Abstract
IPv6 is willing to be the most used protocol in the future Internet even its deployment takes more time due to some constraints. Indeed, IPv6 allows addressing all objects on the Internet with public addresses. One of the new associated IPv6 protocols is Neighbor Discovery Protocol (NDP). Duplicate address detection (DAD) is one of the functions of NDP to make sure a generated IPv6 address is unique. However, since the NDP is not secure by default, the DAD is vulnerable to attacks. The attacker can prevent a new node from using a new address by failing the DAD procedure. The purpose of our technique is to secure the DAD process in an IPv6 network using a new field in NS message called Hash_Target_64. Our algorithm called DAD-Hide-Target is going to secure the DAD process by using a hash function SHA-256 and hiding the target address. Overall, the experimental results show a significant effect in term of Address Configuration Success Probability.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Deering, S., Hinden, R.: Internet Protocol, Version 6 (IPv6) Specification. IETF, RFC 8200, July 2017
Ahmed, A.S.A.M.S., Hassan, R., Othman, N.E.: IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey. IEEE. Access. 5, 18187–18210 (2017). Electronic ISSN: 2169-3536
Gont, F., Cooper, A., Thaler, D., Liu, W.: Recommendation on stable IPv6 interface identifiers. IETF, RFC 8064, February 2017
Alisherov, F., Kim, T.: Duplicate address detection table in IPv6 mobile networks. In: Chang, C.-C., Vasilakos, T., Das, P., Kim, T., Kang, B.-H., Khurram Khan, M. (eds.) ACN 2010. CCIS, vol. 77, pp. 109–115. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13405-0_11
Moslehpour, M., Khorsandi, S.: A distributed cryptographically generated address computing algorithm for secure neighbor discovery protocol in IPv6. Int. J. Comput. Inf. Eng. 10(6) (2016)
Dobraunig, C., Eichlseder, M., Mendel, F.: Analysis of SHA-512/224 and SHA-512/256. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 612–630. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_25
Shah, J.L., Parvez, J.: Optimizing security and address configuration in IPv6 SLAAC. Procedia Comput. Sci. 54, 177–185 (2015)
Shah, J.L., Parvez, J.: IPv6 cryptographically generated address: analysis and optimization. In: AICTC 2016 Proceedings of the International Conference on Advances in Information Communication Technology & Computing, 12–13 Aug 2016 (2016)
Shah, J.L.: A novel approach for securing IPv6 link local communication. Inf. Secur. J.: Glob. Perspect. 25, 136–150 (2016). ISSN: 1939–3555
Wang, X., Mu, Y., Han, G., Le, D.: A secure IPv6 address configuration protocol for vehicular networks. Wireless Pers. Commun. 79(1), 721–744 (2014)
Lu, Y., Wang, M., Huang, P.: An SDN-based authentication mechanism for securing neighbor discovery protocol in IPv6. J. Secur. Commun. Netw. 2017, 9 (2017)
Praptodiyono, S., et al.: Improving security of duplicate address detection on IPv6 local network in public area, 31 Oct 2016 (2016). ISSN: 2376-1172
Barbhuiya, F.A., Bansal, G., Kumar, N., et al.: Detection of neighbor discovery protocol based attacks in IPv6 network. Netw. Sci. 2(3–4), 91–113 (2013)
Hassan, R., Ahmed, A.S., Othman, N.E.: Enhancing security for IPv6 neighbor discovery protocol using cryptography. Am. J. Appl. Sci. 11(9), 1472–1479 (2014)
Anbar, M., Abdullah, R., Saad, R.M.A., Alomari, E., Alsaleem, S.: Review of security vulnerabilities in the IPv6 neighbor discovery protocol. Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 603–612. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-0557-2_59
Sridevi, : Implementation of multicast routing on IPv4 and IPv6 networks. Int. J. Recent. Innov. Trends Comput. Commun. 5, 1455–1467 (2017). ISSN: 2321-8169
Cunjiang, Y., Dawei, X., Li, J.: Authentication analysis in an IPV6-based environment. IEEE, 01 Dec 2014 (2014)
Nia, M.A., Sajedi, A., Jamshidpey, A.: An introduction to digital signature schemes. IEEE (2014)
Chittimaneni, K., Kaeo, M., Kaeo, M.: Operational security considerations for IPv6 networks. Internet-Draft, 27 Oct 2014 (2014)
Abdoun, N., et al.: Secure hash algorithm based on efficient chaotic neural network. IEEE, 04 Aug 2016 (2016)
Aggarwal, S., Aggarwal, K.: A review of comparative study of MD5 and SHA security algorithm. Int. J. Comput. Appl. 104(14), 0975–8887 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
El Ksimi, A., Leghris, C. (2019). An Enhancement Approach for Securing Neighbor Discovery in IPv6 Networks. In: Renault, É., Boumerdassi, S., Bouzefrane, S. (eds) Mobile, Secure, and Programmable Networking. MSPN 2018. Lecture Notes in Computer Science(), vol 11005. Springer, Cham. https://doi.org/10.1007/978-3-030-03101-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-03101-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03100-8
Online ISBN: 978-3-030-03101-5
eBook Packages: Computer ScienceComputer Science (R0)