Abstract
Duplicate address detection (DAD) is an essential procedure of neighbor discovery protocol (NDP). Further, DAD process decides in case an IP address is in conflict with other nodes. In usual DAD process, the target address to be identified is multicast via the network, which provides an ability for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial of service (DoS) attack is launched. This study proposes a new mechanism to hide the target address in DAD, which prevents an attack node from reaching target node. If the address of a normal node is identical to the detection address, then its IP address should be able to decrypt the random word and compare the decryption with decryption in “DADmatch” tag. Consequently, DAD can be successfully completed. This process is called DAD-match. We expect DAD-match will provide a lightweight security resolution and less complexity as well as fully prevent of DoS attacks during DAD process in IPv6 link-local network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Deering, S.E.: Internet Protocol, Version 6 (IPv6) Specification (1998)
IPv6 – Google Statistics (2017). https://www.google.com/intl/en/ipv6/statistics.html. Accessed 13 Apr 2017
Stockebrand, B.: IP security (IPsec). IPv6 Practice. A Unixer’s Guide to Next Generation Internet, pp. 311–317 (2007)
Atay, S., Masera, M.: Challenges for the security analysis of next generation networks. Inf. Secur. Tech. Rep. 16(1), 3–11 (2011)
Huston, G.: A rough guide to address exhaustion. Internet Protoc. J. 14(1), 2–11 (2011)
Arkko, J., Aura, T., Kempf, J., Mäntylä, V.-M., Nikander, P., Roe, M.: Securing IPv6 neighbor and router discovery. In: Proceedings of the 1st ACM Workshop on Wireless Security, pp. 77–86 (2002)
Narten, T., Simpson, W.A., Nordmark, E., Soliman, H.: Neighbor Discovery for IP Version 6 (IPv6) (2007)
Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6 (2007)
Elejla, O.E., Anbar, M., Belaton, B.: ICMPv6-based DoS and DDoS attacks and defense mechanisms: review. IETE Tech. Rev. 4602, 1–18 (2016)
Elejla, O.E., Belaton, B., Anbar, M., Alnajjar, A.: Intrusion detection systems of ICMPv6-based DDoS attacks. Neural Comput. Appl. 1–12 (2016)
Narten, T., Thomson, S., Jinmei, T.: IPv6 stateless address autoconfiguration (2007)
Tayal, P.: IPV6 SLAAC related security issues and removal of those security issues. Int. J. Eng. Comput. Sci. 3(9), 4 (2014)
Thomson, S: IPv6 Stateless Address Autoconfiguration (1998)
Arkko, J.: Secure Neighbor Discovery (SEND), pp. 1–56 (2005)
AlSa’deh, A., Meinel, C.: Secure neighbor discovery: review, challenges, perspectives, and recommendations. IEEE Secur. Priv. 10(4), 26–34 (2012)
Supriyanto, Hasbullah, I.H., Murugesan, R.K., Ramadass, S.: Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech. Rev. 30(1), 64–71 (2013)
Elejla, O.E., Anbar, M., Belaton, B.: ICMPv6-based Dos and DDOS attacks and defense mechanisms: review. IETE Tech. Rev. 34, 1–18 (2016)
Caicedo, C.E., Joshi, J.B.D., Tuladhar, S.R.: IPv6 security challenges. Comput. (Long. Beach. Calif) 42(2), 36–42 (2009)
Arkko, J., Kempf, J., Zill, B., Nikander, P.: Secure Neighbor Discovery (SEND) (2005)
Smart, N.P.: Public key encryption and signature algorithms. In: Cryptography Made Simple, pp. 313–347. Springer, Cham (2016)
Kukec, A., Bagnulo, M., Mikuc, M.: SEND-based source address validation for IPv6. In: 10th International Conference on Telecommunications 2009, ConTEL 2009, pp. 199–204 (2009)
Kukec, A., Krishnan, S., Jiang, S.: The Secure Neighbor Discovery (SEND) Hash Threat Analysis (2011)
Gagneja, K., Singh, J.: Survey and analysis of security issues on RSA algorithm for digital video data. J. Discret. Math. Sci. Cryptogr. 19(1), 39–55 (2016)
Praptodiyono, S., Hasbullah, I.H., Kadhum, M.M., Wey, C.Y., Murugesan, R.K., Osman, A.: Securing duplicate address detection on IPv6 using distributed trust mechanism. Int. J. Simul. Syst. Sci. Technol. 17(26) (2016)
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Annual Cryptology Conference, pp. 222–239 (2011)
Aumasson, J.-P., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 1–15 (2010)
Wang, S., Liu, G.: File encryption and decryption system based on RSA algorithm. In: 2011 International Conference on Computational and Information Sciences (ICCIS), pp. 797–800 (2011)
Turner, S., Chen, L.: Updated security considerations for the MD5 message-digest and the HMAC-MD5 algorithms (2011)
Rehman, S.U., Manickam, S.: Improved mechanism to prevent denial of service attack in IPv6 duplicate address detection process. Int. J. Adv. Comput. Sci. Appl. 8(2), 63–70 (2017)
Ahmed, A.S., Hassan, R., Othman, N.E.: IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey. IEEE Access 5, 18187–18210 (2017)
Fenner, B.: Experimental Values in IPv4, IPv6, ICMPv4, ICMPv6, UDP, and TCP Headers (2006)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, YB. (2018). Proposed DAD-match Mechanism for Securing Duplicate Address Detection Process in IPv6 Link-Local Network Based on Symmetric-Key Algorithm. In: Alfred, R., Iida, H., Ag. Ibrahim, A., Lim, Y. (eds) Computational Science and Technology. ICCST 2017. Lecture Notes in Electrical Engineering, vol 488. Springer, Singapore. https://doi.org/10.1007/978-981-10-8276-4_11
Download citation
DOI: https://doi.org/10.1007/978-981-10-8276-4_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8275-7
Online ISBN: 978-981-10-8276-4
eBook Packages: EngineeringEngineering (R0)