NDPsec: Neighbor Discovery Protocol security mechanism

Al-Ani, Ayman and Al-Ani, Ahmed K. and Laghari, Shams A. and Manickam, Selvakumar and Lai, Khin Wee and Hasikin, Khairunnisa (2022) NDPsec: Neighbor Discovery Protocol security mechanism. IEEE Access, 10. pp. 83650-83663. ISSN 2169-3536, DOI https://doi.org/10.1109/ACCESS.2022.3196028.

Full text not available from this repository.

Abstract

Internet Protocol version 6 (IPv6) is envisioned as the cornerstone for future internet connectivity and information technology (IT) expansion. Due to its enormous address pool, extendable headers, high level of security, and mobility, IPv6 is positioned as the next-generation Internet Protocol. NDP is an integral component of IPv6 since it resolves addresses, locates routers, and finds duplicated addresses in a local-link network. Because NDP is based on the premise that all nodes in the network are trustworthy, it is subject to a variety of attacks, including Denial of Service (DoS) on Duplicate Address Detection (DAD) attacks (aka. DoS-on-DAD), Address Resolution-based attacks, Router Advertisement (RA) based attacks, and Redirect attacks. This paper proposes an NDP security (NDPsec) mechanism based on the Ed25519 digital signature to authenticate IPv6 hosts to prevent unauthorized devices from joining the network. The proposed NDPsec mechanism is evaluated and compared to Secure NDP (SeND), Match-Prevention, and Trust-ND mechanisms. The performance is measured in terms of processing time, traffic overhead, and resilience against network-based attacks. The results obtained from the experiments showed that NDPsec successfully prevented cyberattacks, with approximately 144% less processing time and over 50% less traffic overhead compared to SeND (the default security mechanism for NDP protocol). The proposed NDPsec mechanism has remarkable superiority in terms of resilience against attacks compared to Match-Prevention and Trust-ND mechanisms.

Item Type: Article
Funders: School of Computing and Data Science, Xiamen University Malaysia (Grant No: XMUMRF/2022-C9/IECE/0028)
Uncontrolled Keywords: Protocols; IP networks; Security; Internet; Local area networks; Routing protocols; Denial-of-service attack; Authentication; IPv6; NDP; Denial of service; RA flooding; Security; Authentication; MITM
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Faculty of Engineering > Biomedical Engineering Department
Depositing User: Ms. Juhaida Abd Rahim
Date Deposited: 06 Nov 2023 08:33
Last Modified: 06 Nov 2023 08:33
URI: http://eprints.um.edu.my/id/eprint/41484

Actions (login required)

View Item View Item
UM Research Repository is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.