Leveraging Secure Hash Algorithm for Securing IPv6 Protocols SLAAC and DAD

Main Article Content

Jithender Reddy Machana, Dr. G. Narsimha

Abstract

In the recent past, the IPv6 protocol has gained importance in the industry. The IPv6 protocol is considered more reliable and secured when compared to its 32-bit counterpart. The IPv6 has increased the address length from 32 to128 bits to address the exhaustion of IPv4 address space. It provides more addresses through address hierarchy and a simpler address autoconfiguration through SLAAC, SLAAC with DHCPv6, and DHCPv6 server. The IPv6 Neighbor Discovery protocol does duplicate address detection, determines neighbor MAC address, finds out the next-hop router, and checks neighbor unreachability The node comes pre-configured with an IPv6 address. An IPv6 address is made up of two parts: the prefix and the interface id. It is possible to generate the interface-id using an extended unique identifier or at random. The address has to be unique on the local link. The duplicate address detection process tests the address uniqueness on the link. This process is susceptible to many attacks, such as DOS attacks [23], replay attacks. To secure is the main objective in IPv6networks. We have introduced a novel approach, which optimizes NDP and DAD process security. It employs SHA-512 to check the authenticity of NDP messages on the link. This technique implemented programmatically to secure the DAD process and estimate the resources utilized at a given node. We have also discussed the existing flaws in CGA and proposed two modifications, i.e., replacing the present public key cryptography scheme and hash function. Instead, Elliptical Curve Cryptography (ECC) for the NIST P-384 curve, is recommended for the ECDSA key generation process and SHA-512 in place of SHA-1. ECC with SHA-512 proves to be highly secured and optimal in terms of the consumption of computational resources at the nodes.

Article Details

Section
Articles