK—
1 packet, transmitting an acknowledgement finish ACK—
2/FIN packet, in which an acknowledgement ACK—
2 flag corresponding to the connection request acknowledgement SYN/ACK—
1 packet and a FIN flag are set, to the mobile device; anddetermining that the TCP connection is abnormal and terminating the TCP connection if the mobile device receives the transmitted acknowledgement finish ACK—
2/FIN packet, wherein when the mobile device cannot receive any packet during a previously set timeout period after transmitting the connection request acknowledgement SYN/ACK—
1 packet to the base station, the base station is determined to have abnormally terminated the TCP connection, and the mobile device safely terminates the TCP connection. - View Dependent Claims (9, 12)
- 1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet;
-
5. A method of preventing a Denial of Service (DoS) attack by checking flow of packets transmitted between a base station and a mobile device using a Transmission Control Protocol (TCP) protocol, the method comprising the steps of:
-
transmitting, at the mobile device, a connection request acknowledgement SYN/ACK—
1 packet to the base station when the base station transmits a connection request SYN packet for a TCP connection to the mobile device, and then the mobile device receives the transmitted connection request SYN packet;receiving, at the base station, the transmitted connection request acknowledgement SYN/ACK—
1 packet and then, in response to the SYN/ACK—
1 packet, retransmitting the connection request SYN packet to the mobile device; anddetermining that the TCP connection is abnormal and terminating the TCP connection if the mobile device receives the retransmitted connection request SYN packet, wherein when the mobile device cannot receive any packet during a previously set timeout period after transmitting the connection request acknowledgement SYN/ACK—
1 packet to the base station, the base station is determined to have abnormally terminated the TCP connection, and the mobile device safely terminates the TCP connection. - View Dependent Claims (6, 10)
-
Specification