Secure neighbor discovery (SeND): Attacks and challenges

Amjed Sid Ahmed, Rosilah Hassan, Nor Effendy Othman

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

Original languageEnglish
Title of host publicationProceedings of the 2017 6th International Conference on Electrical Engineering and Informatics
Subtitle of host publicationSustainable Society Through Digital Innovation, ICEEI 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-6
Number of pages6
Volume2017-November
ISBN (Electronic)9781538604755
DOIs
Publication statusPublished - 9 Mar 2018
Event6th International Conference on Electrical Engineering and Informatics, ICEEI 2017 - Langkawi, Malaysia
Duration: 25 Nov 201727 Nov 2017

Other

Other6th International Conference on Electrical Engineering and Informatics, ICEEI 2017
CountryMalaysia
CityLangkawi
Period25/11/1727/11/17

Fingerprint

Internet
Attack
Internet protocols
Network protocols
Ownership
Denial of Service
Routers
Authorization
Certificate
Router
Vulnerability
Testbed
Denial-of-service attack

Keywords

  • DoS
  • IPv6
  • NDP
  • SLAAC

ASJC Scopus subject areas

  • Artificial Intelligence
  • Control and Optimization
  • Computer Networks and Communications
  • Computer Vision and Pattern Recognition
  • Information Systems
  • Software
  • Electrical and Electronic Engineering
  • Health Informatics

Cite this

Ahmed, A. S., Hassan, R., & Othman, N. E. (2018). Secure neighbor discovery (SeND): Attacks and challenges. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017 (Vol. 2017-November, pp. 1-6). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICEEI.2017.8312422

Secure neighbor discovery (SeND) : Attacks and challenges. / Ahmed, Amjed Sid; Hassan, Rosilah; Othman, Nor Effendy.

Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ahmed, AS, Hassan, R & Othman, NE 2018, Secure neighbor discovery (SeND): Attacks and challenges. in Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. vol. 2017-November, Institute of Electrical and Electronics Engineers Inc., pp. 1-6, 6th International Conference on Electrical Engineering and Informatics, ICEEI 2017, Langkawi, Malaysia, 25/11/17. https://doi.org/10.1109/ICEEI.2017.8312422
Ahmed AS, Hassan R, Othman NE. Secure neighbor discovery (SeND): Attacks and challenges. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November. Institute of Electrical and Electronics Engineers Inc. 2018. p. 1-6 https://doi.org/10.1109/ICEEI.2017.8312422
Ahmed, Amjed Sid ; Hassan, Rosilah ; Othman, Nor Effendy. / Secure neighbor discovery (SeND) : Attacks and challenges. Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. pp. 1-6
@inproceedings{9c2014edba564f67b8b8e3c85ad9681c,
title = "Secure neighbor discovery (SeND): Attacks and challenges",
abstract = "In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.",
keywords = "DoS, IPv6, NDP, SLAAC",
author = "Ahmed, {Amjed Sid} and Rosilah Hassan and Othman, {Nor Effendy}",
year = "2018",
month = "3",
day = "9",
doi = "10.1109/ICEEI.2017.8312422",
language = "English",
volume = "2017-November",
pages = "1--6",
booktitle = "Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Secure neighbor discovery (SeND)

T2 - Attacks and challenges

AU - Ahmed, Amjed Sid

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2018/3/9

Y1 - 2018/3/9

N2 - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

AB - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

KW - DoS

KW - IPv6

KW - NDP

KW - SLAAC

UR - http://www.scopus.com/inward/record.url?scp=85050801517&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050801517&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2017.8312422

DO - 10.1109/ICEEI.2017.8312422

M3 - Conference contribution

AN - SCOPUS:85050801517

VL - 2017-November

SP - 1

EP - 6

BT - Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -