A novel approach for securing IPv6 link local communication

Shah, Junaid Latief

doi:10.1080/19393555.2016.1180568

Cited by 15 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Praptodiyono et al proposed a new mechanism called Trust-ND for protecting NDP messages and securing the exchange of NDP messages amongst hosts in an IPv6 linklocal network. Trust-ND has a light design and uses the SHA-1 hash algorithm to achieve the required security [30]. It also uses a new security option called the trust-option attached to NDP messages to guarantee secure communication amongst hosts.…”

Section: Related Workmentioning

confidence: 99%

NDPsec: Neighbor Discovery Protocol Security Mechanism

Al-Ani

Laghari

et al. 2022

IEEE Access

View full text Add to dashboard Cite

Internet Protocol version 6 (IPv6) is envisioned as the cornerstone for future internet connectivity and information technology (IT) expansion. Due to its enormous address pool, extendable headers, high level of security, and mobility, IPv6 is positioned as the next-generation Internet Protocol. NDP is an integral component of IPv6 since it resolves addresses, locates routers, and finds duplicated addresses in a local-link network. Because NDP is based on the premise that all nodes in the network are trustworthy, it is subject to a variety of attacks, including Denial of Service (DoS) on Duplicate Address Detection (DAD) attacks (aka. DoS-on-DAD), Address Resolution-based attacks, Router Advertisement (RA) based attacks, and Redirect attacks. This paper proposes an NDP security (NDPsec) mechanism based on the Ed25519 digital signature to authenticate IPv6 hosts to prevent unauthorized devices from joining the network. The proposed NDPsec mechanism is evaluated and compared to Secure NDP (SeND), Match-Prevention, and Trust-ND mechanisms. The performance is measured in terms of processing time, traffic overhead, and resilience against network-based attacks. The results obtained from the experiments showed that NDPsec successfully prevented cyberattacks, with approximately 144% less processing time and over 50% less traffic overhead compared to SeND (the default security mechanism for NDP protocol). The proposed NDPsec mechanism has remarkable superiority in terms of resilience against attacks compared to Match-Prevention and Trust-ND mechanisms.

show abstract

Section: Related Workmentioning

confidence: 99%

NDPsec: Neighbor Discovery Protocol Security Mechanism

Al-Ani

Laghari

et al. 2022

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Consequently and according to SLACC procedure the victim will use this invalid prefix and construct invalid address. The victim will denied service as a result because nodes will replay using invalid source address of the victim when sending packets to victim's host (Shah, 2016).…”

Section: Bogus Address Configuration Prefixmentioning

confidence: 99%

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Ahmed

Hassan

Othman

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite. It provides many basic functions for the normal operations of IPv6 in a Local Area Network (LAN), such as address auto-configuration and address resolution. However, NDP has several vulnerabilities that can be used by malicious nodes to launch attacks, because NDP messages are easily spoofed. Surrounding this problem many solutions have been proposed for securing NDP but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. In this paper we overview NDP vulnerabilities and available solutions to overcome their impacts on IPv6 network. In addition a research test bed setup to implement these vulnerabilities was introduced. Moreover attacks that prove these vulnerabilities are implemented on different types of operating systems, Windows and Linux platforms. Three network metrics throughput, delay and resources consumption have been chosen to investigate, analyze and evaluate the impacts of NDP related attacks on IPv6 link-local communication. Overall, the results had shown that performance of Linux based operating system is better than Windows based operating system.

show abstract

“…In [9], the authors have utilized a novel approach for securing IPv6 link-local communication. They have used an alternative approach for the CGA and SEND protocols which still represent a limitation to the security level.…”

Section: Related Workmentioning

confidence: 99%

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Ksimi

Leghris

2018

Security and Communication Networks

View full text Add to dashboard Cite

In order to verify the uniqueness of link-local or unicast addresses, nodes must perform a Duplicate Address Detection process before using them. However, this process is subject to many attacks and the security is willing to be the most important issues in Small Object Networks with IPv6. In this paper, we developed a new algorithm to optimize the security in IPv6-DAD process; this method is based on SHA-512 to verify the identity of the Neighbor Discovery messages transmitted in the link local. First, before sending the NS message, the new node uses the function SHA-512 to hash to the target address and use the last 64 bits in a new field and then encrypt the result with its private key. When receiving the secure message, the existing nodes decrypt it. Our algorithm is going to secure the DAD process by using a digital signature. Overall, this algorithm showed a significant effect in terms of the Address Configuration Success Probability (ACSP).

show abstract

A novel approach for securing IPv6 link local communication

Cited by 15 publications

References 7 publications

NDPsec: Neighbor Discovery Protocol Security Mechanism

NDPsec: Neighbor Discovery Protocol Security Mechanism

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Contact Info

Product

Resources

About