DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network.
TLDR
The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks.Abstract:
An efficiently unlimited address space is provided by Internet Protocol version 6 (IPv6). It aims to accommodate thousands of hundreds of unique devices on a similar link. This can be achieved through the Duplicate Address Detection (DAD) process. It is considered one of the core IPv6 network's functions. It is implemented to make sure that IP addresses do not conflict with each other on the same link. However, IPv6 design's functions are exposed to security threats like the DAD process, which is vulnerable to Denial of Service (DoS) attack. Such a threat prevents the host from configuring its IP address by responding to each Neighbor Solicitation (NS) through fake Neighbor Advertisement (NA). Various mechanisms have been proposed to secure the IPv6 DAD procedure. The proposed mechanisms, however, suffer from complexity, high processing time, and the consumption of more resources. The experiments-based findings revealed that all the existing mechanisms had failed to secure the IPv6 DAD process. Therefore, DAD-match security technique is proposed in this study to efficiently secure the DAD process consuming less processing time. DAD-match is built based on SHA-3 to hide the exchange tentative IP among hosts throughout the process of DAD in an IPv6 link-local network. The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks. The findings concluded that the DAD-match technique effectively prevents the DoS attack during the DAD process. The DAD-match technique is implemented on a small area IPv6 network; hence, the author future work is to implement and test the DAD-match technique on a large area IPv6 network.read more
Citations
More filters
Journal ArticleDOI
Match-Prevention Technique Against Denial-of-Service Attack on Address Resolution and Duplicate Address Detection Processes in IPv6 Link-Local Network
TL;DR: To secure AR and DAD, this study aims to introduce a prevention technique called Match-Prevention, which secures target IP addresses and exchange messages and its performance is compared with those of existing techniques, including Standard-Process, SeND and Trust-ND.
Journal ArticleDOI
Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)
Abdullah Ahmed Bahashwan,Mohammed Anbar,Iznan H. Hasbullah,Ziyad R. Alashhab,Ali Abdulqader Bin-Salem +4 more
TL;DR: In this paper, the authors proposed a flow-based approach to detect abnormal neighbor discovery protocol (NDP) traffic behavior, which is considered an indicator of the presence of NDP-based attacks, such as Router Advertisement (RA) and Neighbour Solicitation (NS) flooding attacks.
Book ChapterDOI
Brief of Intrusion Detection Systems in Detecting ICMPv6 Attacks
TL;DR: This work aims to introduce the proposed techniques, which utilized the Intrusion Detection System (IDS) in an effort to combat cyber-attacks, and investigates on the detection in IPv6 networks using ICMPv6 messages and DoS, as well as DDoS attacks.
Journal ArticleDOI
Proposed security mechanism for preventing fake router advertisement attack in IPv6 link-local network
TL;DR: In this paper , the authors proposed SecMac-secure router discovery (SecMac-SRD) technique, which requires reduced processing time and may thwart fake RA assaults, is proposed as an improved secure RD mechanism.
Journal ArticleDOI
A blockchain-based protocol for tracking user access to shared medical imaging
Erikson Júlio De Aguiar,Alyson de J. dos Santos,Rodolfo I. Meneguette,Robson E. De Grande,Jó Ueyama +4 more
TL;DR: In this article , the authors present a protocol for tracking shared medical data, which includes images, and controlling the medical data access by multiple conflicting stakeholders, using Hyperledger Fabric Blockchain.
References
More filters
Internet Protocol, Version 6 (IPv 6) Specification
TL;DR: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
Neighbor Discovery for IP Version 6 (IPv6)
TL;DR: This document specifies the Neighbor Discovery protocol for IP Version 6.
Privacy Extensions for Stateless Address Autoconfiguration in IPv6
Thomas Narten,Richard P. Draves +1 more
TL;DR: An extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier is described, causing nodes to generate global-scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier.
Book ChapterDOI
The PHOTON family of lightweight Hash functions
TL;DR: The PHOTON lightweight hash function as mentioned in this paper uses a sponge-like construction as domain extension algorithm and an AES-like primitive as internal unkeyed permutation to obtain the most compact hash function known, reaching areas very close to the theoretical optimum.
SEcure Neighbor Discovery (SEND)
TL;DR: This document specifies security mechanisms for NDP, and unlike those in the original NDP specifications, these mechanisms do not use IPsec.