An efficient CGA algorithm against DoS attack on Duplicate Address Detection process

2016 ◽  
Author(s):  
Cui Zhang ◽  
Jinbo Xiong ◽  
Qiong Wu
Keyword(s):  
Dos Attack ◽  
Detection Process ◽  
Duplicate Address Detection

scholarly journals Proposed an Algorithm for Preventing IP Spoofing DoS Attack on Neighbor Discovery Protocol of IPv6 in Link Local Network

2019 ◽  
Vol 4 (12) ◽  
pp. 65-70
Author(s):  
Md. Mustafejur Rahman ◽  
Md. Mustafizur Rahman ◽  
Saif Ibne Reza ◽  
Sumonto Sarker ◽  
Md. Mehedi Islam
Keyword(s):  
Local Network ◽  
Neighbor Discovery ◽  
Malicious Node ◽  
Dos Attack ◽  
Malicious Nodes ◽  
Ip Address ◽  
Duplicate Address Detection ◽  
Ip Spoofing ◽  
Neighbor Discovery Protocol

Duplicate Address Detection (DAD) is one of the most interesting features in IPv6. It allows nodes to connect to a network by generating a unique IP address. It works on two Neighbor Discovery (ND) messages, namely, Neighbor Solicitation (NS) and Neighbor Advertisement (NA). To verify the uniqueness of generating IP, it sends that IP address via NS message to existing hosts. Any malicious node can receive NS message and can send a spoof reply, thereby initiates a DoS attack and prevents auto configuration process. In this manner, DAD is vulnerable to such DoS attack. This study aims to prevent those malicious nodes from sending spoof reply by securing both NS and NA messages. The proposed Advanced Bits Security (ABS) technique is based on Blake2 algorithm and introducing a creative option called ABS field that holds the hash value of tentative IP address and attached to both NA and NS message. We expect the ABS technique can prevent spoof reply during DAD procedure in link local network and can prevent DoS attack

scholarly journals Towards a New Algorithm to Optimize IPv6 Neighbor Discovery Security for Small Objects Networks

2018 ◽  
Vol 2018 ◽  
pp. 1-11 ◽  
Author(s):  
Ali El Ksimi ◽  
Cherkaoui Leghris
Keyword(s):  
Digital Signature ◽  
Success Probability ◽  
Neighbor Discovery ◽  
Small Object ◽  
Detection Process ◽  
Private Key ◽  
Duplicate Address Detection ◽  
Address Configuration

In order to verify the uniqueness of link-local or unicast addresses, nodes must perform a Duplicate Address Detection process before using them. However, this process is subject to many attacks and the security is willing to be the most important issues in Small Object Networks with IPv6. In this paper, we developed a new algorithm to optimize the security in IPv6-DAD process; this method is based on SHA-512 to verify the identity of the Neighbor Discovery messages transmitted in the link local. First, before sending the NS message, the new node uses the function SHA-512 to hash to the target address and use the last 64 bits in a new field and then encrypt the result with its private key. When receiving the secure message, the existing nodes decrypt it. Our algorithm is going to secure the DAD process by using a digital signature. Overall, this algorithm showed a significant effect in terms of the Address Configuration Success Probability (ACSP).

scholarly journals Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-Local Network: A Survey on Limitations and Requirements

2018 ◽  
Vol 44 (4) ◽  
pp. 3745-3763 ◽  
Author(s):  
Ahmed K. Al-Ani ◽  
Mohammed Anbar ◽  
Selvakumar Manickam ◽  
Chong Yung Wey ◽  
Yu-Beng Leau ◽  
...  
Keyword(s):  
Defense Mechanisms ◽  
Local Network ◽  
Detection Process ◽  
Duplicate Address Detection
Sign in / Sign up

Export Citation Format

Share Document