An improved SEND protocol against DoS attacks in Mobile IPv6 environment
- 1 November 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2009 IEEE International Conference on Network Infrastructure and Digital Content
Abstract
Neighbor discovery protocol can be used to communicate between neighboring nodes in the mobile IPv6 environment. For a secure neighbor discovery protocol, the IETF SEND working group standardized a secure neighbor discovery protocol, and a cryptographically generated address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, denial-of-service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of secure neighbor discovery protocol in mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.Keywords
This publication has 5 references indexed in Scilit:
- Cryptographically Generated Addresses (CGA)Published by RFC Editor ,2005
- IPv6 Neighbor Discovery (ND) Trust Models and ThreatsPublished by RFC Editor ,2004
- Securing IPv6 neighbor and router discoveryPublished by Association for Computing Machinery (ACM) ,2002
- Neighbor Discovery for IP Version 6 (IPv6)Published by RFC Editor ,1998
- IPv6 Stateless Address AutoconfigurationPublished by RFC Editor ,1998