Proposed security mechanism for preventing fake router advertisement attack in IPv6 link-local network

Abstract

The design of router discovery (RD) is a trust mechanism to confirm the legitimacy of the host and router. Fake router advertisement (RA) attacks have been made possible by this RD protocol design defect. Studies show that the standard RD protocol is vulnerable to a fake RA attack where the host will be denied a valid gateway. To cope with this problem, several prevention techniques have been proposed in the past to secure the RD process. Nevertheless, these methods have a significant temporal complexity as well as other flaws, including the bootstrapping issue and hash collision attacks. Thus, the SecMac-secure router discovery (SecMac-SRD) technique, which requires reduced processing time and may thwart fake RA assaults, is proposed in this study as an improved secure RD mechanism. SecMac-SRD is built based on a UMAC hashing algorithm with ElGamal public key distribution cryptosystem that hides the RD message exchange in the IPv6 link-local network. Based on the obtained expected results display that the SecMac-SRD mechanism achieved less processing time compared to the existing secure RD mechanism and can resist fake RA attacks. The outcome of the expected results clearly proves that the SecMac-SRD mechanism effectively copes with the fake RA attacks during the RD process.