Skip to main content
SpringerLink
Log in

Detection of neighbor discovery protocol based attacks in IPv6 network

  • Research Article
  • Published:
Networking Science

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

Internet Protocol version 6 (IPv6) uses Network Discovery Protocol (NDP) to find the Media Access Control (MAC) address to communicate with hosts in a LAN. Like its predecessor, Address Resolution Protocol (ARP) in IPv4, NDP is stateless and lacks authentication by default. The traditional spoofing attacks for exploiting the IP to MAC resolution using ARP in IPv4 are also relevant in NDP. By using spoofed MAC addresses, a malicious host can also launch Denial-of-Service (DoS), Man-in-the-Middle(MiTM) attacks etc. in IPv6 network. Although there are various detection/prevention mechanisms available for IPv4, many of them are not yet implemented in IPv6 as the protocol is relatively new and slowly coming in use. Few mechanisms have been proposed for detection/prevention of these attacks in IPv6, but they either are non-scalable, computationally expensive, require management of cryptographic keys or change in the protocol itself. In this paper, we propose an active detection mechanism for NDP based attacks in IPv6 network to overcome these problems. Experimental results illustrate the efficacy and performance of the scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Davies, “Introduction to IPv6,” in Microsoft TechNet Archive. 2008.

    Google Scholar 

  2. N. Hubbali, S. Biswas, S. Roopa, R. Ratti, and S. Nandi, “LAN attack detection using discrete event systems,” ISA Trans., vol. 50, no. 1, pp. 119–130, Jan. 2010.

    Article  Google Scholar 

  3. C. M. Kozierok, The TCP/IP Guide. San Francisco, CA, USA: No Starch Press, 2005.

    Google Scholar 

  4. Cisco Systems. Cisco 6500 Catalyst Switches [Online]. Available: http://www.cisco.com. Accessed Oct. 2012.

  5. LBL Network Research Group. Arpwatch [Online]. http://www.securityfocus.com/tools/142. Accessed Oct. 2012.

  6. C. L. Abad and R. I. Bonilla, “An analysis on the schemes for detecting and preventing ARP cache poisoning attacks,” in Proc. 27th Int. Conf. Distributed Computing Systems Workshops, Toronto, Canada, 2007, pp. 60–67.

    Google Scholar 

  7. V. Ramachandran and S. Nandi, “Detecting ARP spoofing: An active technique,” in Proc. 1st Int. Conf. Information Security Systems. Heidelberg: Springer, 2005, pp. 239–250.

    Chapter  Google Scholar 

  8. Z. Trabelsi and K. Shuaib, “Man in the middle intrusion detection,” in Proc. GLOBECOM, San Francisco, CA, USA, 2006, pp. 1–6.

    Google Scholar 

  9. F. A. Barbhuiya, S. Biswas, and S. Nandi, “Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol,” in Proc. Int. Conf. Security of Information and Networks. New York: ACM, 2011, pp. 111–118.

    Google Scholar 

  10. T. Narten, E. Nordmark, and W. Simpson, “RFC 2461: Neighbor Discovery for IP Version 6 (IPv6),” IETF, Dec. 1998.

    Google Scholar 

  11. A. Conta, S. Deering, and M. Gupta, “RFC 4443: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification,” IETF, Mar. 2006.

    Google Scholar 

  12. S. Thomson, T. Narten, and T. Jinmei, “RFC 4862: IPv6 stateless address autoconfiguration,” IETF, Sept. 2007.

    Google Scholar 

  13. P. Nikander, J. Kempf, and E. Nordmark, “RFC 3756: IPv6 Neighbor Discovery (ND) Trust Models dnd Threats,” IETF, May 2004.

    Google Scholar 

  14. P. H. Seton, “Security features in IPv6,” Whitepaper, SANS Institute, 2002.

    Google Scholar 

  15. J. Arkko, J. Kempf, B. Zill, and P. Nikander, “RFC 3971: SEcure Neighbor Discovery (SEND),” IETF, Mar. 2005.

    Google Scholar 

  16. H. Rafiee, A. Alsa’deh, and C. Meinel, “WinSEND: Windows secure neighbor discovery,” in Proc. Int. Conf. Security of Information and Networks. New York: ACM, 2011, pp. 243–246.

    Google Scholar 

  17. NDPmon [Online]. Available: http://www.ndpmon.sourceforge.net. Accessed Oct. 2012.

  18. THC-IPV6 [Online]. Available: http://www.thc.org/thc-ipv6. Accessed Oct. 2012.

  19. Cisco Systems. Cisco 3560 Catalyst Switches [Online]. Available: http://www.cisco.com. Accessed Oct. 2012.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, 781039, India

    Ferdous A. Barbhuiya, Gunjan Bansal, Niteesh Kumar, Santosh Biswas & Sukumar Nandi

Authors
  1. Ferdous A. Barbhuiya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gunjan Bansal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Niteesh Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Santosh Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sukumar Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santosh Biswas.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Barbhuiya, F.A., Bansal, G., Kumar, N. et al. Detection of neighbor discovery protocol based attacks in IPv6 network. Netw.Sci. 2, 91–113 (2013). https://doi.org/10.1007/s13119-013-0018-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13119-013-0018-2

Keywords

Search

Navigation