SLAAC Attack Detection Mechanism

Year 2020, Volume: 9 Issue: 1, 24 - 43, 01.03.2020

Nazrool Bin Omar Selvakumar Manickam

Abstract

The discovery of SLAAC attack has increased security threats in IPv6 network. SLAAC attacks is proliferated by the availability of attacking toolkits. Security safeguard must be deployed to detect and eliminate SLAAC attacks. Security safeguards such as IPSec, Secure NDP SeND , Trust-ND and other methods have not been widely implemented due to high processing power requirement for cryptographic process and alteration of original Neighbor Discovery Protocol NDP . Detection mechanism is more practical because does not modify original NDP, can be enhanced with specific capability and uses less intensive processing power. This paper proposes SLAAC attacks detection mechanism using ongoing packet verification and authentication. The detection mechanism not only detect SLAAC attack launched using ICMPv6 type 134 packet but also able to SLAAC attacks launched using packet with fragment and extension header without modification of original NDP.

Keywords

IPv6, Network Discovery Protocol, Testbed, Network Security, SLAAC Attack

References

• [1] S. Deering and R. Hinden. RFC 8200 Internet Protocol, Version 6 (IPv6) Specification. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc8200.txt, 2017.
• [2] T. Narten, E. Nordmark, W. Simpson and H. Soliman. RFC 4861 Neighbor Discovery for IP version 6 (IPv6). RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc4861.txt, 2007.
• [3] S. Thomson, T. Narten and T. Jinmei. RFC 4862 IPv6 Stateless Address Autoconfiguration. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc4862.txt, 2007.
• [4] A. Cooper, F. Gont, and D. Thaler. RFC 7721 Security and Privacy Considerations for IPv6 Address Generation Mechanisms. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc7721.txt, 2016.
• [5] P. Nikander, J. Kempf and E. Nordmark. RFC 3756 IPv6 Neighbor Discovery (ND) Trust Models and Threats. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc3756.txt, 2004.
• [6] S. U. Rehman and S. Manickam. “Improved Mechanism to Prevent Denial of Service Attack in IPv6 Duplicate Address Detection Process”. International Journal of Advanced Computer Science and Applications (IJACSA), Vol. 8, No. 2, 2017.
• [7] S. Praptodiyono, R. K. Murugesan, I. H. Hasbullah, C. Y. Wey, M. M. Kadhum and A. Osman. “Security Mechanism for IPv6 Stateless Address Autoconfiguration”. International Conference on Automation, Cognitive Science, Optics, Micro ElectroMechanical System, and Information Technology (ICACOMIT), pp. 31-36, 2015.
• [8] H. Rafiee and C. Meinel. “SSAS: A simple secure addressing scheme for IPv6 autoconfiguration”.Eleventh Annual Conference on Privacy, Security and Trust, pp. 275-282, 2013.
• [9] D. McPherson, F. Baker and J. Halpern. RFC 6959 Source Address Validation Improvement (SAVI) Threat Scope. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc6959.txt, 2013.
• [10]J. Zhang, J. Liu, Z. Xu, J. Li and X. Ye. “TRDP: a Trusted Router Discovery Protocol”. International Symposium on Communications and Information Technologies, pp 660-665, 2007.
• [11]E. J. Arkko, J. Kempf, B. Zill, and P. Nikander. RFC 3971 SEcure Neighbor Discovery (SeND). RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc3971.txt, 2005.
• [12]F. Gont. RFC 7113 Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard). RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc7113.txt, 2014.
• [13]F. Gont. RFC 6980 Security Implications of IPv6 Fragmentation with IPv6 Neighbor Discovery. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc6980.txt, 2013.
• [14]S. I. Shah, M. Anbar, A. Al-Ani and A. Al-Ani. “Hybridizing Entropy Based Mechanism with Adaptive Threshold Algorithm to Detect RA Flooding Attack in IPv6 Networks”. International Conference on Computational Science and Technology 2018 (ICCST2018), 2019.
• [15]S. A. Abdullah. “SEUI-64 bits an IPv6 Addressing Strategy to Mitigate Reconnaissance Attacks”. Engineering Science and Technology, an International Journal, Volume 22, Issue 2, pp 667-672, 2018.
• [16]S. Y. Massamba and S. A. R. R. Cheikh. “Securisation of an IPv6 Address Obtaining with SLAAC in Home Networks”. OALib. 05, pp 1-12, 2018.
• [17]Y. Lu, M. Wang and P. Huang. “An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6”. Security and Communication Networks, pp 1-9, 2017.
• [18]M. Schutte. IPv6 Plugin for the Snort Intrusion Detection System. Technical report. IPv6 Intrusion Detection System. http://www.idsv6.de, 2014.
• [19]J. N. Goel and B. Mehtre. “Dynamic IPv6 Activation Based Defense for IPv6 router advertisement flooding (DoS) attack”. IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-5, 2014.
• [20]F. A. Barbhuiya, S. Biswas and S. Nandi. “Detection of Neighbor Solicitation and Advertisement Spoofing in IPv6 Neighbor Discovery Protocol”. The 4th international conference on Security of information and networks (SIN '11), pp 111-118, 2011.
• [21]G. Bansal, N. Kumar, S. Nandi and S. Biswas. “Detection of NDP Based Attacks Using MLD”. The 5th International Conference on Security of Information and Networks (SIN '12), pp 163-167, 2012.
• [22]E. Levy-Abegnoli, G. Van de Velde, C. Popoviciu and J. Mohacsi. RFC 6105 IPv6 Router Advertisement Guard. RFC standard. Internet Engineering Task Force (IETF). http://www.ietf.org/rfc/rfc6105.txt, 2011.
• [23]K. Scarfone and P. Mell. Guide to Intrusion Detection and Prevention Systems (IDPS). Technical report. The National Institute of Standards and Technology (NIST). https://www.nist.gov/publications/guide-intrusiondetection-and-prevention-systems-idps, 2007.