Balancing performance and security for IPv6 neighbor discovery

Amjed Sid Ahmed, Nurul Halimatul Asmak Ismail, Rosilah Hassan, Nor Effendy Othman

Research output: Contribution to journalArticle

5 Citations (Scopus)

Abstract

For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in Internet Protocol version 6 (IPv6) in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this NDP plays the role of Address Auto-configuration, Router Discovery (RD) and Neighbor Discovery (ND). Furthermore, the role of the NDP entails redirecting the nodes, detecting the duplicate addresses and detecting the unreachable nodes. Despite the fact that there is an NDP’s assumption regarding the existence of trust the links’ nodes, several crucial attacks may affect the Protocol. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types, Secured Neighbor Discovery (SEND) and Internet Protocol Security (IPSec). SEND utilizes the following four options in order to work, Cryptographically Generated Address (CGA), RSA Signature, Nonce and Timestamp option. CGA is produced at extra high costs making it the most notable disadvantage of SEND. In addition SEND itself is vulnerable to several Denial of Service (DoS) attacks. A keen interest is taken to analyse SEND showing how it works, what components does it have and the shortcomings of the protocol suite. A conceptual model along with the experimental scenarios to test it is proposed in this paper to balancing the performance and security of SEND.

Original languageEnglish
Pages (from-to)40191-40196
Number of pages6
JournalInternational Journal of Applied Engineering Research
Volume10
Issue number19
Publication statusPublished - 2015

Fingerprint

Internet protocols
Network protocols
Routers
Local area networks
Communication
Costs

Keywords

  • CGA
  • IPsec
  • NDP
  • SEND
  • Wireless ARP

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Balancing performance and security for IPv6 neighbor discovery. / Ahmed, Amjed Sid; Ismail, Nurul Halimatul Asmak; Hassan, Rosilah; Othman, Nor Effendy.

In: International Journal of Applied Engineering Research, Vol. 10, No. 19, 2015, p. 40191-40196.

Research output: Contribution to journalArticle

Ahmed, Amjed Sid ; Ismail, Nurul Halimatul Asmak ; Hassan, Rosilah ; Othman, Nor Effendy. / Balancing performance and security for IPv6 neighbor discovery. In: International Journal of Applied Engineering Research. 2015 ; Vol. 10, No. 19. pp. 40191-40196.
@article{cd209aea01cd461d883f7edb67328dce,
title = "Balancing performance and security for IPv6 neighbor discovery",
abstract = "For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in Internet Protocol version 6 (IPv6) in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this NDP plays the role of Address Auto-configuration, Router Discovery (RD) and Neighbor Discovery (ND). Furthermore, the role of the NDP entails redirecting the nodes, detecting the duplicate addresses and detecting the unreachable nodes. Despite the fact that there is an NDP’s assumption regarding the existence of trust the links’ nodes, several crucial attacks may affect the Protocol. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types, Secured Neighbor Discovery (SEND) and Internet Protocol Security (IPSec). SEND utilizes the following four options in order to work, Cryptographically Generated Address (CGA), RSA Signature, Nonce and Timestamp option. CGA is produced at extra high costs making it the most notable disadvantage of SEND. In addition SEND itself is vulnerable to several Denial of Service (DoS) attacks. A keen interest is taken to analyse SEND showing how it works, what components does it have and the shortcomings of the protocol suite. A conceptual model along with the experimental scenarios to test it is proposed in this paper to balancing the performance and security of SEND.",
keywords = "CGA, IPsec, NDP, SEND, Wireless ARP",
author = "Ahmed, {Amjed Sid} and Ismail, {Nurul Halimatul Asmak} and Rosilah Hassan and Othman, {Nor Effendy}",
year = "2015",
language = "English",
volume = "10",
pages = "40191--40196",
journal = "International Journal of Applied Engineering Research",
issn = "0973-4562",
publisher = "Research India Publications",
number = "19",

}

TY - JOUR

T1 - Balancing performance and security for IPv6 neighbor discovery

AU - Ahmed, Amjed Sid

AU - Ismail, Nurul Halimatul Asmak

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2015

Y1 - 2015

N2 - For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in Internet Protocol version 6 (IPv6) in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this NDP plays the role of Address Auto-configuration, Router Discovery (RD) and Neighbor Discovery (ND). Furthermore, the role of the NDP entails redirecting the nodes, detecting the duplicate addresses and detecting the unreachable nodes. Despite the fact that there is an NDP’s assumption regarding the existence of trust the links’ nodes, several crucial attacks may affect the Protocol. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types, Secured Neighbor Discovery (SEND) and Internet Protocol Security (IPSec). SEND utilizes the following four options in order to work, Cryptographically Generated Address (CGA), RSA Signature, Nonce and Timestamp option. CGA is produced at extra high costs making it the most notable disadvantage of SEND. In addition SEND itself is vulnerable to several Denial of Service (DoS) attacks. A keen interest is taken to analyse SEND showing how it works, what components does it have and the shortcomings of the protocol suite. A conceptual model along with the experimental scenarios to test it is proposed in this paper to balancing the performance and security of SEND.

AB - For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in Internet Protocol version 6 (IPv6) in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this NDP plays the role of Address Auto-configuration, Router Discovery (RD) and Neighbor Discovery (ND). Furthermore, the role of the NDP entails redirecting the nodes, detecting the duplicate addresses and detecting the unreachable nodes. Despite the fact that there is an NDP’s assumption regarding the existence of trust the links’ nodes, several crucial attacks may affect the Protocol. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types, Secured Neighbor Discovery (SEND) and Internet Protocol Security (IPSec). SEND utilizes the following four options in order to work, Cryptographically Generated Address (CGA), RSA Signature, Nonce and Timestamp option. CGA is produced at extra high costs making it the most notable disadvantage of SEND. In addition SEND itself is vulnerable to several Denial of Service (DoS) attacks. A keen interest is taken to analyse SEND showing how it works, what components does it have and the shortcomings of the protocol suite. A conceptual model along with the experimental scenarios to test it is proposed in this paper to balancing the performance and security of SEND.

KW - CGA

KW - IPsec

KW - NDP

KW - SEND

KW - Wireless ARP

UR - http://www.scopus.com/inward/record.url?scp=84945900718&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84945900718&partnerID=8YFLogxK

M3 - Article

VL - 10

SP - 40191

EP - 40196

JO - International Journal of Applied Engineering Research

JF - International Journal of Applied Engineering Research

SN - 0973-4562

IS - 19

ER -