In general, as Internet service has been expanded from wired to wireless service, and the types and services of mobile devices have been diversified, users can access the Internet through a mobile device from virtually anywhere.
For this reason, it is expected that service attacks made in the wired network will be gradually expanded to the wireless network. In particular, the attacks may be more severe in the wireless network due to limited resources of the wired network.
FIG. 1 is an overall conceptual diagram for describing a general state transition operation, and illustrates an entire standard finite state machine used to better describe the TCP protocol for establishing and terminating a TCP connection. In FIG. 1, all states and transitions are illustrated for reliability.
First, the TCP connection states are defined below.
LISTEN: a state in which a daemon of a server is executed and waits for a connection request.
SYN_SENT: a state in which a local client application has requested a remote host for connection.
SYN_RCVD: a state in which a server has received a connection request from a remote client, has replied to the client, but has not yet received an acknowledgement message.
ESTABLISHED: a state in which a server and a client are connected with each other after three-way handshaking is completed.
FIN_WAIT—1, CLOSE_WAIT, FIN_WAIT—2: states in which a server requests a client to terminate a connection, receives a reply, and terminates the connection.
CLOSING: an uncommon state in which an acknowledgement message is lost during transfer.
TIME_WAIT: a state in which a socket is open for a while for a slow segment that might have been lost although a connection is terminated.
CLOSED: a state in which a connection is completely terminated.
According to the connection principle of TCP communication that establishes and terminates a TCP connection, as defined in an antecedent document, e.g., Transmission Control Protocol, RFC 793, Jon Postel, DARPA Internet Program Protocol Specification, September 1981, the three-way handshaking procedure must be performed to establish a TCP connection between a client and a server.
More specifically, connection request (synchronous SYN), connection request/acknowledgement (synchronous/acknowledge SYN/ACK), and acknowledgement (acknowledge ACK) packets must be transmitted and received so that a client performs TCP communication with a server.
Here, when the three-way handshaking procedure of connection request SYN, connection request/acknowledge SYN/ACK, and acknowledge ACK is successively performed, a TCP connection is established between the client and the server, which means that a TCP communication port of the server requested by the client is open for communication.
Such a conventional TCP state transition shows what state of a TCP stack the TCP state transition is in according to the flag of a packet. However, according to conventional TCP state transition, an incoming packet is not thoroughly verified, and thus abuse of such vulnerability frequently occurs.
In other words, an attack abusing the three-way handshaking procedure, e.g., a DoS attack such as SYN flooding, can be made through the Internet.
Meanwhile, the entire above-described TCP state transition may or may not be supported according to an operating system installed in a mobile device. In an initial three-way handshaking step, there is no checking process for performing the entire TCP state transition suggested by the TCP specification. Therefore, when a network connection is attempted by a SYN flooding attack frequently used as a TCP-based DoS attack upon a mobile device that is mostly in a dormant state to save energy, the mobile device switches to an awake state and consumes energy.
In addition, even though a packet transmitted to a mobile device is for no useful reason, it may constantly attempt a connection to the mobile device and awake the same. In this case, resources of a wireless line are occupied, and also battery power of the mobile device is wasted.