Enhance Neighbor Discovery Protocol Security by Using Secure Hash Algorithm

Abstract

Neighbor Discovery Protocol (NDP) plays a vital role in IPv6. Neighbor Solicitation (NS) and Neighbor Advertisement (NA) are two important messages of NDP. Because these two messages are used in two major processes of NDP; Duplicate Address Detection (DAD) and Address Resolution (AR). DAD is used to assign a unique IPv6 address to a new device attached to the IPv6 link-local network. Whilst, AR works like ARP in IPv4, it is used to find the MAC Address of the device against an IPv6 Address. As the massage is multicast and there is no built-in security in NDP that’s why it has vulnerabilities and due to lack of security any intruder can launch an attack; like the DoS (Denial of Service) attack which is most common. Many researches were conducted to resolve this issue, and techniques were proposed like SeND and Trust-ND. Some of these techniques can stop attacks but still have some vulnerabilities like high processing time and complexity etc. This research aims to introduce a technique that is more effective than already existing methods. This study proposed a security technique name as 64- bits Hash technique, to secure NS and NA messages of NDP by using SHA-512 for the encryption of target IPv6 and the use of only 64-bit of hashed value in NS and NA messages. The experimental results show that the purposed technique consumes less bandwidth and less processing time than other existing techniques to prevent DAD and AR from DoS attacks. The featured work is to implement the purposed technique on other processes of NDP and also to implement it on a large IPv6 network.