期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2016
卷号:10
期号:4
页码:143-154
DOI:10.14257/ijsia.2016.10.4.15
出版社:SERSC
摘要:Most IPv6 security issues are still the same as IPv4; IPv6 has its own unique design characteristics that have additional impact to system and network security, as well as the potential impact on policies and procedures. Address autoconfiguration is a key feature of the IPv6 protocol stack that allow hosts to generate own addresses using a confluence of information from other hosts and information from router advertisement. Duplicate Address Detection (DAD) is a process that is part of address autoconfiguration that is used to check if the addresses generated has already been configured. Nevertheless, the design of DAD process is vulnerable to Denial of Service (DoS) attack leaving hosts unconfigured. For example, any host can reply to Neighbor Solicitations (NS) for a temporary address, causing the other host to consider it as a duplicate and eventually reject the address. Various mechanisms such as SeND and SAVI has been introduced to address such attacks, but these techniques were not very effective as there were still possibilities of DoS attacks to be carried out. As such, a new mechanism is needed to more effectively prevent DoS attacks on DAD process. In this paper, we present a detailed design and development of a novel mechanism that can address the shortfalls of existing prevention techniques.
