scispace - formally typeset
Open AccessJournal ArticleDOI

Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-Local Network: A Survey on Limitations and Requirements

Ahmed K. Al-Ani, +5 more
- 01 Apr 2019 - 
- Vol. 44, Iss: 4, pp 3745-3763
TLDR
The strengths and weaknesses of each mechanism to Secure-DAD process are discussed from the perspective of implementation and processing time and challenges and future directions are presented along with feature requirements for the new security mechanism to secure DAD procedure in an IPv6 link-local network.
Abstract
The deployment of Internet Protocol Version 6 (IPv6) has progressed at a rapid pace. IPv6 has introduced new features and capabilities that is not available in IPv4. However, new security risks and challenges emerge with any new technology. Similarly, Duplicate Address Detection (DAD), part of Neighbor Discovery Protocol in IPv6 protocol, is subject to security threats such as denial-of-service attacks. This paper presents a comprehensive review on detection and defense mechanisms for DAD on fixed network. The strengths and weaknesses of each mechanism to Secure-DAD process are discussed from the perspective of implementation and processing time. Finally, challenges and future directions are presented along with feature requirements for the new security mechanism to secure DAD procedure in an IPv6 link-local network.

read more

Content maybe subject to copyright    Report

Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-
Local Network: A Survey on Limitations and Requirements
ABSTRACT
The deployment of Internet Protocol Version 6 (IPv6) has progressed at a rapid pace. IPv6 has introduced
new features and capabilities that is not available in IPv4. However, new security risks and challenges
emerge with any new technology. Similarly, Duplicate Address Detection (DAD), part of Neighbor Discovery
Protocol in IPv6 protocol, is subject to security threats such as denial-of-service attacks. This paper presents
a comprehensive review on detection and defense mechanisms for DAD on fixed network. The strengths
and weaknesses of each mechanism to Secure-DAD process are discussed from the perspective of
implementation and processing time. Finally, challenges and future directions are presented along with
feature requirements for the new security mechanism to secure DAD procedure in an IPv6 link-local
network.
Citations
More filters
Journal ArticleDOI

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

Mohammad Tayyab, +2 more
- 09 Sep 2020 - 
TL;DR: This article reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers, as well as blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed.
Journal ArticleDOI

Match-Prevention Technique Against Denial-of-Service Attack on Address Resolution and Duplicate Address Detection Processes in IPv6 Link-Local Network

Ahmed K. Al-Ani, +3 more
- 31 Jan 2020 - 
TL;DR: To secure AR and DAD, this study aims to introduce a prevention technique called Match-Prevention, which secures target IP addresses and exchange messages and its performance is compared with those of existing techniques, including Standard-Process, SeND and Trust-ND.
Journal ArticleDOI

DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network.

Ahmed K. Al-Ani, +3 more
- 02 Apr 2019 - 
TL;DR: The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks.
Journal ArticleDOI

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

Abdullah Ahmed Bahashwan, +4 more
- 17 Mar 2021 - 
TL;DR: In this paper, the authors proposed a flow-based approach to detect abnormal neighbor discovery protocol (NDP) traffic behavior, which is considered an indicator of the presence of NDP-based attacks, such as Router Advertisement (RA) and Neighbour Solicitation (NS) flooding attacks.
Book ChapterDOI

Brief of Intrusion Detection Systems in Detecting ICMPv6 Attacks

Adnan Hasan Bdair, +3 more
TL;DR: This work aims to introduce the proposed techniques, which utilized the Intrusion Detection System (IDS) in an effort to combat cyber-attacks, and investigates on the detection in IPv6 networks using ICMPv6 messages and DoS, as well as DDoS attacks.
References
More filters
Proceedings Article

The MD5 Message-Digest Algorithm

Ronald L. Rivest
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.

Security Architecture for the Internet Protocol

R. Atkinson
TL;DR: This document describes an updated version of the "Security Architecture for IP", which is designed to provide security services for traffic at the IP layer, and obsoletes RFC 2401 (November 1998).

The MD5 Message-Digest Algorithm

Rivest

Internet Protocol, Version 6 (IPv6) Specification

S. Deering, +1 more
TL;DR: In this paper, the authors specify version 6 of the Internet Protocol (IPv6), also referred to as IP Next Generation or IPng, and propose a new protocol called IPng.

Internet Protocol, Version 6 (IPv 6) Specification

S. Deering
TL;DR: This document specifies version 6 of the Internet Protocol (IPv6), also sometimes referred to as IP Next Generation or IPng.
Related Papers (5)

Fast IPv6 Network Periphery Discovery and Security Implications

Xiang Li, +5 more

Security Considerations for 6to4

Pekka Savola, +1 more

Security mechanism for IPv6 stateless address autoconfiguration

Supriyanto Praptodiyono, +5 more

IPv6 Addressing Scheme with a Secured Duplicate Address Detection

Gyanendra Kumar, +1 more
- 07 May 2020 - 

Host Identity Detection in IPv6 Networks

Libor Polcak, +2 more
Frequently Asked Questions (1)
Q1. What contributions have the authors mentioned in the paper "Detection and defense mechanisms on duplicate address detection process in ipv6 link- local network: a survey on limitations and requirements" ?

This paper presents a comprehensive review on detection and defense mechanisms for DAD on fixed network. The strengths and weaknesses of each mechanism to Secure-DAD process are discussed from the perspective of implementation and processing time.