Skip to main content
SpringerLink
Log in

Preventing Denial of Service Attacks on Address Resolution in IPv6 Link-local Network: AR-match Security Technique

  • Conference paper
  • First Online:
Computational Science and Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 481))

Abstract

Address resolution (AR) process, one of the important neighbor discovery protocol (NDP) functions, aims to obtain the corresponding relationship between Internet protocol and media access control addresses. This process uses two NDP messages, neighbor solicitation (NS) and neighbor advertisement (NA) messages, which are unsecure by design. In addition, the target address is revealed in the traditional AR process. Thus, any malicious node on the same link can modify the message and launch denial of service (DoS) attacks. The current mechanisms suffer from high-complexity issue or other forms of security issues that can induce DoS attack on AR in IPv6 link-local network. To overcome these limitations, this work proposes AR-match technique to secure AR process by hiding the target address by using a hash function algorithm and adding a new option named AR-match, which is attached to each NS and NA message for them to become NS- and NA-match messages, respectively. AR-match technique can provide a high security with less complexity and will completely prevent DoS attacks during AR in the IPv6 link-local network.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. A. Al-Ani, M. Anbar, S. Manickam, … A. A.-A.-P. of the 2017, and U. 2017, “Proposed DAD-match Security Technique based on Hash Function to Secure Duplicate Address Detection in IPv6 Link-local Network,” dl.acm.org, 2017.

    Google Scholar 

  2. T. Narten, W. A. Simpson, E. Nordmark, and H. Soliman, “Neighbor discovery for IP version 6 (IPv6),” 2007.

    Google Scholar 

  3. G. Song and Z. Ji, “Anonymous-address-resolution model,” Front. Inf. Technol. Electron. Eng., vol. 17, no. 10, pp. 1044–1055, 2016.

    Google Scholar 

  4. S. Guangjia, J. Z.-I. J. of S. and Its, and undefined 2015, “Review of Security Research on Address Resolution Protocols,” earticle.net.

    Google Scholar 

  5. T. Narten, S. Thomson, and T. Jinmei, “IPv6 stateless address autoconfiguration,” 2007.

    Google Scholar 

  6. A. K. Al-Ani, M. Anbar, S. Manickam, A. Al-Ani, and Y.-B. Leau, “Proposed DAD-match Mechanism for Securing Duplicate Address Detection Process in IPv6 Link-Local Network Based on Symmetric-Key Algorithm,” 2018, pp. 108–118.

    Google Scholar 

  7. W. Simpson, “Neighbor Discovery for IP version 6 (IPv6),” pp. 1–97, 2007.

    Google Scholar 

  8. D. Plummer, “Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48. bit Ethernet address for transmission on Ethernet hardware,” 1982.

    Google Scholar 

  9. G. Song, Z. J.-F. of I. T. & Electronic, and undefined 2016, “Anonymous-address-resolution model,” Springer.

    Google Scholar 

  10. B. Alzahrani, M. Reed, V. V.-P. of the Eleventh, and undefined 2015, “Resistance against brute-force attacks on stateless forwarding in information centric networking,” dl.acm.org.

    Google Scholar 

  11. O. E. Elejla, M. Anbar, and B. Belaton, “ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review,” IETE Tech. Rev., vol. 4602, no. August, pp. 1–18, 2016.

    Google Scholar 

  12. S. Guangjia, J. Zhenzhou, W. H.-I. J. of Future, and undefined 2015, “A Reverse Address Resolution Process with Variable Length Prefix,” earticle.net.

    Google Scholar 

  13. N. Kumar, G. Bansal, S. Biswas, and S. Nandi, “Host based IDS for NDP related attacks: NS and NA Spoofing,” in India Conference (INDICON), 2013 Annual IEEE, 2013, pp. 1–6.

    Google Scholar 

  14. G. Bansal, N. Kumar, S. Nandi, and S. Biswas, “Detection of NDP based attacks using MLD,” in Proceedings of the Fifth International Conference on Security of Information and Networks, 2012, pp. 163–167.

    Google Scholar 

  15. F. A. Barbhuiya, G. Bansal, N. Kumar, S. Biswas, and S. Nandi, “Detection of neighbor discovery protocol based attacks in IPv6 network,” Netw. Sci., vol. 2, no. 3–4, pp. 91–113, 2013.

    Google Scholar 

  16. F. Najjar, M. M. Kadhum, and H. El-Taj, “Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques,” in Advances in Machine Learning and Signal Processing, Springer, 2016, pp. 129–139.

    Google Scholar 

  17. B. Stockebrand, “Ip security (ipsec),” IPv6 Pract. A Unixer’s Guid. to Next Gener. Internet, pp. 311–317, 2007.

    Google Scholar 

  18. K. Seo and S. Kent, “Security architecture for the internet protocol,” 2005.

    Google Scholar 

  19. J. Arkko, J. Kempf, B. Zill, and P. Nikander, “Secure neighbor discovery (SEND),” 2005.

    Google Scholar 

  20. S. Praptodiyono, I. H. Hasbullah, M. M. Kadhum, C. Y. Wey, R. K. Murugesan, and A. Osman, “Securing Duplicate Address Detection on IPv6 Using Distributed Trust Mechanism.,” Int. J. Simulation--Systems, Sci. Technol., vol. 17, no. 26, 2016.

    Google Scholar 

  21. Y. Lu, M. Wang, and P. Huang, “An SDN-based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6,” Hindawi Secur. Commun. Networks, vol. 2017, p. 9, 2017.

    Google Scholar 

  22. A. AlSa’deh, H. Rafiee, and C. Meinel, “IPv6 stateless address autoconfiguration: balancing between security, privacy and usability,” in International Symposium on Foundations and Practice of Security, 2012, pp. 149–161.

    Google Scholar 

  23. J. Wu, G. Ren, and X. Li, “Source address validation: Architecture and protocol design,” in Network Protocols, 2007. ICNP 2007. IEEE International Conference on, 2007, pp. 276–283.

    Google Scholar 

  24. J. Wu, J. Bi, M. Bagnulo, F. Baker, and C. Vogt, “Source address validation improvement (SAVI) framework,” 2013.

    Google Scholar 

  25. H. Krawczyk, R. Canetti, and M. Bellare, “HMAC: Keyed-hashing for message authentication,” 1997.

    Google Scholar 

  26. D. McPherson, J. Halpern, and F. Baker, “Source address validation improvement (SAVI) threat scope,” 2013.

    Google Scholar 

  27. G. Yao, J. Bi, and P. Xiao, “Source address validation solution with OpenFlow/NOX architecture,” in Network Protocols (ICNP), 2011 19th IEEE International Conference on, 2011, pp. 7–12.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Advance IPv6 Center, Universiti Sains Malaysia, 11800, Gelugor, Penang, Malaysia

    Ahmed K. Al-Ani, Mohammed Anbar, Selvakumar Manickam & Ayman Al-Ani

  2. Universiti Malaysia Sabah, 88400, Kota Kinabalu, Sabah, Malaysia

    Yu-Beng Leau

Authors
  1. Ahmed K. Al-Ani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Anbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Selvakumar Manickam
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ayman Al-Ani
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yu-Beng Leau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ahmed K. Al-Ani .

Editor information

Editors and Affiliations

  1. Knowledge Technology Research Unit, Faculty of Computing and Informatics, Universiti Malaysia Sabah, Kota Kinabalu, Malaysia

    Rayner Alfred

  2. School of Information Science, Security and Networks Area, Japan Advanced Institute of Science and Technology, Ishikawa, Japan

    Yuto Lim

  3. Faculty of Computing and Informatics, Universiti Malaysia Sabah Faculty of Computing and Informatics, Kota Kinabalu, Sabah, Malaysia

    Ag Asri Ag Ibrahim

  4. Lincoln University , Christchurch, New Zealand

    Patricia Anthony

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, YB. (2019). Preventing Denial of Service Attacks on Address Resolution in IPv6 Link-local Network: AR-match Security Technique. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 481. Springer, Singapore. https://doi.org/10.1007/978-981-13-2622-6_30

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-2622-6_30

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-2621-9

  • Online ISBN: 978-981-13-2622-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation