Abstract
In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics |
Subtitle of host publication | Sustainable Society Through Digital Innovation, ICEEI 2017 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 1-6 |
Number of pages | 6 |
Volume | 2017-November |
ISBN (Electronic) | 9781538604755 |
DOIs | |
Publication status | Published - 9 Mar 2018 |
Event | 6th International Conference on Electrical Engineering and Informatics, ICEEI 2017 - Langkawi, Malaysia Duration: 25 Nov 2017 → 27 Nov 2017 |
Other
Other | 6th International Conference on Electrical Engineering and Informatics, ICEEI 2017 |
---|---|
Country | Malaysia |
City | Langkawi |
Period | 25/11/17 → 27/11/17 |
Fingerprint
Keywords
- DoS
- IPv6
- NDP
- SLAAC
ASJC Scopus subject areas
- Artificial Intelligence
- Control and Optimization
- Computer Networks and Communications
- Computer Vision and Pattern Recognition
- Information Systems
- Software
- Electrical and Electronic Engineering
- Health Informatics
Cite this
Secure neighbor discovery (SeND) : Attacks and challenges. / Ahmed, Amjed Sid; Hassan, Rosilah; Othman, Nor Effendy.
Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. p. 1-6.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Secure neighbor discovery (SeND)
T2 - Attacks and challenges
AU - Ahmed, Amjed Sid
AU - Hassan, Rosilah
AU - Othman, Nor Effendy
PY - 2018/3/9
Y1 - 2018/3/9
N2 - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.
AB - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.
KW - DoS
KW - IPv6
KW - NDP
KW - SLAAC
UR - http://www.scopus.com/inward/record.url?scp=85050801517&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050801517&partnerID=8YFLogxK
U2 - 10.1109/ICEEI.2017.8312422
DO - 10.1109/ICEEI.2017.8312422
M3 - Conference contribution
AN - SCOPUS:85050801517
VL - 2017-November
SP - 1
EP - 6
BT - Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics
PB - Institute of Electrical and Electronics Engineers Inc.
ER -