1. Field of the Invention
The present invention relates to security in a network environment based on the IEEE 802.15.4 PHY/MAC standard. More particularly, the present invention relates to a MAC frame provision method and apparatus capable of preventing a forged ACK attack.
2. Description of the Related Art
Currently, the IEEE 802.15.4 standard, which is a physical-layer standard of ZigBee™, supports near-field communication, and has characteristics of relatively low cost, relatively low power consumption, and a high degree of security based on packets and a large-scale network. In addition, a goal of IEEE 802.15.4 is to implement a low-speed personal area network (PAN), such as Wi-Fi, which can coexist with other wireless networks. Therefore, the IEEE 802.15.4 standard is very suitable for devices for monitoring and controlling in wireless data communication that require stability and relatively low power consumption.
Generally, when a medium access control (MAC) frame is transmitted in the IEEE 802.15.4 network, nodes constituting a PAN or virtual cluster access a medium with a frame structure corresponding to a certain unit, as shown below.
MAC HeaderPayloadFCS32 bytes0~1514 bytes4 bytes
FIG. 1 is a view illustrating the structure of a MAC frame in a conventional IEEE 802.15.4 network. First, the MAC frame includes a MAC header (MHR) 100, a frame payload 102 for carrying appropriate main data according to a frame type defined in the MAC header 100, and a frame check sequence (FCS) field 104. The MHR 100 includes: a frame control field 106 for providing the characteristics of a physical layer and frame information; a sequence number (SEQ) field 108 which has a length of one byte, which is dedicated for unicast data communication in order to prevent the same message from being received twice, and has a value increasing by one when individual communication data exists in a payload, the value being within a range from 0 to 255; and addressing fields 118 including a destination PAN identifier field 110, a destination address field 112, a source PAN identifier field 114, and a source address field 116.
FIG. 2 is a view illustrating the structure of a MAC ACK frame for acknowledging reception of a transmitted MAC frame in the conventional IEEE 802.15.4 network. The MAC ACK frame is a response frame to the MAC frame, and includes a MAC header 200 and a frame check sequence (FCS) field 206. The MAC header 200 includes a frame control field 202 for providing the characteristics of a physical layer and frame information, and a sequence number (SEQ) field 204 which has a length of one byte, is dedicated for unicast data communication in order to prevent the same message from being received twice, and has a value increasing by one when individual communication data exists in a payload, in which the value is within a range from 0 to 255.
FIG. 3A is a view illustrating the structure of the frame control field, and FIG. 3B is a view illustrating the format of a frame type that is shown in FIG. 3A. As shown in FIG. 3B, various MAC frames may be classified into beacon, data, acknowledgment, and MAC command by the control fields of MAC frame headers.
In defining the format and fields of a frame to be used to communicate and transmitting the frame in the IEEE 802.15.4 network, as described above, an additional security function is not supported by the current IEEE 802.15.4 standard, thereby making it vulnerable to security breaches. Especially, since not only a security function for a data sequence number (DSN), but also security functions for both a MAC header including the DSN and an ACK frame, which is a response frame to the MAC header, are absent, the frames and headers are openly exposed to an attack in the network environments, so that they may be used for an illegal purposes.
The vulnerability in security discussed in the aforementioned paragraph may cause a forged ACK attack. In more detail, such vulnerability in security leaves open vulnerability to: a traffic-flooding attack of transmitting excessive traffics; a bogus routing information attack of obstructing communication in such a manner as to intentionally generate errors by spoofing/changing a routing message or by disturbing a routing, to create a routing loop, or to delay transmission of routing information, as shown in FIG. 4A; a selective forwarding/sinkhole attack of rejecting or deleting a specific message or transmission to a node, as shown in FIG. 4B; and a wormholes attack causing a non-existing node connection to be recognized as an existing node connection, as shown in FIG. 4C, which causes serious problems in network security.