Amjed Sid Ahmed

IPv6 Neighbor Discovery Protocol Specifications, Threats and Countermeasures: A Survey

Neighbor discovery protocol (NDP) is the core protocol of Internet protocol version 6 (IPv6) suite. The motive behind NDP is to replace address resolution protocol (ARP), router discovery, and redirect functions in Internet protocol version 4. NDP is known as the stateless protocol as it is utilized by the IPv6 nodes to determine joined hosts as well as routers in an IPv6 network without the need of dynamic host configuration protocol server. NDP is susceptible to attacks due to the deficiency in its authentication process. Securing NDP is extremely crucial as the Internet is prevalent nowadays and it is widely used in communal areas, for instance, airports, where trust does not exist among the users. A malicious host is able to expose denial of service or man-in-the-middle attacks by injecting spoofed address in NDP messages. With the intention to protect the NDP many solutions were proposed by researchers. However, these solutions either introduced new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. Moreover, some solutions are deviating from the layering principals of open system interconnection model. Therefore, the necessity to study NDP in details to recognize and identify the points that could be a source of enhancement has become mandatory task. This article revolves around the survey of the vulnerabilities mitigations approaches of NDP, since the time of the protocol development up to the date of finalized this paper. We described the technical specifications of NDP showing its components, functions, and working procedures. In addition, each threat of NDP is classified and explained in details. Open challenges of NDP and recommended future directions for scientific research are presented at the end of this paper.

Improving security for IPv6 neighbor discovery

For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.

Security threats for IPv6 transition strategies: A review

There is a growing perception among communications experts that IPv6 and its associated protocols is set to soon replace the current IP version. This is somewhat interesting given that general adoption of IPv6 has been slow. Perhaps this can be explained by the short-term fixes to IPv4 address including classless addressing and NAT. Because of these short-term solutions in addition that IPv4 is not capable to manage the growth of information systems, particularly the growth of internet technologies and services including cloud computing, mobile IP, IP telephony, and IP-capable mobile telephony, all of which necessitate the use of IPv6. There is however a realization that the transformation must be gradual and properly guided and managed. To this end, the Internet Engineering Task Force (IETF) was formed to assist in the transition from IPv4 to IPv6 Dual Stack, Header Translation and Tunneling. The mechanisms employed in this transition consist of changes to protocol mechanisms affecting hosts and routers, addressing and deployment, that are designed to avoid mishap and facilitate a smooth transition from IPv4 to IPv6. Given the inevitability of adopting IPv6, this paper focuses on a detailed examination of the transition techniques and its associated benefits and possible shortcomings. Furthermore, the security threats for each transition technique are overviewed.

Performance Evaluation of Handover in WiMax with TCP and UDP as Underlying Protocol

The rejection of an ongoing connection/session is serious problem and it degrades the QoS and efficiency of the network rather than rejecting a request for new connection. The impact on performance of handovers is a serious problem in cellular systems that must be addressed. During handover there may be delay in packets and connections may drop. Real time applications i.e., VoIP and streaming video can be adversely affected by such kind of delays. In this study we used TCP and UDP as an underlying protocol for exchange of data between two wireless mobile nodes in a WiMax access network and had evaluated the effect on performance in terms of end-to-end delay and throughput. The results showed that when handover is triggered the transfer window resets to zero causing higher throughput and end-to-end delay for TCP than UDP based on packet size and traffic load.