Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article
Authors:
Shailendra Singh Tomar
Anil Rawat
Prakash D. Vyavahare
Sanjiv Tokekar
Keywords: IPv6; DAD; DoS Attack; Central Arbiter Approach; SDN; NDP
Abstract:
A node joining any Internet Protocol version 6 (IPv6) network is susceptible to Denial of Service (DoS) attack in the Duplicate Address Detection (DAD) phase of the IP address assignment process. A lot of research work is being carried out to mitigate this form of DoS attack. However, available approaches require changes in the Neighbor Discovery Protocol (NDP) and/or lead to increased computational and configuration overheads/complexity on each client. In this paper, we present a central arbiter approach to detect and mitigate DoS attacks on DAD in Software Defined Network (SDN) controlled wired IPv6 networks. Advantages of this approach over other approaches are its simplicity and zero modification requirements to the NDP. The proposed approach has been simulated on a Mininet emulator configured for SDN using RYU controller and is observed to achieve the desired results. The effectiveness of the proposed scheme in handling DAD DoS attacks is also presented in the paper. The results show that this scheme introduces a delay of the order of 0.34 seconds in the DAD process which is a good trade-off for providing DoS attack protection.
Pages: 1 to 9
Copyright: Copyright (c) IARIA, 2017
Publication date: September 10, 2017
Published in: conference
ISSN: 2162-2116
ISBN: 978-1-61208-582-1
Location: Rome, Italy
Dates: from September 10, 2017 to September 14, 2017