Proposed an Algorithm for Preventing IP Spoofing DoS Attack on Neighbor Discovery Protocol of IPv6 in Link Local Network

##plugins.themes.bootstrap3.article.main##

  •   Md. Mustafejur Rahman

  •   Md. Mustafizur Rahman

  •   Saif Ibne Reza

  •   Sumonto Sarker

  •   Md. Mehedi Islam

Abstract

Duplicate Address Detection (DAD) is one of the most interesting features in IPv6. It allows nodes to connect to a network by generating a unique IP address. It works on two Neighbor Discovery (ND) messages, namely, Neighbor Solicitation (NS) and Neighbor Advertisement (NA). To verify the uniqueness of generating IP, it sends that IP address via NS message to existing hosts. Any malicious node can receive NS message and can send a spoof reply, thereby initiates a DoS attack and prevents auto configuration process. In this manner, DAD is vulnerable to such DoS attack. This study aims to prevent those malicious nodes from sending spoof reply by securing both NS and NA messages. The proposed Advanced Bits Security (ABS) technique is based on Blake2 algorithm and introducing a creative option called ABS field that holds the hash value of tentative IP address and attached to both NA and NS message. We expect the ABS technique can prevent spoof reply during DAD procedure in link local network and can prevent DoS attack


Keywords: ABS Technique, Blake2, DAD, DoS Attack, Duplicate Address Detection, IPv6 Security, Hash Function

References

Wikipedia contributors. (2019, October) Wikipedia, The Free Encyclopedia. [Online]. https://en.wikipedia.org/w/index.php?title=IPv6&oldid=922123373

Google. (2019, May) Google IPv6. [Online]. https://www.google.com/intl/en/ipv6/statistics.html

"IPv6 NDP (Neighbor Discovery Protocol) and important Functions of IPv6 NDP". (2019, may) OmnuSecu.com. [Online]. http://www.omnisecu.com/tcpip/ipv6/ndp-neighbour-discovery-protocol-functions-of-ndp.php

Mohammed Anbar, Bahari Belaton Omar Elejla, "ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review," IETE TECHNICAL REVIEW, vol. 34, no. 4, pp. 390-407, August 2016.

RFC 4861 Authors. (2007, September) IETF. [Online]. https://tools.ietf.org/html/rfc4861

RFC 1122 Authors. (1989, October) IETF. [Online]. https://tools.ietf.org/html/rfc1122

I. H. Hasbullah, M. M. Kadhum, C. Y. Wey, R. K. Murugesan, and A. Osman S. Praptodiyono, "Securing duplicate address detection on IPv6 using distributed trust mechanism," Int. J. Simulation--Systems, Sci. Technol., vol. 7, no. 26, January 2016.

RFC 4941 Authors. (2007, September) IETF. [Online]. https://tools.ietf.org/html/rfc4941

RFC 6959 Authors. (2013, May) IETF. [Online]. https://tools.ietf.org/html/rfc6959

RFC 6194 Authors. (2011, March) IETF. [Online]. https://tools.ietf.org/html/rfc6194

J. Bi, S. Wang, Y. Zhang, and Y. Li G. Yao, "A pull model IPv6 duplicate address detection," IEEE 35th Conference on Local Computer Networks, pp. 372–375, 2010.

L. R. Knudsen and M. J. B. Robshaw, "Brute force attacks," Springer, pp. 95-108, 2011.

G. Song and Z. Ji, "Novel duplicate address detection with hash function," PLoS One, vol. 11, no. 3, 2016.

Salwani Mohd Daud, Noor Azurati Ahmad, Nurazean Maarop, Nilam Nur Amir Sjarif, and Hafiza Abas 19. Ali Maetouq, "Comparison of Hash Function Algorithms Against Attacks: A Review," IJACSA, vol. 9, no. 8, 2018.

Mohammed Anbar, Selvakumar Manickam, and Ayman Al-Ani Ahmed K. Al-Ani, "DAD-match: Technique to prevent DoS attack on duplicate address detection," Journal of Communications, vol. 13, no. 6, June 2018

Alexis Breust and Francois Etcheverry, "Why not SHA-3?A glimpse at the heart of hashfunctions," June 2013.

Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn, Christian Winnerlein, "BLAKE2: Simpler, Smaller, Fast as MD5", Springer, pp 119-135, 2013.

RFC 7693 Authors. (2015) IETF. [Online]. https://tools.ietf.org/html/rfc7693

Samuel Neves, Jean-Philippe Aumasson, and zooko CodesInChaos. (2015) GitHub. [Online]. https://github.com/BLAKE2/

Willi Meier, Raphael C.-W. Phan, Luca Henzen ean-Philippe Aumasson, The Hash Function BLAKE.: Springer, Berlin, Heidelberg, 2015.

Downloads

Download data is not yet available.

##plugins.themes.bootstrap3.article.details##

How to Cite
[1]
Rahman, M., Rahman, M., Reza, S., Sarker, S. and Islam, M. 2019. Proposed an Algorithm for Preventing IP Spoofing DoS Attack on Neighbor Discovery Protocol of IPv6 in Link Local Network. European Journal of Engineering and Technology Research. 4, 12 (Dec. 2019), 65-70. DOI:https://doi.org/10.24018/ejers.2019.4.12.1644.