Improving security for IPv6 neighbor discovery

Amjed Sid Ahmed, Rosilah Hassan, Nor Effendy Othman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.

Original languageEnglish
Title of host publicationProceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages271-274
Number of pages4
ISBN (Print)9781467373197
DOIs
Publication statusPublished - 10 Dec 2015
Event5th International Conference on Electrical Engineering and Informatics, ICEEI 2015 - Legian-Bali, Indonesia
Duration: 10 Aug 201511 Aug 2015

Other

Other5th International Conference on Electrical Engineering and Informatics, ICEEI 2015
CountryIndonesia
CityLegian-Bali
Period10/8/1511/8/15

Fingerprint

Network protocols
Internet protocols
Routers
Local area networks
Communication

Keywords

  • IPv6
  • NDP
  • NS
  • RS

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Signal Processing
  • Electrical and Electronic Engineering

Cite this

Ahmed, A. S., Hassan, R., & Othman, N. E. (2015). Improving security for IPv6 neighbor discovery. In Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015 (pp. 271-274). [7352509] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICEEI.2015.7352509

Improving security for IPv6 neighbor discovery. / Ahmed, Amjed Sid; Hassan, Rosilah; Othman, Nor Effendy.

Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015. Institute of Electrical and Electronics Engineers Inc., 2015. p. 271-274 7352509.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahmed, AS, Hassan, R & Othman, NE 2015, Improving security for IPv6 neighbor discovery. in Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015., 7352509, Institute of Electrical and Electronics Engineers Inc., pp. 271-274, 5th International Conference on Electrical Engineering and Informatics, ICEEI 2015, Legian-Bali, Indonesia, 10/8/15. https://doi.org/10.1109/ICEEI.2015.7352509
Ahmed AS, Hassan R, Othman NE. Improving security for IPv6 neighbor discovery. In Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 271-274. 7352509 https://doi.org/10.1109/ICEEI.2015.7352509
Ahmed, Amjed Sid ; Hassan, Rosilah ; Othman, Nor Effendy. / Improving security for IPv6 neighbor discovery. Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 271-274
@inproceedings{c18c11d624e04e1391310c02687a0584,
title = "Improving security for IPv6 neighbor discovery",
abstract = "For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.",
keywords = "IPv6, NDP, NS, RS",
author = "Ahmed, {Amjed Sid} and Rosilah Hassan and Othman, {Nor Effendy}",
year = "2015",
month = "12",
day = "10",
doi = "10.1109/ICEEI.2015.7352509",
language = "English",
isbn = "9781467373197",
pages = "271--274",
booktitle = "Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Improving security for IPv6 neighbor discovery

AU - Ahmed, Amjed Sid

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2015/12/10

Y1 - 2015/12/10

N2 - For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.

AB - For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.

KW - IPv6

KW - NDP

KW - NS

KW - RS

UR - http://www.scopus.com/inward/record.url?scp=84961707383&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84961707383&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2015.7352509

DO - 10.1109/ICEEI.2015.7352509

M3 - Conference contribution

AN - SCOPUS:84961707383

SN - 9781467373197

SP - 271

EP - 274

BT - Proceedings - 5th International Conference on Electrical Engineering and Informatics: Bridging the Knowledge between Academic, Industry, and Community, ICEEI 2015

PB - Institute of Electrical and Electronics Engineers Inc.

ER -