Denial of service attack over secure neighbor discovery (SeND)

Amjed Sid Ahmed, Rosilah Hassan, Nor Effendy Othman

Research output: Contribution to journalArticle

Abstract

IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

Original languageEnglish
Pages (from-to)1897-1904
Number of pages8
JournalInternational Journal on Advanced Science, Engineering and Information Technology
Volume8
Issue number5
DOIs
Publication statusPublished - 1 Jan 2018

Fingerprint

Internet
Network protocols
Ownership
ownership
testing
Routers
Internet protocols
Denial-of-service attack
Computer systems
Servers

Keywords

  • Denial of Service
  • DoS
  • IPv6
  • NDP
  • Neighbor Discovery Protocol
  • SLAAC

ASJC Scopus subject areas

  • Computer Science(all)
  • Agricultural and Biological Sciences(all)
  • Engineering(all)

Cite this

Denial of service attack over secure neighbor discovery (SeND). / Ahmed, Amjed Sid; Hassan, Rosilah; Othman, Nor Effendy.

In: International Journal on Advanced Science, Engineering and Information Technology, Vol. 8, No. 5, 01.01.2018, p. 1897-1904.

Research output: Contribution to journalArticle

@article{7cc4ca93c34344e6abd4c9ddd63ddb4c,
title = "Denial of service attack over secure neighbor discovery (SeND)",
abstract = "IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.",
keywords = "Denial of Service, DoS, IPv6, NDP, Neighbor Discovery Protocol, SLAAC",
author = "Ahmed, {Amjed Sid} and Rosilah Hassan and Othman, {Nor Effendy}",
year = "2018",
month = "1",
day = "1",
doi = "10.18517/ijaseit.8.5.6427",
language = "English",
volume = "8",
pages = "1897--1904",
journal = "International Journal on Advanced Science, Engineering and Information Technology",
issn = "2088-5334",
publisher = "INSIGHT - Indonesian Society for Knowledge and Human Development",
number = "5",

}

TY - JOUR

T1 - Denial of service attack over secure neighbor discovery (SeND)

AU - Ahmed, Amjed Sid

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2018/1/1

Y1 - 2018/1/1

N2 - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

AB - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

KW - Denial of Service

KW - DoS

KW - IPv6

KW - NDP

KW - Neighbor Discovery Protocol

KW - SLAAC

UR - http://www.scopus.com/inward/record.url?scp=85056270645&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056270645&partnerID=8YFLogxK

U2 - 10.18517/ijaseit.8.5.6427

DO - 10.18517/ijaseit.8.5.6427

M3 - Article

AN - SCOPUS:85056270645

VL - 8

SP - 1897

EP - 1904

JO - International Journal on Advanced Science, Engineering and Information Technology

JF - International Journal on Advanced Science, Engineering and Information Technology

SN - 2088-5334

IS - 5

ER -