Open AccessUsing multi‐address generation and duplicate address detection to prevent DoS in IPv6
Author(s) -
Guangjia Song,
Hui Wang,
Hangjun Wang
Publication year - 2019
Publication title -
iet communications
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.355
H-Index - 62
eISSN - 1751-8636
pISSN - 1751-8628
DOI - 10.1049/iet-com.2018.5686
Subject(s) - computer science , ipv6 address , computer network , node (physics) , denial of service attack , network address , encryption , protocol (science) , ip address management , overhead (engineering) , ipv6 , logical address , the internet , computer security , physical address , internet protocol , operating system , medicine , alternative medicine , structural engineering , pathology , engineering , overlay
The Neighbour Discovery Protocol and the Address Resolution Protocol are important protocols in the data link layer. Their functions include Internet Protocol (IP) address configuration, resolving the correspondence between an IP address and a medium access control address, and duplicate address detection (DAD). In DAD, the new address that the node is going to use is public, and thus, it is vulnerable to malicious node attacks. Moreover, address configuration is inefficient because only one address is generated and detected each time. In this study, the authors propose a multi‐address generation and DAD scheme called MAGD. MAGD generates a set of addresses each time, but only discloses a part of the set during DAD, thereby reducing the risk of being attacked. DAD will only fail when all the addresses are in conflict, and thus, the efficiency of node's address configuration is enhanced. Experiments show that the additional overhead in the CPU and memory caused by MAGD's multiple address configuration is within an acceptable range. When subjected to denial‐of‐service (DoS) attacks, MAGD performs better than traditional encryption schemes.