Risk Analysis of the Implementation of IPv6 Neighbor Discovery in Public Network

Supriyanto ., Iznan Hasbullah, Rajakumar Murugesan, Azlan Osman

Abstract


Internet is ubiquitous, and in recent times its growth has been exponential. This rapid growth caused the depletion of the current Internet Protocol version 4 (IPv4) address, prompting IETF with the design of the new Internet Protocol version 6 (IPv6) in the 1990’s. IPv6 is the next generation of the Internet Protocol designed with much larger address space and additional functions to ease its use for the users. One of the new functions is address auto configuration of new host’s via Neighbor Discovery Protocol (NDP). However, the implementation of NDP is not without risk in terms of security. This paper analyzes the risk of NDP implementation in public network. The result shows a number of risks that appear on the implementation of NDP over a Public Network. Neighbors cannot be trusted 100%. One of them could be an attacker who may exploit the NDP message to get their own benefit. In addition the number of insiders increases time to time.

Keywords


ipv6; neighbor discovery; IPv6 address; security; public network

References


Ashton, K., That ‘internet of things’ thing. RFiD Journal, 2009. 22: p. 97-114.

World Internet Statistic. [cited 16 April 2014]; Available from: http://www.internetworldstats.com/.

IPv4 Exhaustion Counter. [cited 2012 February 20]; Available from: www.ipv6forum.org.

Davies, J., Understanding IPv6 2008, Washington: Microsoft Press.

Audet, F. and C. Jennings, Network address translation (NAT) behavioral requirements for unicast UDP, 2007, BCP 127, RFC 4787.

Rekhter, Y. and T. Li, An architecture for IP address allocation with CIDR. 1993.

Narten, T., E. Nordmark, and W. Simpson, H. Soliman," Neighbor Discovery for IP version 6 (IPv6), 2007, RFC 4861.

Thomson, S. and T. Narten, RFC 2462 IPv6 Stateless Address Autoconfiguration, 1998. URL reference: http://www.ietf.org/rfc /rfc2462. txt.

Droms, R., et al., RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Standards Track, http://www.ietf. org/rfc/rfc3315. txt, 2003.

Supriyanto, et al., Survey of Internet Protocol Version 6 Link Local Communication Security Vulnerability and Mitigation Methods. IETE Technical Review, 2013. 30(1): p. 64-71.

Arkko, J., et al., Secure neighbor discovery (SEND), 2005, RFC 3971.

Levy-Abegnoli, E., et al., IPv6 Router Advertisement Guard, 2011, RFC 6105, Internet Engineering Task Force.

Angelosante, D., E. Biglieri, and M. Lops. Neighbor discovery for wireless networks. ISIT 2007. IEEE International Symposium on Information Theory. 2007.

Broch, J., et al. A performance comparison of multi-hop wireless ad hoc network routing protocols. in Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and networking. 1998. ACM.

Narten, T., E. Nordmark, and W. Simpson, RFC 2461 Neigbhour Discovery for IP Version 6 (IPv6), 1998. URL reference: http://www. ietf. org/rfc/rfc2461. txt.

Supriyanto, et al. Security mechanism for IPv6 router discovery based on distributed trust management. in RFID-Technologies and Applications (RFID-TA), 2013 IEEE International Conference on. 2013.

Jankiewicz, E., J. Loughney, and T. Narten, RFC 6434: IPv6 Node Requirements. Internet Engineering Task Force, RFC, 2011.

Plummer, D., Address Resolution Protocol, 1982, STD 37, RFC 826.

Blanchet, M., Migrating to IPv6 : A Practical Guide to Implementing IPv6 in Mobile and Fixed Networks. 2006, Québec, Canada: John Wiley & Sons Ltd.

Nikander, P. and J. Kempf, E. Nordmark, IPv6 Neighbor Discovery (ND) Trust Models and Threats, 2004, rfc 3756.


Full Text: PDF

Refbacks

  • There are currently no refbacks.