Novel Duplicate Address Detection with Hash Function.

Guangjia Song,Zhenzhou Ji,Peter Csermely

doi:10.1371/journal.pone.0151612

Guangjia Song, Zhenzhou Ji + Show 1 more

Open Access

https://doi.org/10.1371/journal.pone.0151612

Copy DOI

Journal: PloS one	Publication Date: Mar 18, 2016
Citations: 16	License type: CC BY 4.0

Affiliation: Harbin Institute of Technology

Abstract

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution.

Highlights

One of the main functions of a computer network is the exchange of data between nodes
With an increasing number of network nodes and the extensive use of internet protocol version 6 (IPv6), Duplicate address detection (DAD) attacks pose a serious threat to network security
In traditional DAD, the host discloses the target address of DAD, which allows all network nodes to know the new address used by the host, and malicious nodes can forge replies to launch DoS attacks

Summary

Introduction

One of the main functions of a computer network is the exchange of data between nodes. When host A decides to use IPX as its address, it must broadcast an ARP request to ensure that IPX is not in conflict with other hosts. Assuming that host C configured 192.168.0.2 as its IP address, host C broadcasts an ARP request for DAD. This request can be received by both hosts A and B. RFC5227 proposed a new DAD method called address conflict detection (ACD) [5]. In the ARP announcement, the “Src IP” and “Dest IP” fields will be filled with the new address (IPX) and host A will announce that it will use IPX.

Related works

Resistance to a collision attack

Conclusions