Enhancing security for IPv6 neighbor discovery protocol using cryptography

Rosilah Hassan, Amjed Sid Ahmed, Nor Effendy Othman

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Internet Protocol version 4 (IPv4) would gradually be replaced by Internet Protocol version 6 (IPv6) as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP), one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD) and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS) spoofing and Neighbor Advertisement (NS) spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF) to request solutions in order to overcoming these drawbacks. SEcure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node's neighbors cache, intruders will not be able to spoof other nodes' IP addresses.

Original languageEnglish
Pages (from-to)1472-1479
Number of pages8
JournalAmerican Journal of Applied Sciences
Volume11
Issue number9
DOIs
Publication statusPublished - 3 Jul 2014

Fingerprint

Internet protocols
Cryptography
Network protocols
Routers
Electronic document identification systems
Internet
Engineers

Keywords

  • Digital signature
  • IPv6
  • NA
  • NDP
  • NS

ASJC Scopus subject areas

  • General

Cite this

Enhancing security for IPv6 neighbor discovery protocol using cryptography. / Hassan, Rosilah; Ahmed, Amjed Sid; Othman, Nor Effendy.

In: American Journal of Applied Sciences, Vol. 11, No. 9, 03.07.2014, p. 1472-1479.

Research output: Contribution to journalArticle

Hassan, Rosilah ; Ahmed, Amjed Sid ; Othman, Nor Effendy. / Enhancing security for IPv6 neighbor discovery protocol using cryptography. In: American Journal of Applied Sciences. 2014 ; Vol. 11, No. 9. pp. 1472-1479.
@article{2e4480d4ace3429a8a6a6530184fd7e2,
title = "Enhancing security for IPv6 neighbor discovery protocol using cryptography",
abstract = "Internet Protocol version 4 (IPv4) would gradually be replaced by Internet Protocol version 6 (IPv6) as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP), one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD) and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS) spoofing and Neighbor Advertisement (NS) spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF) to request solutions in order to overcoming these drawbacks. SEcure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node's neighbors cache, intruders will not be able to spoof other nodes' IP addresses.",
keywords = "Digital signature, IPv6, NA, NDP, NS",
author = "Rosilah Hassan and Ahmed, {Amjed Sid} and Othman, {Nor Effendy}",
year = "2014",
month = "7",
day = "3",
doi = "10.3844/ajassp.2014.1472.1479",
language = "English",
volume = "11",
pages = "1472--1479",
journal = "American Journal of Applied Sciences",
issn = "1546-9239",
publisher = "Science Publications",
number = "9",

}

TY - JOUR

T1 - Enhancing security for IPv6 neighbor discovery protocol using cryptography

AU - Hassan, Rosilah

AU - Ahmed, Amjed Sid

AU - Othman, Nor Effendy

PY - 2014/7/3

Y1 - 2014/7/3

N2 - Internet Protocol version 4 (IPv4) would gradually be replaced by Internet Protocol version 6 (IPv6) as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP), one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD) and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS) spoofing and Neighbor Advertisement (NS) spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF) to request solutions in order to overcoming these drawbacks. SEcure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node's neighbors cache, intruders will not be able to spoof other nodes' IP addresses.

AB - Internet Protocol version 4 (IPv4) would gradually be replaced by Internet Protocol version 6 (IPv6) as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP), one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD) and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS) spoofing and Neighbor Advertisement (NS) spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF) to request solutions in order to overcoming these drawbacks. SEcure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node's neighbors cache, intruders will not be able to spoof other nodes' IP addresses.

KW - Digital signature

KW - IPv6

KW - NA

KW - NDP

KW - NS

UR - http://www.scopus.com/inward/record.url?scp=84903934633&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84903934633&partnerID=8YFLogxK

U2 - 10.3844/ajassp.2014.1472.1479

DO - 10.3844/ajassp.2014.1472.1479

M3 - Article

AN - SCOPUS:84903934633

VL - 11

SP - 1472

EP - 1479

JO - American Journal of Applied Sciences

JF - American Journal of Applied Sciences

SN - 1546-9239

IS - 9

ER -