An improved SEND protocol against DoS attacks in Mobile IPv6 environment

conference paper
conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE) in 2009 IEEE International Conference on Network Infrastructure and Digital Content

p. 232-235
https://doi.org/10.1109/icnidc.2009.5360962

Abstract

Neighbor discovery protocol can be used to communicate between neighboring nodes in the mobile IPv6 environment. For a secure neighbor discovery protocol, the IETF SEND working group standardized a secure neighbor discovery protocol, and a cryptographically generated address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, denial-of-service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of secure neighbor discovery protocol in mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.

Keywords

This publication has 5 references indexed in Scilit:

Cryptographically Generated Addresses (CGA)
Published by RFC Editor ,2005
IPv6 Neighbor Discovery (ND) Trust Models and Threats
Published by RFC Editor ,2004
Securing IPv6 neighbor and router discovery
Published by Association for Computing Machinery (ACM) ,2002
Neighbor Discovery for IP Version 6 (IPv6)
Published by RFC Editor ,1998
IPv6 Stateless Address Autoconfiguration
Published by RFC Editor ,1998

Cited by 4 articles