A trust-based mechanism for protecting IPv6 networks against stateless address auto-configuration attacks

The IPv6 protocol is the next-generation IP protocol that addresses many of the shortcomings that exist in the IPv4 protocol. Some of the enhancements include increased address space, mandatory security and provisioning of stateless auto-configuration, a technique through which a new node forms its own address without the assistance of centralized host configuration servers operating in the network. While the stateless auto-configuration approach allows instant network access to a joining node, and eliminates the cost of procuring and maintaining centralized address configuration servers, it is also vulnerable to auto address configuration attacks against legitimate nodes willing to join the network. Through such an attack, malicious nodes in the network can disallow legitimate nodes to join the network by broadcasting incorrect responses to node requests for verifying address uniqueness. In this paper, we propose a trust-based algorithm to allow upcoming nodes in an IPv6 network to ascertain, in distributed fashion, the uniqueness of their respective network identifiers. Our proposed scheme does not rely on centralized verification servers, and it proves to provide high assurance to new nodes intending to join the network, with minimal overhead, as illustrated through our simulations and analysis.