Displaying all 2 publications

Abstract:
Sort:
  1. Al-Ani AK, Anbar M, Manickam S, Al-Ani A
    PLoS One, 2019;14(4):e0214518.
    PMID: 30939154 DOI: 10.1371/journal.pone.0214518
    An efficiently unlimited address space is provided by Internet Protocol version 6 (IPv6). It aims to accommodate thousands of hundreds of unique devices on a similar link. This can be achieved through the Duplicate Address Detection (DAD) process. It is considered one of the core IPv6 network's functions. It is implemented to make sure that IP addresses do not conflict with each other on the same link. However, IPv6 design's functions are exposed to security threats like the DAD process, which is vulnerable to Denial of Service (DoS) attack. Such a threat prevents the host from configuring its IP address by responding to each Neighbor Solicitation (NS) through fake Neighbor Advertisement (NA). Various mechanisms have been proposed to secure the IPv6 DAD procedure. The proposed mechanisms, however, suffer from complexity, high processing time, and the consumption of more resources. The experiments-based findings revealed that all the existing mechanisms had failed to secure the IPv6 DAD process. Therefore, DAD-match security technique is proposed in this study to efficiently secure the DAD process consuming less processing time. DAD-match is built based on SHA-3 to hide the exchange tentative IP among hosts throughout the process of DAD in an IPv6 link-local network. The obtained experimental results demonstrated that the DAD-match security technique achieved less processing time compared with the existing mechanisms as it can resist a range of different threats like collision and brute-force attacks. The findings concluded that the DAD-match technique effectively prevents the DoS attack during the DAD process. The DAD-match technique is implemented on a small area IPv6 network; hence, the author future work is to implement and test the DAD-match technique on a large area IPv6 network.
  2. Al-Ani A, Anbar M, Laghari SA, Al-Ani AK
    PLoS One, 2020;15(5):e0232574.
    PMID: 32392261 DOI: 10.1371/journal.pone.0232574
    OpenFlow makes a network highly flexible and fast-evolving by separating control and data planes. The control plane thus becomes responsive to changes in topology and load balancing requirements. OpenFlow also offers a new approach to handle security threats accurately and responsively. Therefore, it is used as an innovative firewall that acts as a first-hop security to protect networks against malicious users. However, the firewall provided by OpenFlow suffers from Internet protocol version 6 (IPv6) fragmentation, which can be used to bypass the OpenFlow firewall. The OpenFlow firewall cannot identify the message payload unless the switch implements IPv6 fragment reassembly. This study tests the IPv6 fragmented packets that can evade the OpenFlow firewall, and proposes a new mechanism to guard against attacks carried out by malicious users to exploit IPv6 fragmentation loophole in OpenFlow networks. The proposed mechanism is evaluated in a simulated environment by using six scenarios, and results exhibit that the proposed mechanism effectively fixes the loophole and successfully prevents the abuse of IPv6 fragmentation in OpenFlow networks.
Related Terms
Filters
Contact Us

Please provide feedback to Administrator ([email protected])

External Links