Proposed DAD-match Mechanism for Securing Duplicate Address Detection Process in IPv6 Link-Local Network Based on Symmetric-Key Algorithm

Abstract

Duplicate address detection (DAD) is an essential procedure of neighbor discovery protocol (NDP). Further, DAD process decides in case an IP address is in conflict with other nodes. In usual DAD process, the target address to be identified is multicast via the network, which provides an ability for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial of service (DoS) attack is launched. This study proposes a new mechanism to hide the target address in DAD, which prevents an attack node from reaching target node. If the address of a normal node is identical to the detection address, then its IP address should be able to decrypt the random word and compare the decryption with decryption in “DADmatch” tag. Consequently, DAD can be successfully completed. This process is called DAD-match. We expect DAD-match will provide a lightweight security resolution and less complexity as well as fully prevent of DoS attacks during DAD process in IPv6 link-local network.