Title :
Security analysis for IPv6 neighbor discovery protocol
Author :
Feng Xiaorong ; Lin Jun ; Jia Shizhun
Author_Institution :
Software Quality Testing Eng. Res. Center, China Electron. Product Reliability & Environ. Testing Res. Inst., Guangzhou, China
Abstract :
Neighbor Discovery Protocol (NDP) is used by IPv6 nodes to discover other nodes on the link, which assigns link-layer address to find routers, so as to obtain reachability information about the paths to active neighbors. This paper presents security threats and deeply analysis for IPv6 NDP and discusses about typical attacks in details. Meanwhile, the attack tools developed in accordance with NDP are demonstrated, which provides certain theoretical basis for improving the security feature of NDP. Finally, an improved security strategy based on IPSec AH and MAC address option is proposed which aims at providing effectively defense against denial of service attacks and redirection attacks. The optimized NDP process has certain significance for strengthening the security of IPv6 network.
Keywords :
IP networks; access protocols; computer network security; telecommunication network routing; transport protocols; IPSec AH; IPv6 NDP; IPv6 neighbor discovery protocol; IPv6 network security; IPv6 nodes; MAC address option; NDP process optimization; active neighbor path; attack tools; denial of service attack; link-layer address assignment; node discovery; reachability information; redirection attack; router finding; security analysis; security feature; security strategy; security threat; Authentication; Computer crime; IP networks; Instrumentation and measurement; Protocols; Servers; Authentication; IPv6; Neighbor Discovery Protocol; Security Attack;
Conference_Titel :
Instrumentation and Measurement, Sensor Network and Automation (IMSNA), 2013 2nd International Symposium on
Conference_Location :
Toronto, ON
DOI :
10.1109/IMSNA.2013.6743275
