Research Article Open Access

ENHANCING SECURITY FOR IPV6 NEIGHBOR DISCOVERY PROTOCOL USING CRYPTOGRAPHY

Rosilah Hassan1, Amjed Sid Ahmed1 and Nur Effendy Osman1
  • 1 Research Center for Software Technology and Management, Network and Communication Technology Lab, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, 43600 UKM Bangi, Selangor, Malaysia

Abstract

Internet Protocol version 4 (IPv4) would gradually be replaced by Internet Protocol version 6 (IPv6) as the next generation of Internet protocol. The Neighbor Discovery Protocol (NDP), one of the main protocols in the IPv6 suite, comprises Neighbor Discovery for IPv6. NDP is used by both hosts and routers. Its functions include Neighbor Discovery (ND), Router Discovery (RD), Address Auto configuration, Address Resolution, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD) and Redirection. If not secured, NDP is vulnerable to various attacks: Neighbor Solicitation (NS) spoofing and Neighbor Advertisement (NS) spoofing, redirection, stealing addresses, denial of service are examples of these attacks. Since its early stages of designing and development NDP assumes connections between nodes will be safe but deployment stage prove this assumption is incorrect and highlight the security holes. This fact leads Internet Engineer Task Force (IETF) to request solutions in order to overcoming these drawbacks. Secure Neighbor Discovery or SEND is then proposed, SEND solve a part of the threats associated with NDP and request for more researches to find a better solution that manage to forbid all these threats and ignore its limitations. This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures. The proposed solution is manage to eliminate the threats because it do mapping and binding between IP address, MAC address and public keys of the nodes in the node's neighbors cache, intruders will not be able to spoof other nodes' IP addresses.

American Journal of Applied Sciences
Volume 11 No. 9, 2014, 1472-1479

DOI: https://doi.org/10.3844/ajassp.2014.1472.1479

Submitted On: 8 April 2014 Published On: 3 July 2014

How to Cite: Hassan, R., Ahmed, A. S. & Osman, N. E. (2014). ENHANCING SECURITY FOR IPV6 NEIGHBOR DISCOVERY PROTOCOL USING CRYPTOGRAPHY. American Journal of Applied Sciences, 11(9), 1472-1479. https://doi.org/10.3844/ajassp.2014.1472.1479

  • 3,500 Views
  • 3,464 Downloads
  • 19 Citations

Download

Keywords

  • IPv6
  • NDP
  • NS
  • NA
  • Digital Signature