Denial of service attack over secure neighbor discovery (SeND)

Amjed Sid Ahmed; Rosilah Hassan; Nor Effendy Othman

doi:10.18517/ijaseit.8.5.6427

Denial of service attack over secure neighbor discovery (SeND)

Amjed Sid Ahmed, Rosilah Hassan, Nor Effendy Othman

Center for Software Technology and Management (SOFTAM)

Research output: Contribution to journal › Article

Abstract

IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

Original language	English
Pages (from-to)	1897-1904
Number of pages	8
Journal	International Journal on Advanced Science, Engineering and Information Technology
Volume	8
Issue number	5
DOIs	https://doi.org/10.18517/ijaseit.8.5.6427
Publication status	Published - 1 Jan 2018

Fingerprint

Internet

Network protocols

Ownership

ownership

testing

Routers

Internet protocols

Denial-of-service attack

Computer systems

Servers

Keywords

Denial of Service
DoS
IPv6
NDP
Neighbor Discovery Protocol
SLAAC

ASJC Scopus subject areas

Computer Science(all)
Agricultural and Biological Sciences(all)
Engineering(all)

Cite this

Ahmed, A. S., Hassan, R., & Othman, N. E. (2018). Denial of service attack over secure neighbor discovery (SeND). International Journal on Advanced Science, Engineering and Information Technology, 8(5), 1897-1904. https://doi.org/10.18517/ijaseit.8.5.6427

Denial of service attack over secure neighbor discovery (SeND). / Ahmed, Amjed Sid; Hassan, Rosilah ; Othman, Nor Effendy.

In: International Journal on Advanced Science, Engineering and Information Technology, Vol. 8, No. 5, 01.01.2018, p. 1897-1904.

Research output: Contribution to journal › Article

Ahmed, AS, Hassan, R & Othman, NE 2018, 'Denial of service attack over secure neighbor discovery (SeND)', International Journal on Advanced Science, Engineering and Information Technology, vol. 8, no. 5, pp. 1897-1904. https://doi.org/10.18517/ijaseit.8.5.6427

Ahmed AS, Hassan R , Othman NE. Denial of service attack over secure neighbor discovery (SeND). International Journal on Advanced Science, Engineering and Information Technology. 2018 Jan 1;8(5):1897-1904. https://doi.org/10.18517/ijaseit.8.5.6427

Ahmed, Amjed Sid ; Hassan, Rosilah ; Othman, Nor Effendy. / Denial of service attack over secure neighbor discovery (SeND). In: International Journal on Advanced Science, Engineering and Information Technology. 2018 ; Vol. 8, No. 5. pp. 1897-1904.

@article{7cc4ca93c34344e6abd4c9ddd63ddb4c,

title = "Denial of service attack over secure neighbor discovery (SeND)",

abstract = "IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.",

keywords = "Denial of Service, DoS, IPv6, NDP, Neighbor Discovery Protocol, SLAAC",

author = "Ahmed, {Amjed Sid} and Rosilah Hassan and Othman, {Nor Effendy}",

year = "2018",

month = "1",

day = "1",

doi = "10.18517/ijaseit.8.5.6427",

language = "English",

volume = "8",

pages = "1897--1904",

journal = "International Journal on Advanced Science, Engineering and Information Technology",

issn = "2088-5334",

publisher = "INSIGHT - Indonesian Society for Knowledge and Human Development",

number = "5",

}

TY - JOUR

T1 - Denial of service attack over secure neighbor discovery (SeND)

AU - Ahmed, Amjed Sid

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2018/1/1

Y1 - 2018/1/1

N2 - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

AB - IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

KW - Denial of Service

KW - DoS

KW - IPv6

KW - NDP

KW - Neighbor Discovery Protocol

KW - SLAAC

UR - http://www.scopus.com/inward/record.url?scp=85056270645&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056270645&partnerID=8YFLogxK

U2 - 10.18517/ijaseit.8.5.6427

DO - 10.18517/ijaseit.8.5.6427

M3 - Article

VL - 8

SP - 1897

EP - 1904

JO - International Journal on Advanced Science, Engineering and Information Technology

JF - International Journal on Advanced Science, Engineering and Information Technology

SN - 2088-5334

IS - 5

ER -

Access to Document

10.18517/ijaseit.8.5.6427