This research is focussed on the security threats in the Neighbour Discovery Protocol that is an integral part of the IPv6 Stateful Address Auto-configuration. Neighbour Unreachability Detection is one of the Neighbour Discovery Protocol processes that can be subject to security issues due to lack of built-in authentication mechanism. We show that it is trivial for an attacker node to manipulate the neighbour unreachability message exchanges to poison the cache entries of other nodes for malicious purposes. This makes the network vulnerable to different types of attacks. We propose a distributed and lightweight authentication process that effectively prevents the common cache poisoning issues in an efficient manner.
展开▼