Abstract
IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.
Original language | English |
---|---|
Pages (from-to) | 1897-1904 |
Number of pages | 8 |
Journal | International Journal on Advanced Science, Engineering and Information Technology |
Volume | 8 |
Issue number | 5 |
DOIs | |
Publication status | Published - 1 Jan 2018 |
Fingerprint
Keywords
- Denial of Service
- DoS
- IPv6
- NDP
- Neighbor Discovery Protocol
- SLAAC
ASJC Scopus subject areas
- Computer Science(all)
- Agricultural and Biological Sciences(all)
- Engineering(all)
Cite this
Denial of service attack over secure neighbor discovery (SeND). / Ahmed, Amjed Sid; Hassan, Rosilah; Othman, Nor Effendy.
In: International Journal on Advanced Science, Engineering and Information Technology, Vol. 8, No. 5, 01.01.2018, p. 1897-1904.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Denial of service attack over secure neighbor discovery (SeND)
AU - Ahmed, Amjed Sid
AU - Hassan, Rosilah
AU - Othman, Nor Effendy
PY - 2018/1/1
Y1 - 2018/1/1
N2 - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.
AB - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.
KW - Denial of Service
KW - DoS
KW - IPv6
KW - NDP
KW - Neighbor Discovery Protocol
KW - SLAAC
UR - http://www.scopus.com/inward/record.url?scp=85056270645&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056270645&partnerID=8YFLogxK
U2 - 10.18517/ijaseit.8.5.6427
DO - 10.18517/ijaseit.8.5.6427
M3 - Article
AN - SCOPUS:85056270645
VL - 8
SP - 1897
EP - 1904
JO - International Journal on Advanced Science, Engineering and Information Technology
JF - International Journal on Advanced Science, Engineering and Information Technology
SN - 2088-5334
IS - 5
ER -