A Proposal for IP Spoofing Mitigation at Origin in Homenet Using Software-Defined Networking

Abstract

Computer networks are continually evolving, making the execution of security tasks increasingly complex. Also, the development of new networking environments, such as the Internet Engineering Task Force (IETF) Home Networking (Homenet), usually is not followed by advances in security mechanisms for these environments. In this context, IP Spoofing, the obfuscation of the actual network address of the attacker either to amplify or redirect communications responses to a given target, is an example of network attack that can be employed in several infrastructures. Considering Homenet, the utilization of IPv6 does not avoid such attacks since the Neighbor Discovery Protocol (NDP), which is responsible for neighborhood discovery in IPv6, does not have mechanisms of validation of network and link addresses in its packet header (i.e., source-address validation). The present work proposes a solution to mitigate the use of IP Spoofing attacks originated in a Homenet using Software-Defined Networking (SDN) features. The results from the experimental evaluation demonstrate that the proposed method has desirable properties to avoid such attacks without increasing the complexity of the Homenet architecture.