Abstract
Address resolution (AR) process, one of the important neighbor discovery protocol (NDP) functions, aims to obtain the corresponding relationship between Internet protocol and media access control addresses. This process uses two NDP messages, neighbor solicitation (NS) and neighbor advertisement (NA) messages, which are unsecure by design. In addition, the target address is revealed in the traditional AR process. Thus, any malicious node on the same link can modify the message and launch denial of service (DoS) attacks. The current mechanisms suffer from high-complexity issue or other forms of security issues that can induce DoS attack on AR in IPv6 link-local network. To overcome these limitations, this work proposes AR-match technique to secure AR process by hiding the target address by using a hash function algorithm and adding a new option named AR-match, which is attached to each NS and NA message for them to become NS- and NA-match messages, respectively. AR-match technique can provide a high security with less complexity and will completely prevent DoS attacks during AR in the IPv6 link-local network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
A. Al-Ani, M. Anbar, S. Manickam, … A. A.-A.-P. of the 2017, and U. 2017, “Proposed DAD-match Security Technique based on Hash Function to Secure Duplicate Address Detection in IPv6 Link-local Network,” dl.acm.org, 2017.
T. Narten, W. A. Simpson, E. Nordmark, and H. Soliman, “Neighbor discovery for IP version 6 (IPv6),” 2007.
G. Song and Z. Ji, “Anonymous-address-resolution model,” Front. Inf. Technol. Electron. Eng., vol. 17, no. 10, pp. 1044–1055, 2016.
S. Guangjia, J. Z.-I. J. of S. and Its, and undefined 2015, “Review of Security Research on Address Resolution Protocols,” earticle.net.
T. Narten, S. Thomson, and T. Jinmei, “IPv6 stateless address autoconfiguration,” 2007.
A. K. Al-Ani, M. Anbar, S. Manickam, A. Al-Ani, and Y.-B. Leau, “Proposed DAD-match Mechanism for Securing Duplicate Address Detection Process in IPv6 Link-Local Network Based on Symmetric-Key Algorithm,” 2018, pp. 108–118.
W. Simpson, “Neighbor Discovery for IP version 6 (IPv6),” pp. 1–97, 2007.
D. Plummer, “Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48. bit Ethernet address for transmission on Ethernet hardware,” 1982.
G. Song, Z. J.-F. of I. T. & Electronic, and undefined 2016, “Anonymous-address-resolution model,” Springer.
B. Alzahrani, M. Reed, V. V.-P. of the Eleventh, and undefined 2015, “Resistance against brute-force attacks on stateless forwarding in information centric networking,” dl.acm.org.
O. E. Elejla, M. Anbar, and B. Belaton, “ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review,” IETE Tech. Rev., vol. 4602, no. August, pp. 1–18, 2016.
S. Guangjia, J. Zhenzhou, W. H.-I. J. of Future, and undefined 2015, “A Reverse Address Resolution Process with Variable Length Prefix,” earticle.net.
N. Kumar, G. Bansal, S. Biswas, and S. Nandi, “Host based IDS for NDP related attacks: NS and NA Spoofing,” in India Conference (INDICON), 2013 Annual IEEE, 2013, pp. 1–6.
G. Bansal, N. Kumar, S. Nandi, and S. Biswas, “Detection of NDP based attacks using MLD,” in Proceedings of the Fifth International Conference on Security of Information and Networks, 2012, pp. 163–167.
F. A. Barbhuiya, G. Bansal, N. Kumar, S. Biswas, and S. Nandi, “Detection of neighbor discovery protocol based attacks in IPv6 network,” Netw. Sci., vol. 2, no. 3–4, pp. 91–113, 2013.
F. Najjar, M. M. Kadhum, and H. El-Taj, “Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques,” in Advances in Machine Learning and Signal Processing, Springer, 2016, pp. 129–139.
B. Stockebrand, “Ip security (ipsec),” IPv6 Pract. A Unixer’s Guid. to Next Gener. Internet, pp. 311–317, 2007.
K. Seo and S. Kent, “Security architecture for the internet protocol,” 2005.
J. Arkko, J. Kempf, B. Zill, and P. Nikander, “Secure neighbor discovery (SEND),” 2005.
S. Praptodiyono, I. H. Hasbullah, M. M. Kadhum, C. Y. Wey, R. K. Murugesan, and A. Osman, “Securing Duplicate Address Detection on IPv6 Using Distributed Trust Mechanism.,” Int. J. Simulation--Systems, Sci. Technol., vol. 17, no. 26, 2016.
Y. Lu, M. Wang, and P. Huang, “An SDN-based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6,” Hindawi Secur. Commun. Networks, vol. 2017, p. 9, 2017.
A. AlSa’deh, H. Rafiee, and C. Meinel, “IPv6 stateless address autoconfiguration: balancing between security, privacy and usability,” in International Symposium on Foundations and Practice of Security, 2012, pp. 149–161.
J. Wu, G. Ren, and X. Li, “Source address validation: Architecture and protocol design,” in Network Protocols, 2007. ICNP 2007. IEEE International Conference on, 2007, pp. 276–283.
J. Wu, J. Bi, M. Bagnulo, F. Baker, and C. Vogt, “Source address validation improvement (SAVI) framework,” 2013.
H. Krawczyk, R. Canetti, and M. Bellare, “HMAC: Keyed-hashing for message authentication,” 1997.
D. McPherson, J. Halpern, and F. Baker, “Source address validation improvement (SAVI) threat scope,” 2013.
G. Yao, J. Bi, and P. Xiao, “Source address validation solution with OpenFlow/NOX architecture,” in Network Protocols (ICNP), 2011 19th IEEE International Conference on, 2011, pp. 7–12.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, YB. (2019). Preventing Denial of Service Attacks on Address Resolution in IPv6 Link-local Network: AR-match Security Technique. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 481. Springer, Singapore. https://doi.org/10.1007/978-981-13-2622-6_30
Download citation
DOI: https://doi.org/10.1007/978-981-13-2622-6_30
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-2621-9
Online ISBN: 978-981-13-2622-6
eBook Packages: EngineeringEngineering (R0)