Detection of neighbor discovery protocol based attacks in IPv6 network

Abstract

Internet Protocol version 6 (IPv6) uses Network Discovery Protocol (NDP) to find the Media Access Control (MAC) address to communicate with hosts in a LAN. Like its predecessor, Address Resolution Protocol (ARP) in IPv4, NDP is stateless and lacks authentication by default. The traditional spoofing attacks for exploiting the IP to MAC resolution using ARP in IPv4 are also relevant in NDP. By using spoofed MAC addresses, a malicious host can also launch Denial-of-Service (DoS), Man-in-the-Middle(MiTM) attacks etc. in IPv6 network. Although there are various detection/prevention mechanisms available for IPv4, many of them are not yet implemented in IPv6 as the protocol is relatively new and slowly coming in use. Few mechanisms have been proposed for detection/prevention of these attacks in IPv6, but they either are non-scalable, computationally expensive, require management of cryptographic keys or change in the protocol itself. In this paper, we propose an active detection mechanism for NDP based attacks in IPv6 network to overcome these problems. Experimental results illustrate the efficacy and performance of the scheme.