Improving security for IPv6 neighbor discovery
- 1 August 2015
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2015 International Conference on Electrical Engineering and Informatics (ICEEI)
Abstract
For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.Keywords
This publication has 11 references indexed in Scilit:
- ENHANCING SECURITY FOR IPV6 NEIGHBOR DISCOVERY PROTOCOL USING CRYPTOGRAPHYAmerican Journal of Applied Sciences, 2014
- ENHANCED ENCAPSULATED SECURITY PAYLOAD A NEW MECHANISM TO SECURE INTERNET PROTOCOL VERSION 6 OVER INTERNET PROTOCOL VERSION 4Journal of Computer Science, 2014
- Detection of neighbor discovery protocol based attacks in IPv6 networkNetworking Science, 2013
- Significantly improved performances of the cryptographically generated addresses thanks to ECC and GPGPUComputers & Security, 2010
- An improved SEND protocol against DoS attacks in Mobile IPv6 environmentPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Design and Analysis of Virtual Bus Transport Using Synchronous Digital Hierarchy/Synchronous Optical NetworkingJournal of Computer Science, 2008
- Analysis of SEND Protocol through Implementation and SimulationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Monitoring the Neighbor Discovery ProtocolPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Cryptographically Generated Addresses for Constrained Devices*Wireless Personal Communications, 2004
- Securing IPv6 neighbor and router discoveryPublished by Association for Computing Machinery (ACM) ,2002