Secure neighbor discovery (SeND): Attacks and challenges

Amjed Sid Ahmed; Rosilah Hassan; Nor Effendy Othman

doi:10.1109/ICEEI.2017.8312422

Secure neighbor discovery (SeND)

Attacks and challenges

Amjed Sid Ahmed, Rosilah Hassan, Nor Effendy Othman

Center for Software Technology and Management (SOFTAM)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

Original language	English
Title of host publication	Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics
Subtitle of host publication	Sustainable Society Through Digital Innovation, ICEEI 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-6
Number of pages	6
Volume	2017-November
ISBN (Electronic)	9781538604755
DOIs	https://doi.org/10.1109/ICEEI.2017.8312422
Publication status	Published - 9 Mar 2018
Event	6th International Conference on Electrical Engineering and Informatics, ICEEI 2017 - Langkawi, Malaysia Duration: 25 Nov 2017 → 27 Nov 2017

Other

Other	6th International Conference on Electrical Engineering and Informatics, ICEEI 2017
Country	Malaysia
City	Langkawi
Period	25/11/17 → 27/11/17

Fingerprint

Internet

Attack

Internet protocols

Network protocols

Ownership

Denial of Service

Routers

Authorization

Certificate

Router

Vulnerability

Testbed

Denial-of-service attack

Keywords

DoS
IPv6
NDP
SLAAC

ASJC Scopus subject areas

Artificial Intelligence
Control and Optimization
Computer Networks and Communications
Computer Vision and Pattern Recognition
Information Systems
Software
Electrical and Electronic Engineering
Health Informatics

Cite this

Ahmed, A. S., Hassan, R., & Othman, N. E. (2018). Secure neighbor discovery (SeND): Attacks and challenges. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017 (Vol. 2017-November, pp. 1-6). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICEEI.2017.8312422

Secure neighbor discovery (SeND) : Attacks and challenges. / Ahmed, Amjed Sid; Hassan, Rosilah ; Othman, Nor Effendy.

Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. p. 1-6.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ahmed, AS, Hassan, R & Othman, NE 2018, Secure neighbor discovery (SeND): Attacks and challenges. in Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. vol. 2017-November, Institute of Electrical and Electronics Engineers Inc., pp. 1-6, 6th International Conference on Electrical Engineering and Informatics, ICEEI 2017, Langkawi, Malaysia, 25/11/17. https://doi.org/10.1109/ICEEI.2017.8312422

Ahmed AS, Hassan R , Othman NE. Secure neighbor discovery (SeND): Attacks and challenges. In Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November. Institute of Electrical and Electronics Engineers Inc. 2018. p. 1-6 https://doi.org/10.1109/ICEEI.2017.8312422

Ahmed, Amjed Sid ; Hassan, Rosilah ; Othman, Nor Effendy. / Secure neighbor discovery (SeND) : Attacks and challenges. Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics: Sustainable Society Through Digital Innovation, ICEEI 2017. Vol. 2017-November Institute of Electrical and Electronics Engineers Inc., 2018. pp. 1-6

@inproceedings{9c2014edba564f67b8b8e3c85ad9681c,

title = "Secure neighbor discovery (SeND): Attacks and challenges",

abstract = "In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.",

keywords = "DoS, IPv6, NDP, SLAAC",

author = "Ahmed, {Amjed Sid} and Rosilah Hassan and Othman, {Nor Effendy}",

year = "2018",

month = "3",

day = "9",

doi = "10.1109/ICEEI.2017.8312422",

language = "English",

volume = "2017-November",

pages = "1--6",

booktitle = "Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Secure neighbor discovery (SeND)

T2 - Attacks and challenges

AU - Ahmed, Amjed Sid

AU - Hassan, Rosilah

AU - Othman, Nor Effendy

PY - 2018/3/9

Y1 - 2018/3/9

N2 - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

AB - In the field of Internet Protocol Version 4 (IPv4), the Address Resolution Protocol (ARP) is considered susceptible to spoofing attacks. The Neighbor Discovery Protocol (NDP), which is a part of the Internet Protocol Version 6 (IPv6), slightly resembles the IPv4 ARP, and is also susceptible to similar attacks in the absence of security mechanism. The Secure Neighbor Discovery (SeND) extension handles security risks to NDP by providing message protection, proof of address ownership and router authorization. SeND depends on X.509 certificates and active Cryptographically Generated Addresses (CGA). However, SeND can be difficult to deploy and can still be susceptible to some kinds of Denial of Service (DoS) attacks. This paper will present SeND components and some SeND responses to NDP threats. Furthermore, SeND's available implementations were given an overview. Discussions on SeND limitations, remaining vulnerabilities and current deployment challenges were also given. Moreover, the study implemented a test bed to assess the behavior of SeND when it is under DoS attack.

KW - DoS

KW - IPv6

KW - NDP

KW - SLAAC

UR - http://www.scopus.com/inward/record.url?scp=85050801517&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050801517&partnerID=8YFLogxK

U2 - 10.1109/ICEEI.2017.8312422

DO - 10.1109/ICEEI.2017.8312422

M3 - Conference contribution

VL - 2017-November

SP - 1

EP - 6

BT - Proceedings of the 2017 6th International Conference on Electrical Engineering and Informatics

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Access to Document

10.1109/ICEEI.2017.8312422