Preventing Denial-of-service in Next Generation Internet Protocol Mobility

Maanasaa Sethuraman, Senthilkumar Mathi

Abstract


Internet Protocol version 6 (IPv6) is a next-generation internet protocol that is devised to replace its predecessor, the IPv4. With the benefit of ample address space, flexible header extensions and its many specific features, IPv6 is the future of the Internet and Internetworking. A significant advantage of IPv6 is its capabilities in the domain of security and mobility, where it scores in comparison with its predecessor. One of the many features specific to IPv6, such as the mandatory IPsec messaging or address auto-configuration, is the Neighbor Discovery Protocol (NDP). Even though the concept of security is more pronounced in the IPv6 protocols, there still exist loopholes. These loopholes when exploited target the foundation of the Internetworking. The extensive applications of NDP make it even more necessary to identify and address these gaps to ensure network security. Hence, this paper investigates such loopholes in the applications of NDP in creating a network and analyzes the process of the denial-of-service attacks that endanger the safety of an established network. Also, the paper proposes a new method to mitigate Denial-of-Service (DoS) in network mobility of IPv6 networks. This proposed approach is a hybrid of existing solutions and is capable of overcoming the significant disadvantages of these methods. Also, the paper discusses the comparative analysis among the various existing solutions and illustrates the effect of the proposed method in MIPv6 security.

Keywords


IPv6 security; Neighbor discovery; Router discovery; Duplicate address detection; Denial-of-service

Full Text:

PDF

References


Anbar M, Abdullah R, Saad RM, Alomari E, Alsaleem S. Review of security vulnerabilities in the IPv6 neighbor discovery protocol. InInformation Science and Applications (ICISA) 2016 2016 (pp. 603-612). Springer, Singapore.

kumar Mathi S, Kalyaan P, Kanimozhi S, Bhuvaneshwari S. Integrating Non-linear and Linear Diffusion Techniques to Prevent Fault Attacks in Advanced Encryption Standard to Enhance Security of 4G-LTE Networks. Defence Science Journal. 2017 May 1; 67(3):276.

Zhang T, Wang Z. Research on IPv6 Neighbor Discovery Protocol (NDP) security. In Computer and Communications (ICCC), 2016 2nd IEEE International Conference on 2016 Oct 14 (pp. 2032-2035).

Tian DJ, Butler KR, Choi JI, McDaniel P, Krishnaswamy P. Securing ARP/NDP From the Ground Up. IEEE Transactions on Information Forensics and Security. 2017 Sep; 12(9):2131-43.

Conta A, Gupta M. Internet control message protocol (ICMPV6) for the internet protocol version 6 (ipv6) specification. Request for Comments 4443, 2006, Internet Engineering Task Force.

Durdağı E, Buldu A. IPV4/IPV6 security and threat comparisons. Procedia-Social and Behavioral Sciences. 2010 Jan 1; 2(2):5285-91.

Mathi S, Nivetha R, Priyadharshini B, Padma S. A certificateless public key encryption based return routability protocol for next-generation IP mobility to enhance signalling security and reduce latency. Sādhanā. 2017 Dec 1; 42(12):1987-96.

Nicolls V, Le-Khac NA, Chen L, Scanlon M. IPv6 security and forensics. In Innovative Computing Technology (INTECH), 2016 Sixth International Conference on 2016 Aug 24 (pp. 743-748). IEEE.

Ahmed AS, Hassan R, Othman NE. IPv6 Neighbor Discovery Protocol Specifications, Threats and Countermeasures: A Survey. IEEE Access. 2017; 5:18187-210.

Ullrich J, Krombholz K, Hobel H, Dabrowski A, Weippl ER. IPv6 Security: Attacks and Countermeasures in a Nutshell. InWOOT 2014 Aug 19.

Kanagasabapathi K, Deepak S, Prakash P. A Study on Security Issues in Cloud Computing. InProceedings of the International Conference on Soft Computing Systems 2016 (pp. 167-175). Springer, New Delhi.

Conti M, Dragoni N, Lesyk V. A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials. 2016 Jan 1; 18(3):2027-51.

Stajkic A, Clazzer F, Liva G. Neighbor discovery in wireless networks: A graph-based analysis and optimization. InCommunications Workshops (ICC), 2016 IEEE International Conference on 2016 May 23 (pp. 511-516).

Rehman SU, Manickam S. Denial of Service Attack in IPv6 Duplicate Address Detection Process. International Journal of Advanced Computer Science & Applications. 2016; 7:232-8.

Praptodiyono S, Hasbullah IH, Kadhum MM, Wey CY, Murugesan RK, Osman A. Securing Duplicate Address Detection on IPv6 Using Distributed Trust Mechanism. International Journal of Simulation--Systems, Science & Technology. 2016 Oct 1; 17(26).

Xi H. The research and application of the NDP protocol vulnerability attack and the defense technology based on SEND. In AIP Conference Proceedings 2017 May 8 (Vol. 1839, No. 1, p. 020195). AIP Publishing.

Sumathi P, Patel S. Secure Neighbor Discovery (SEND) Protocol challenges and approaches. InIntelligent Systems and Control (ISCO), 10th International Conference on 2016 Jan 7 (pp. 1-6).

El Bouabidi I, Smaoui S, Zarai F, Obaidat MS, Kamoun L. ISEND: An Improved Secure Neighbor Discovery Protocol for Wireless Networks. InInternational Conference on E-Business and Telecommunications 2014 Aug 28 (pp. 518-535). Springer, Cham.

Shah JL. A novel approach for securing IPv6 link local communication. Information Security Journal: A Global Perspective. 2016 Apr 4; 25(1-3):136-50.

Yao G, Bi J, Xiao P. Source address validation solution with OpenFlow/NOX architecture. In Network Protocols (ICNP), 2011 19th IEEE International Conference on 2011 Oct 17 (pp. 7-12).

Praptodiyono S, Hasbullah IH, Kadhum MM, Murugesan RK, Wey CY, Osman A. Improving Security of Duplicate Address Detection on IPv6 Local Network in Public Area. In Modelling Symposium (AMS), 2015 9th Asia 2015 Sep 7 (pp. 123-128). IEEE.

Moslehpour M, Khorsandi S. Improving cryptographically generated address algorithm in IPv6 secure neighbor discovery protocol through trust management. In Proc. 18th Int. Conf. Inf. Commun. Secur. (ICICS) 2016 Jun 9 (pp. 1-5).

Raza S, Duquennoy S, Höglund J, Roedig U, Voigt T. Secure communication for the Internet of Things—a comparison of link‐layer security and IPsec for 6LoWPAN. Security and Communication Networks. 2014 Dec 1; 7(12):2654-68.

Rehman SU, Manickam S. Rule-based mechanism to detect Denial of Service (DoS) attacks on Duplicate Address Detection process in IPv6 link local communication. In Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on 2015 Sep 2 (pp. 1-6).




DOI: http://doi.org/10.11591/ijeecs.v12.i1.pp%25p
Total views : 196 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

shopify stats IJEECS visitor statistics