Improving Security of Duplicate Address Detection on IPv6 Local Network in Public Area

Praptodiyono, Supriyanto; Hasbullah, Iznan H.; Kadhum, Mohammed M.; Murugesan, Raja Kumar; Wey, Chong Yung; Osman, Azlan

doi:10.1109/ams.2015.28

Cited by 12 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…e address configuration is conducted using the standard IPv6 address configuration, such as stateless address configuration as specified in RFC 4862 [56] and stateful address configuration using DHCPv6 standardized in RFC 3315 [57]. However, the new CoA is not permanent until the MN runs duplicate address detection (DAD) [58]. If there is no duplicate address detected, the MN updates its location.…”

Section: Address Configuration Once a New Access Router Ismentioning

confidence: 99%

Mobile IPv6 Vertical Handover Specifications, Threats, and Mitigation Methods: A Survey

Praptodiyono

Alaydrus

Santoso

et al. 2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Internet users have grown substantially over the last decade, especially following the emergence of mobile technology. Most Internet connections nowadays are accessed using mobile devices in order to stay connected all the time and everywhere. Owing to the limited coverage of such access points as well as base stations, mobile devices are required to handover connectivity if there is a move to other locations. Horizontal handover is conducted when the movement is within the same network. Otherwise, there must be vertical handover when external network infrastructure is encountered. However, as the Internet is an open network that naturally lacks trust between users, the mobile nodes that move to an external network are susceptible to various attacking activities. Compromising mobile nodes may cause users to lose their data as well as destroy their mobile devices in terms of both software and hardware. Securing mobile devices is crucial in order to avoid losses in terms of not only money but also facilities. Although mobile nodes have been developed with certain security features, some researchers have found vulnerabilities. This paper surveys in detail the security vulnerabilities of mobile IPv6 vertical handover and the current relevant mitigation methods. Furthermore, we describe the mechanism of mobile IPv6 vertical handover and its security vulnerability as well as security mechanisms proposed by researchers. Based on the survey, there are apparently weaknesses in current security features that are in need of solutions to minimize the effect of malicious activities. An open direction of future research on mobile IPv6 vertical handover security is elaborated at the end of this paper.

show abstract

Section: Address Configuration Once a New Access Router Ismentioning

confidence: 99%

Mobile IPv6 Vertical Handover Specifications, Threats, and Mitigation Methods: A Survey

Praptodiyono

Alaydrus

Santoso

et al. 2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this type of attack the victim assumes that all nodes are local. This is simply happened because attacker killed the default router, either by launching a DoS attack against the router or sends a spoofed RA message with zero life time and make default router list empty (Praptodiyono et al, 2015b). Consequently and according to RFC 2461 victim will never send packets to the default router, as per Fig.…”

Section: Default Router Is Killedmentioning

confidence: 99%

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Ahmed

Hassan

Othman

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite. It provides many basic functions for the normal operations of IPv6 in a Local Area Network (LAN), such as address auto-configuration and address resolution. However, NDP has several vulnerabilities that can be used by malicious nodes to launch attacks, because NDP messages are easily spoofed. Surrounding this problem many solutions have been proposed for securing NDP but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. In this paper we overview NDP vulnerabilities and available solutions to overcome their impacts on IPv6 network. In addition a research test bed setup to implement these vulnerabilities was introduced. Moreover attacks that prove these vulnerabilities are implemented on different types of operating systems, Windows and Linux platforms. Three network metrics throughput, delay and resources consumption have been chosen to investigate, analyze and evaluate the impacts of NDP related attacks on IPv6 link-local communication. Overall, the results had shown that performance of Linux based operating system is better than Windows based operating system.

show abstract

“…Another method was used in [12] to secure the DAD; it is called trust-ND. It is used to detect fake NA messages.…”

Section: Related Workmentioning

confidence: 99%

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Ksimi

Leghris

2018

Security and Communication Networks

View full text Add to dashboard Cite

In order to verify the uniqueness of link-local or unicast addresses, nodes must perform a Duplicate Address Detection process before using them. However, this process is subject to many attacks and the security is willing to be the most important issues in Small Object Networks with IPv6. In this paper, we developed a new algorithm to optimize the security in IPv6-DAD process; this method is based on SHA-512 to verify the identity of the Neighbor Discovery messages transmitted in the link local. First, before sending the NS message, the new node uses the function SHA-512 to hash to the target address and use the last 64 bits in a new field and then encrypt the result with its private key. When receiving the secure message, the existing nodes decrypt it. Our algorithm is going to secure the DAD process by using a digital signature. Overall, this algorithm showed a significant effect in terms of the Address Configuration Success Probability (ACSP).

show abstract

Improving Security of Duplicate Address Detection on IPv6 Local Network in Public Area

Cited by 12 publications

References 13 publications

Mobile IPv6 Vertical Handover Specifications, Threats, and Mitigation Methods: A Survey

Mobile IPv6 Vertical Handover Specifications, Threats, and Mitigation Methods: A Survey

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

Contact Info

Product

Resources

About