An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6

Lu, Yiqin; Wang, Meng; Huang, Pengsen

doi:10.1155/2017/5838657

Cited by 13 publications

(8 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authentication mechanism based on software-defined networking proposed by Lu et al [8] contains an authentication table module that maintains a sheet for storing the collected users' device information. The sheet is indexed by the MAC address to avoid duplicate entries.…”

Section: Mac Authenticationmentioning

confidence: 99%

Dual-Stack Network Management Through One-Time Authentication Mechanism

Kao

Liu

et al. 2020

IEEE Access

View full text Add to dashboard Cite

The exhaustion of IPv4 addresses has led to the rapid implementation of IPv6. However, the design of IPv6 is incompatible with that of its predecessor IPv4 and slows down the development of the IPv4-to-IPv6 migration. Several transitioning mechanisms have been proposed to attain the compatibility of IPv4 and IPv6 to bridge the gap between these two heterogeneous protocols. The two protocols would need to coexist continually before IPv6 completely takes over IPv4. However, the existing captive portal authentication systems generally do not support IPv4/IPv6 dual-stack authentication and lack one-time dualstack authentication solutions. Upgrading the authentication system has become an urgent problem to be addressed. This study presents dual-stack network management strategies using a novel one-time authentication mechanism for large and complex dual-stack network environments. The proposed authentication system resolves the inconvenience of separate IPv4 and IPv6 authentication and effectively improves the compatibility of the two protocols. Furthermore, authenticating both IPv4 and IPv6 increases the traceability of traffic logs when security attacks occur. The proposed solution is deployed in a campus dormitory environment, and the feasibility and stability are successfully verified.

show abstract

Section: Mac Authenticationmentioning

confidence: 99%

Dual-Stack Network Management Through One-Time Authentication Mechanism

Kao

Liu

et al. 2020

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In a word, SEND has many limitations including computation, deployment and security (Ahmed et al, 2017;Gelogo et al, 2011). Proposals to enhance SEND and make it applicable were introduced in (Sarma, 2014;Rafiee et al, 2011;Doja and Saggar, 2012;Kempf et al, 2006;Park et al, 2007;Cheneau and Laurent, 2011;Huang et al, 2009;Oh and Chae, 2007;Vasić et al, 2011;Lu et al, 2017). A small test bed consists of three computers; switch and router were used to implement DoS attacks against SeND.…”

Section: Proposed Solutionmentioning

confidence: 99%

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Ahmed

Hassan

Othman

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite. It provides many basic functions for the normal operations of IPv6 in a Local Area Network (LAN), such as address auto-configuration and address resolution. However, NDP has several vulnerabilities that can be used by malicious nodes to launch attacks, because NDP messages are easily spoofed. Surrounding this problem many solutions have been proposed for securing NDP but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. In this paper we overview NDP vulnerabilities and available solutions to overcome their impacts on IPv6 network. In addition a research test bed setup to implement these vulnerabilities was introduced. Moreover attacks that prove these vulnerabilities are implemented on different types of operating systems, Windows and Linux platforms. Three network metrics throughput, delay and resources consumption have been chosen to investigate, analyze and evaluate the impacts of NDP related attacks on IPv6 link-local communication. Overall, the results had shown that performance of Linux based operating system is better than Windows based operating system.

show abstract

“…In [11], the authors have proposed a new method to secure Neighbor Discovery Protocol in IPv6. This mechanism is based on SDN controller to verify the source of NDP packets.…”

Section: Related Workmentioning

confidence: 99%

“…The attack is composed as follows: the attacker will deceive the DAD mechanism and make it succeed in one of the two cases where it fails so that the victim cannot claim an address. Since there is a finite number of tries to get an address, the DAD always ends up failing; it is a DoS attack [11]. For the attack to be feasible, the attacker must be able to listen on the network to any query necessary to perform the DAD procedure, e.g., the NS messages with the unspecified address as the source address is characteristics of the DAD procedure; this implies being able to join the multicast group "Solicited-Node".…”

Section: The Attack On Dadmentioning

confidence: 99%

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Ksimi

Leghris

2018

Security and Communication Networks

View full text Add to dashboard Cite

In order to verify the uniqueness of link-local or unicast addresses, nodes must perform a Duplicate Address Detection process before using them. However, this process is subject to many attacks and the security is willing to be the most important issues in Small Object Networks with IPv6. In this paper, we developed a new algorithm to optimize the security in IPv6-DAD process; this method is based on SHA-512 to verify the identity of the Neighbor Discovery messages transmitted in the link local. First, before sending the NS message, the new node uses the function SHA-512 to hash to the target address and use the last 64 bits in a new field and then encrypt the result with its private key. When receiving the secure message, the existing nodes decrypt it. Our algorithm is going to secure the DAD process by using a digital signature. Overall, this algorithm showed a significant effect in terms of the Address Configuration Success Probability (ACSP).

show abstract

An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6

Cited by 13 publications

References 13 publications

Dual-Stack Network Management Through One-Time Authentication Mechanism

Dual-Stack Network Management Through One-Time Authentication Mechanism

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Contact Info

Product

Resources

About