Advertisement

An Enhancement Approach for Securing Neighbor Discovery in IPv6 Networks

  • Ali El Ksimi
  • Cherkaoui Leghris
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11005)

Abstract

IPv6 is willing to be the most used protocol in the future Internet even its deployment takes more time due to some constraints. Indeed, IPv6 allows addressing all objects on the Internet with public addresses. One of the new associated IPv6 protocols is Neighbor Discovery Protocol (NDP). Duplicate address detection (DAD) is one of the functions of NDP to make sure a generated IPv6 address is unique. However, since the NDP is not secure by default, the DAD is vulnerable to attacks. The attacker can prevent a new node from using a new address by failing the DAD procedure. The purpose of our technique is to secure the DAD process in an IPv6 network using a new field in NS message called Hash_Target_64. Our algorithm called DAD-Hide-Target is going to secure the DAD process by using a hash function SHA-256 and hiding the target address. Overall, the experimental results show a significant effect in term of Address Configuration Success Probability.

Keywords

IPv6 DAD Security SHA-256 ACSP 

References

  1. 1.
    Deering, S., Hinden, R.: Internet Protocol, Version 6 (IPv6) Specification. IETF, RFC 8200, July 2017Google Scholar
  2. 2.
    Ahmed, A.S.A.M.S., Hassan, R., Othman, N.E.: IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey. IEEE. Access. 5, 18187–18210 (2017). Electronic ISSN: 2169-3536CrossRefGoogle Scholar
  3. 3.
    Gont, F., Cooper, A., Thaler, D., Liu, W.: Recommendation on stable IPv6 interface identifiers. IETF, RFC 8064, February 2017Google Scholar
  4. 4.
    Alisherov, F., Kim, T.: Duplicate address detection table in IPv6 mobile networks. In: Chang, C.-C., Vasilakos, T., Das, P., Kim, T., Kang, B.-H., Khurram Khan, M. (eds.) ACN 2010. CCIS, vol. 77, pp. 109–115. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13405-0_11CrossRefGoogle Scholar
  5. 5.
    Moslehpour, M., Khorsandi, S.: A distributed cryptographically generated address computing algorithm for secure neighbor discovery protocol in IPv6. Int. J. Comput. Inf. Eng. 10(6) (2016)Google Scholar
  6. 6.
    Dobraunig, C., Eichlseder, M., Mendel, F.: Analysis of SHA-512/224 and SHA-512/256. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 612–630. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_25CrossRefGoogle Scholar
  7. 7.
    Shah, J.L., Parvez, J.: Optimizing security and address configuration in IPv6 SLAAC. Procedia Comput. Sci. 54, 177–185 (2015)CrossRefGoogle Scholar
  8. 8.
    Shah, J.L., Parvez, J.: IPv6 cryptographically generated address: analysis and optimization. In: AICTC 2016 Proceedings of the International Conference on Advances in Information Communication Technology & Computing, 12–13 Aug 2016 (2016)Google Scholar
  9. 9.
    Shah, J.L.: A novel approach for securing IPv6 link local communication. Inf. Secur. J.: Glob. Perspect. 25, 136–150 (2016). ISSN: 1939–3555Google Scholar
  10. 10.
    Wang, X., Mu, Y., Han, G., Le, D.: A secure IPv6 address configuration protocol for vehicular networks. Wireless Pers. Commun. 79(1), 721–744 (2014)CrossRefGoogle Scholar
  11. 11.
    Lu, Y., Wang, M., Huang, P.: An SDN-based authentication mechanism for securing neighbor discovery protocol in IPv6. J. Secur. Commun. Netw. 2017, 9 (2017)Google Scholar
  12. 12.
    Praptodiyono, S., et al.: Improving security of duplicate address detection on IPv6 local network in public area, 31 Oct 2016 (2016). ISSN: 2376-1172Google Scholar
  13. 13.
    Barbhuiya, F.A., Bansal, G., Kumar, N., et al.: Detection of neighbor discovery protocol based attacks in IPv6 network. Netw. Sci. 2(3–4), 91–113 (2013)CrossRefGoogle Scholar
  14. 14.
    Hassan, R., Ahmed, A.S., Othman, N.E.: Enhancing security for IPv6 neighbor discovery protocol using cryptography. Am. J. Appl. Sci. 11(9), 1472–1479 (2014)CrossRefGoogle Scholar
  15. 15.
    Anbar, M., Abdullah, R., Saad, R.M.A., Alomari, E., Alsaleem, S.: Review of security vulnerabilities in the IPv6 neighbor discovery protocol. Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 603–612. Springer, Singapore (2016).  https://doi.org/10.1007/978-981-10-0557-2_59CrossRefGoogle Scholar
  16. 16.
    Sridevi, : Implementation of multicast routing on IPv4 and IPv6 networks. Int. J. Recent. Innov. Trends Comput. Commun. 5, 1455–1467 (2017). ISSN: 2321-8169Google Scholar
  17. 17.
    Cunjiang, Y., Dawei, X., Li, J.: Authentication analysis in an IPV6-based environment. IEEE, 01 Dec 2014 (2014)Google Scholar
  18. 18.
    Nia, M.A., Sajedi, A., Jamshidpey, A.: An introduction to digital signature schemes. IEEE (2014)Google Scholar
  19. 19.
    Chittimaneni, K., Kaeo, M., Kaeo, M.: Operational security considerations for IPv6 networks. Internet-Draft, 27 Oct 2014 (2014)Google Scholar
  20. 20.
    Abdoun, N., et al.: Secure hash algorithm based on efficient chaotic neural network. IEEE, 04 Aug 2016 (2016)Google Scholar
  21. 21.
    Aggarwal, S., Aggarwal, K.: A review of comparative study of MD5 and SHA security algorithm. Int. J. Comput. Appl. 104(14), 0975–8887 (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.L@M, RTM Team, Faculty of Sciences and TechnologiesUniversity Hassan 2 of CasablancaMohammediaMorocco

Personalised recommendations