Optimization of IPv6 Neighbor Discovery Protocol

J. Interconnect. Networks Pub Date : 2022-02-10 DOI:10.1142/s0219265921410255

Jithender Reddy Machana, G. Narsimha

{"title":"Optimization of IPv6 Neighbor Discovery Protocol","authors":"Jithender Reddy Machana, G. Narsimha","doi":"10.1142/s0219265921410255","DOIUrl":null,"url":null,"abstract":"In IPv6, the DAD (Duplicate Address Detection) protocol detects duplicate addresses configured on the local link. Once the IPv6 address is auto configured on an IPv6 enabled host, the host verifies that its address is unique using the DAD procedure. This protocol works when hosts can communicate. If the DAD protocol fails to detect duplication, both the hosts assign the same link-local address. The neighbor discovery protocol verifies the generated address is unique or already exists on the local link. This process is known as Duplicate Address Detection (DAD). This process has critical security vulnerability and is susceptible to many attacks, especially allowing hackers to perform denial of service attacks (DOS). With that, the new devices will not be able to join the network. Researchers have developed various techniques to address DAD vulnerabilities, such as NDPMon, SEND, and Software-defined networking, SAVA, and extension headers. These techniques appear to be neither robust nor performance-oriented with DAD’s DOS detection and mitigation techniques. We have proposed a novel approach that detects and mitigates DOS attacks consuming low bandwidth and overhead.","PeriodicalId":153590,"journal":{"name":"J. Interconnect. Networks","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Interconnect. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1142/s0219265921410255","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In IPv6, the DAD (Duplicate Address Detection) protocol detects duplicate addresses configured on the local link. Once the IPv6 address is auto configured on an IPv6 enabled host, the host verifies that its address is unique using the DAD procedure. This protocol works when hosts can communicate. If the DAD protocol fails to detect duplication, both the hosts assign the same link-local address. The neighbor discovery protocol verifies the generated address is unique or already exists on the local link. This process is known as Duplicate Address Detection (DAD). This process has critical security vulnerability and is susceptible to many attacks, especially allowing hackers to perform denial of service attacks (DOS). With that, the new devices will not be able to join the network. Researchers have developed various techniques to address DAD vulnerabilities, such as NDPMon, SEND, and Software-defined networking, SAVA, and extension headers. These techniques appear to be neither robust nor performance-oriented with DAD’s DOS detection and mitigation techniques. We have proposed a novel approach that detects and mitigates DOS attacks consuming low bandwidth and overhead.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

IPv6邻居发现协议的优化

在IPv6中，DAD (Duplicate Address Detection)协议可以检测本地链路上配置的重复地址。一旦在启用IPv6的主机上自动配置了IPv6地址，主机就会使用DAD过程验证其地址是否唯一。该协议在主机可以通信时起作用。如果DAD协议没有检测到重复，则两台主机分配相同的链路本地地址。邻居发现协议验证生成的地址在本地链路上是否唯一或已经存在。这个过程被称为重复地址检测(DAD)。此过程存在严重的安全漏洞，容易受到多种攻击，特别是允许黑客执行拒绝服务攻击(DOS)。这样，新设备将无法加入网络。研究人员已经开发了各种技术来解决DAD漏洞，例如NDPMon, SEND和软件定义网络，SAVA和扩展头。与DAD的DOS检测和缓解技术相比，这些技术似乎既不健壮，也不面向性能。我们提出了一种新的方法来检测和减轻DOS攻击消耗低带宽和开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

J. Interconnect. Networks

自引率

0.00%

发文量