Risk Analysis of the Implementation of IPv6 Neighbor Discovery in Public Network

Internet is ubiquitous, and in recent times its growth has been exponential. This rapid growth caused the depletion of the current Internet Protocol version 4 (IPv4) address, prompting IETF with the design of the new Internet Protocol version 6 (IPv6) in the 1990’s. IPv6 is the next generation of the Internet Protocol designed with much larger address space and additional functions to ease its use for the users. One of the new functions is address auto configuration of new host’s via Neighbor Discovery Protocol (NDP). However, the implementation of NDP is not without risk in terms of security. This paper analyzes the risk of NDP implementation in public network. The result shows a number of risks that appear on the implementation of NDP over a Public Network. Neighbors cannot be trusted 100%. One of them could be an attacker who may exploit the NDP message to get their own benefit. In addition the number of insiders increases time to time

Review of Prevention Schemes for Modification Attack in Vehicular Ad hoc Networks

Vehicular Ad-hoc Network (VANET) technology is the basis of Intelligent Transportation System (ITS) connectivity that enables the delivery of useful information to and fro between vehicles in vehicle-to-vehicle communication mode; or between vehicle and infrastructure in vehicle-to-infrastructure mode for safety and comfort. However, due to the openness of the wireless medium used by VANET, the technology is vulnerable to security threats in both communication modes. In this study, the essential background of VANET from architectural point of view and communication types are discussed. Then, the overview of modification attack in VANET is presented. In addition, this paper thoroughly reviews the existing prevention schemes for modification attack in VANET. This review paper reveals that there is still a need for a better and more efficient preventive scheme to address the modification attack in VANET

Review of Prevention Schemes for Man-In-The-Middle (MITM) Attack in Vehicular Ad hoc Networks

Vehicular Ad-Hoc Network (VANET) is an indispensable part of the Intelligent Transportation System (ITS) due to its abilities to enhance traffic management and safety. Many researchers have been focused on specific areas involving management and storage data, protocols standardization, network fragmentation, monitoring, and quality of service.  The benchmarks of security of VANET are studied and figured out in this paper. VANET provides the driver and passenger with the safety application as well as entertainment service. However, the communication between nodes in VANET is susceptible to security threats in both communication modes, which indicates the main hazard. In this paper, we identified different Man-In-The-Middle (MITM) attacks with various behaviors such as message tampering, message delaying, and message dropping, according to the literature. In this study, the essential background of VANET from architectural point of view and communication types are discussed. Then, the overview of MITM attack in VANET is presented. In addition, this paper thoroughly reviews the existing prevention schemes for MITM attack in VANET. This review paper reveals that there is still a need for a better and more efficient preventive scheme to address the MITM attack in VANET. This review paper could serve as evidence and reference in the development of any new security schemes for VANETs

Enhancing IPsec Performance in Mobile IPv6 Using Elliptic Curve Cryptography

Internet has become indispensable to the modern society nowadays. Due to the dynamic nature of human activities, the evolving mobile technology has played a significant role and it is reflected in the exponential growth of the number of mobile users globally. However, the characteristic of the Internet as an open network made it vulnerable to various malicious activities. To secure communication at network layer, IETF recommended IPsec as a security feature. Mobile IPv6 as the successor of the current mobile technology, Mobile IPv4, also mandated the use of IPsec. However, since IPsec is a set of security algorithm, it has several well-known weaknesses such as bootstrapping issue when generating a security association as well as complex key exchange mechanism. It is a well-known fact that IPsec has a high overhead especially when implemented on Mobile IPv6 and used on limited energy devices such as mobile devices. This paper aims to enhance the IPsec performance by substituting the existing key exchange algorithm with a lightweight elliptic curve algorithm. The experiments managed to reduce the delay of IPsec in Mobile IPv6 by 67% less than the standard implementation

Machine and deep learning techniques for detecting internet protocol version six attacks: a review

The rapid development of information and communication technologies has increased the demand for internet-facing devices that require publicly accessible internet protocol (IP) addresses, resulting in the depletion of internet protocol version 4 (IPv4) address space. As a result, internet protocol version 6 (IPv6) was designed to address this issue. However, IPv6 is still not widely used because of security concerns. An intrusion detection system (IDS) is one example of a security mechanism used to secure networks. Lately, the use of machine learning (ML) or deep learning (DL) detection models in IDSs is gaining popularity due to their ability to detect threats on IPv6 networks accurately. However, there is an apparent lack of studies that review ML and DL in IDS. Even the existing reviews of ML and DL fail to compare those techniques. Thus, this paper comprehensively elucidates ML and DL techniques and IPv6-based distributed denial of service (DDoS) attacks. Additionally, this paper includes a qualitative comparison with other related works. Moreover, this work also thoroughly reviews the existing ML and DL-based IDSs for detecting IPv6 and IPv4 attacks. Lastly, researchers could use this review as a guide in the future to improve their work on DL and ML-based IDS

IMPLEMENTATION OF TRUST NEIGHBOR DISCOVERY ON SECURING IPv6 LINK LOCAL COMMUNICATION

Neighbour Discovery Protocol is a core IPv6 protocol used within the local network to provide functionalities such as Router Discovery and Neighbour Discovery. However, the standard of the protocol does not specify any security mechanism but only recommends the use of either Internet Protocol Security (IPSec) or Secure Neighbor Discovery (SEND) that has drawbacks when used within IPv6 local network. Furthermore, neither is enabled by default in the IPv6 local network; leaving the protocol unsecured. This paper proposes Trust-ND with reduced complexity by combining hard security and soft security approaches to be implemented on securing IPv6 link-local communication. The experimentation results showed that Trust-ND managed to successfully secure the IPv6 Neighbour Discovery. Trust-ND significantly cuts down the time to process NDP messages up to 77.21 ms for solicitation message and 100.732 ms for advertisement message. It also provides additional benefit over regular NDP in terms of data integrity for all Trust-ND messages with the introduction of Trust Option

Password-Guessing Attack-Aware Authentication Scheme Based on Chinese Remainder Theorem for 5G-Enabled Vehicular Networks

The new fifth-generation (5G) cellular networks dramatically improve the speed of message transmissions. Most existing authentication schemes that secure 5G communication rely heavily on the vehicle’s tamper-proof device (TPD) and roadside units (RSUs) to store the system’s master key. However, it only takes a single compromised TPD to render the whole system insecure. We propose a password-guessing attack-aware authentication scheme based on the Chinese Remainder Theorem (CRT) to secure inter-vehicle communication on 5G-enabled vehicular networks to address this issue. The trusted authorities (TAs) in the proposed scheme generate and broadcast new group keys to the vehicles assisted by CRT. Moreover, since the system’s master key does not need to be preloaded, the proposed scheme only requires realistic TPDs. The proposed scheme overcomes password-guessing attacks and guarantees top-level security for entire 5G-enabled vehicular networks. The security analysis indicates that the proposed scheme is secure against adaptive chosen-message attacks under the random oracle model and meets the security requirements of a 5G-enabled vehicular network. Since cryptographic operations based on elliptic curve cryptography are employed, the performance evaluation shows that the proposed scheme outperforms the eight existing schemes in terms of computation and communication costs

Performance Analysis of Internet Key Exchange Algorithms on IPSec Security Association Initiation

Naturally, the Internet as an open network allows millions of users to interact each other. Furthermore, the giant network vulnerable to various malicious activities that potentially causes many (losses) for both resources and humanity. In order to reduce the potential attacking activities, Internet Engineering Task Force has standardized a network level security so-called IP Security. The key process behind the IP Security is a Security Association that is identified by Security Parameter Index. The initiation of Security Association performance depends on the encryption algorithm used. Hence, the performance of the algorithm candidate is an important consideration. This paper aims to evaluate some encryption algorithm to be used in IPv6 network. Results of the experiments shows that ECP 384 based on the elliptic curve algorithms outperforms than the traditional algorithm such as MODP 1024 and MODP 3072

SE-CPPA: A Secure and Efficient Conditional Privacy-Preserving Authentication Scheme in Vehicular Ad-Hoc Networks

Communications between nodes in Vehicular Ad-Hoc Networks (VANETs) are inherently vulnerable to security attacks, which may mean disruption to the system. Therefore, the security and privacy issues in VANETs are entitled to be the most important. To address these issues, the existing Conditional Privacy-Preserving Authentication (CPPA) schemes based on either public key infrastructure, group signature, or identity have been proposed. However, an attacker could impersonate an authenticated node in these schemes for broadcasting fake messages. Besides, none of these schemes have satisfactorily addressed the performance efficiency related to signing and verifying safety traffic-related messages. For resisting impersonation attacks and achieving better performance efficiency, a Secure and Efficient Conditional Privacy-Preserving Authentication (SE-CPPA) scheme is proposed in this paper. The proposed SE-CPPA scheme is based on the cryptographic hash function and bilinear pair cryptography for the signing and verifying of messages. Through security analysis and comparison, the proposed SE-CPPA scheme can accomplish security goals in terms of formal and informal analysis. More precisely, to resist impersonation attacks, the true identity of the vehicle stored in the tamper-proof device (TPD) is frequently updated, having a short period of validity. Since the MapToPoint hash function and a large number of cryptography operations are not employed, simulation results show that the proposed SE-CPPA scheme outperforms the existing schemes in terms of computation and communication costs. Finally, the proposed SE-CPPA scheme reduces the computation costs of signing the message and verifying the message by 99.95% and 35.93%, respectively. Meanwhile, the proposed SE-CPPA scheme reduces the communication costs of the message size by 27.3%