一种在无状态地址自动配置中DAD攻击的防御方法

doi:10.3969/j.issn.1000-0801.2014.04.008

Abstract

Abstract:

In stateless address auto configuration, node needs to carry out duplicate address detection before using a new IP address. In the detection process, once a malicious node claims that the resolve IP address is occupied, the node's address configuration will fail. For this case, WAY（who are you）mechanism as a defensive approach was proposed. WAY mechanism uses reverse address confirmation, self-declaration and WAY-table inspection to filter the spoofing packets, which make attackers' cost increase and cannot carry out secondary attack. The experiments show that WAY mechanism can effectively compensate the security flaws of neighbor discovery protocol, significantly increase the success rate of stateless address auto configuration.

Key words: network security, address resolution, IPv6, stateless address auto configuration, duplicate address detection

Guangjia Song,Zhenzhou Ji,Hui Wang. A Defense Approach of DAD Attack in Stateless Auto Configuration[J]. Telecommunications Science, 2014, 30(4): 54-60.

Figures/Tables 11

References 20

1	Plummer D C . An ethernet address resolution protocol. , http://tools.ietf.org/html/rfc826, 1982
2	Narten T , Nordmark E , Simpson W , et al. Neighbor discovery for IP version 6（IPv6）. , http://tools.IETF.org/html/rfc4861, 2007
3	Gao J H , Xia K J . ARP spoofing detection algorithm using ICMP protocol. Proceedings of the IEEE International Conference on Computer Communication and Informatics, Coimbatore, India, 2013: 1～6
4	Wang X L , Zhou G . Defence design for ARP spoofing based on NDIS intermediate driver. Proceedings of the IEEE International Conference on Computer Distributed Control and Intelligent Environmental Monitoring, Changsha, China, 2012: 218～220
5	Pandey P . Prevention of ARP spoofing: a probe packet based technique. Proceedings of the IEEE International Advance Computing Conference, Ghaziabad, India, 2013: 147～153
6	Thomson S , Narten T , Jinmei T . IPv6 stateless address auto configuration. , http://tools.IETF.org/html/rfc4862, 2007
7	Nikander P , Kempf J , Nordmark E . IPv6 neighbor discovery （ND） trust models and threats. , http://tools.IETF.org/html/rfc3756, 2004
8	Liu C H , Dai Q G . Design of security neighbor discovery protocol. Proceedings of the IEEE International Conference on Communication Systems and Network Technologies, Gwalior, India, 2013: 538～541
9	Arkko J , Kempf J , Zill B , et al. Secure neighbor discovery （SEND）. , http://tools.IETF.org/html/rfc3971, 2005
10	Aura J Cryptographically generated addresses （CGA）. , http://tools.IETF.org/html/rfc3972, 2005
11	AlSa'deh A , Meinel C . Secure neighbor discovery: review, challenges, perspectives, and recommendations. IEEE Security ＆Privacy, 2012, 10(4): 26～34
12	Rafiee H , AlSa'deh A , Meinel C . Multicore-based auto-scaling secure neighbor discovery for windows operating systems. Proceedings of the IEEE International Conference on Information Networking, Bali, 2012: 269～274
13	Alsaˊdeh A , Feng C , Meinel C . CS-CGA: compact and more secure CGA. Proceedings of the IEEE International Conference on Networks, Singapore, 2011: 299～304
14	Siddiqi Q S , Anwar M U . A study of CGA-（cryptographically generated address）signature based authentication of binding update messages in low-end MIPv6 node. Proceedings of the IEEE International Conference on Computer and Communication Engineering, Kuala Lumpur, Malaysia, 2012: 510～514
15	AlSa'deh A , Rafiee H , Meinel C . Stopping time condition for practical IPv6 cryptographically generated addresses. Proceedings of the IEEE International Conference on Information Networking, Bali, 2012: 257～262
16	Su G X , Wang W D , Gong X Y . A quick CGA generation method. Proceedings of the IEEE International Conference on Future Computer and Communication, Wuhan, China, 2010: 769～773
17	Rafiee H , AlSa'deh A , Meinel C . Winsend: windows secure neighbor discovery. Proceedings of the ACM International Conference on Security of Information and Networks, Sydney, Australia, 2011: 243～246
18	Hou Y , Wang Z X , Wang Y , et al. Routing attack in the ND and SEND mixed environment. Proceedings of the IEEE International Conference on Multimedia Information Networking and Security, Nanjing, China, 2012: 959～962
19	Jinhua G , Kejian X . ARP spoofing detection algorithm using ICMP protocol. Proceedings of 2013 International Conference on Computer Communication and Informatics（ICCCI）, Paris, France, 2013: 1～6
20	Pandey P , Prevention of ARP spoofing: a probe packet based technique. Proceedings of Advance Computing Conference （IACC）, 2013 IEEE 3rd International, Los Angles, USA, 2013: 147～153

Metrics

Recommended 0

No Suggested Reading articles found!

MAC地址	IP地址	T或F
CC:CC:CC:CC:CC:CC	FE80:CECC:CCFF:FECC:CCCC	F

[1]	Jianguo LIU, Hao QU, Hongming HUANG, Zhidan ZHU. Research on IPv6+ intelligent backbone network technology [J]. Telecommunications Science, 2023, 39(5): 155-166.
[2]	Le ZHANG, Hongyuan MA. Practice on edge cloud security of telecom operators [J]. Telecommunications Science, 2023, 39(4): 165-172.
[3]	Weixiong CHEN, Xiaochen YANG, Zengjun CHUN, Ruolan LI, Hua ZHANG. Research and practice of network security threat intelligence management system for power enterprise [J]. Telecommunications Science, 2022, 38(7): 184-189.
[4]	Yatian LIU, Bowen HU, Maofei CHEN, Dongxin LIU. Study on the 5GC security situational awareness system [J]. Telecommunications Science, 2022, 38(11): 73-85.
[5]	Yue GU, Dan LI, Kaihui GAO. Research on network traffic classification based on machine learning and deep learning [J]. Telecommunications Science, 2021, 37(3): 105-113.
[6]	Xu ZHOU, Sheng JIANG, Jie ZHANG, Bo LEI, Xiuli ZHENG, Taixin LI. Ubiquitous IP protocol system [J]. Telecommunications Science, 2021, 37(10): 47-54.
[7]	Chengli ZHANG, Xiaorong HE, Weifang SONG. Privatize modification of broadband dual IP stack on cloud platform [J]. Telecommunications Science, 2021, 37(10): 162-170.
[8]	Hui TIAN,Zheng WEI. IPv6+ innovation of the NGI [J]. Telecommunications Science, 2020, 36(8): 3-10.
[9]	Zhenbin LI,Feng ZHAO. Standard system of IPv6+ technologies [J]. Telecommunications Science, 2020, 36(8): 11-21.
[10]	Lin HE,Peng KUANG,Shicheng WANG,Ying LIU,Xing LI,Shuping PENG. Application-aware IPv6 networking [J]. Telecommunications Science, 2020, 36(8): 36-42.
[11]	Ming GAO,Jin LUO,Huiying ZHOU,Hai JIAO,Lili YING. A differential feedback scheduling decision algorithm based on mimic defense [J]. Telecommunications Science, 2020, 36(5): 73-82.
[12]	Yuanying XIAO,Yaodong YOU,Lixi XIANG. Causes and optimization of the false alarm rate of code review system [J]. Telecommunications Science, 2020, 36(12): 155-162.
[13]	Zhiqiang YANG,Li SU,Minpeng QI,Bo YANG. Overview and prospect of 5G security [J]. Telecommunications Science, 2020, 36(12): 1-19.
[14]	Guofeng HE. Application protection in 5G cloud network using zero trust architecture [J]. Telecommunications Science, 2020, 36(12): 123-132.
[15]	Ping XIE,Xiaosong LIU. Security of the deployment of SDN-based IoT using blockchain [J]. Telecommunications Science, 2020, 36(12): 139-146.

A Defense Approach of DAD Attack in Stateless Auto Configuration

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 11

References 20

Related Articles 15

Metrics

Recommended 0