The explosive growth of internet users and the limitations of IPv4 necessitated a transition to IPv6, offering a vast expansion of address space and advanced functionalities. A critical component of IPv6 is Stateless Address Auto-Configuration (SLAAC), where devices automatically configure their network addresses. Integral to SLAAC is the Duplicate Address Detection (DAD) process, which ensures each IP address is unique by detecting and resolving conflicts. Traditional Neighbor Discovery Protocol (NDP), which makes DAD possible, is still open to security threats such as replay attacks, router redirect spoofing, denial of service (DoS) attacks, and neighbor unreachability detection (NUD) spoofing. This paper examines the security vulnerabilities in the DAD process and proposes a novel DAD technique that leverages SHA-256 hashing to secure the tentative IP address. This technique enhances the security and efficiency of the DAD process. We have conducted simulations to assess the performance of the proposed solution in both normal and attack scenarios. Compared to the traditional approach, the results demonstrate its superiority in terms of CPU utilization, memory usage, packet overhead, successful DAD processes, processing time, and bandwidth consumption.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing IPv6 Network Security: SHA-256 for DAD Protection

  • Amar Kumar Yadav,
  • Ravichandra Sadam,
  • Payal Acharjee

摘要

The explosive growth of internet users and the limitations of IPv4 necessitated a transition to IPv6, offering a vast expansion of address space and advanced functionalities. A critical component of IPv6 is Stateless Address Auto-Configuration (SLAAC), where devices automatically configure their network addresses. Integral to SLAAC is the Duplicate Address Detection (DAD) process, which ensures each IP address is unique by detecting and resolving conflicts. Traditional Neighbor Discovery Protocol (NDP), which makes DAD possible, is still open to security threats such as replay attacks, router redirect spoofing, denial of service (DoS) attacks, and neighbor unreachability detection (NUD) spoofing. This paper examines the security vulnerabilities in the DAD process and proposes a novel DAD technique that leverages SHA-256 hashing to secure the tentative IP address. This technique enhances the security and efficiency of the DAD process. We have conducted simulations to assess the performance of the proposed solution in both normal and attack scenarios. Compared to the traditional approach, the results demonstrate its superiority in terms of CPU utilization, memory usage, packet overhead, successful DAD processes, processing time, and bandwidth consumption.