×

Proposition of a model for securing the neighbor discovery protocol (NDP) in IPv6 environment. (English) Zbl 07215975

Gueye, Cheikh Thiecoumba (ed.) et al., Algebra, codes and cryptology. Proceedings of the first international conference, A2C 2019, in honor of Prof. Mamadou Sanghare, Dakar, Senegal, December 5–7, 2019. Cham: Springer. Commun. Comput. Inf. Sci. 1133, 204-215 (2019).
Summary: This article proposes a model for securing the Neighbor Discovery Protocol, to enable a secure exchange of IPv6 mobiles for insertion into another network. As part of the Neighbor Discovery Protocol, we have listed all the features and demonstrated that they can all be attacked though our particular focus is on appraising the existing one. The article demonstrates that it is possible to secure the most critical points in the Neighbor Discovery Protocol features, including the IP address and prefix. The security model using the IPsec AH protocol combination, and the CGA Protocol.
For the entire collection see [Zbl 1444.94002].

MSC:

47Axx General theory of linear operators
65Fxx Numerical linear algebra
15Axx Basic linear algebra
65Jxx Numerical analysis in abstract spaces

Software:

GitHub; Pcapy; Scapy
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Author, F.: Article title. Journal 2(5), 99-110 (2016)
[2] Author, F., Author, S.: Title of a proceedings paper. In: Editor, F., Editor, S. (eds.) CONFERENCE 2016, LNCS, vol. 9999, pp. 1-13. Springer, Heidelberg (2016). https://doi.org/10.10007/1234567890 · Zbl 0597.65031 · doi:10.10007/1234567890
[3] Author, F., Author, S., Author, T.: Book title, 2nd edn. Publisher, Location (1999)
[4] Author, A.-B.: Contribution title. In: 9th International Proceedings on Proceedings, pp. 1-2. Publisher, Location (2010)
[5] LNCS Homepage. http://www.springer.com/lncs. Accessed 4 Oct 2017
[6] Xiaorong, F., Jun, L., Shizhun, J.: security analysis for IPv6 neighbor discovery protocol. In: IMSNA, pp. 303-307 (2013)
[7] Cunjiang, Y., Li, J.: Authentication algorithms of Internet Protocol security in an IPV6-based environment. In: Proceedings of 2010 4th International Conference on Intelligent Information Technology Application, vol. 4 (2010)
[8] Arkko, J., (Ed.) et al.: Secure Neighbor Discovery (SEND), in request for comments 3971, Internet Engineering Task Force (2005)
[9] Kent, S., Seo, K.: Security architecture for the Internet Protocol, in request for comments: 4301, Internet Engineering Task Force (2005)
[10] Ramachandran, V., Nandi, S.: Detecting ARP spoofing: an active technique. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 239-250. Springer, Heidelberg (2005). https://doi.org/10.1007/11593980_18 · doi:10.1007/11593980_18
[11] Lootah, W., Enck, W., McDaniel, P.: Tarp: ticket-based address resolution protocol. Comput. Netw. 51(15), 4322-4337 (2007) · doi:10.1016/j.comnet.2007.05.007
[12] Tzang, Y.-J., Chang, H.-Y., Tzang, C.-H.: Enhancing the performance and security against media-access-control table overflow vulnerability attacks. Secur. Commun. Netw. 8, 1780-1793 (2015) · doi:10.1002/sec.1142
[13] Xiaorong, F., Jun, L., Shizhun, J.: Security analysis for IPv6 neighbor discovery protocol. In: 2013 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA) (2013)
[14] Arkko, M., Kempf, J., Sommerfeld, B., Zill, B., Nikander, P., (ed.): SEcure Neighbor Discovery (SEND), RFC 3971, March 2005
[15] Ahmed, A.S., Hassan, R., Othman, N.E.: Secure neighbor discovery (SeND): attacks and challenges. In: 2017 6th International Conference on Electrical Engineering and Informatics (ICEEI) (2017). https://doi.org/10.1109/iceei.2017.8312422 · doi:10.1109/iceei.2017.8312422
[16] Sumathi, P., Patel, S., Prabhakaran.: Secure neighbor discovery (SEND) protocol challenges and approaches. In: 2016 10th International Conference on Intelligent Systems and Control (ISCO) (2016). https://doi.org/10.1109/ISCO.2016.7726976 · doi:10.1109/ISCO.2016.7726976
[17] Xiaorong, F., Jun, L., Shizhun, J.: Security analysis for IPv6 neighbor discovery protocol. In: 2013 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA) (2013). https://doi.org/10.1109/imsna.2013.6743275 · doi:10.1109/imsna.2013.6743275
[18] Nikander, P., Kempf, J., Nordmark, E., (ed.): IPv6 Neighbor Discovery (ND) trust models and threats, in request for comments 3756, Internet Engineering Task Force (2004)
[19] Zhang, L.J., Tian-Qinga, O., Zhao, L.Y.: Authentication scheme based on certificateless signcryption in proxy mobile IPv6 network. Appl. Res. Comput. 29(2), 640-643 (2012)
[20] Zhang, Z., Wuhan.: Secure access authentication scheme in mobile IPv6 networks. Comput. Sci. 36(12), 26-31 (2009)
[21] Gracia, D.F.: Performance evaluation of advanced encryption standard algorithm. In: 2015 Second International Conference on Mathematics and Computers in Sciences and in Industry (MCSI) (2015). https://doi.org/10.1109/MCSI.2015.61 · doi:10.1109/MCSI.2015.61
[22] Alsadeh, A., Rafiee, H., Meinel, C.: Cryptographically generated addresses (CGAs): possible attacks and proposed mitigation approaches. In: 2012 IEEE 12th International Conference on Computer and Information Technology (CIT). IEEE (2012)
[23] Anu, P., Vimala, S.: A survey on sniffing attacks on computer networks. In: 2017 International Conference on Intelligent Computing and Control (I2C2) (2017). https://doi.org/10.1109/I2C2.2017.8321914 · doi:10.1109/I2C2.2017.8321914
[24] Verma, A., Singh, A.: An approach to detect packets using packet sniffing. Int. J. Comput. Sci. Eng. Survey (IJCSES) 4(3), 21 (2013) · doi:10.5121/ijcses.2013.4302
[25] https://github.com/secdev/scapy
[26] https://github.com/helpsystems/pcapy. Accessed Nov 2018
[27] https://Github.
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.