An improved SEND protocol against DoS attacks in Mobile IPv6 environment

Abstract

Neighbor Discovery protocol can be used to communicate between neighboring nodes in the Mobile IPv6 environment. For a secure Neighbor Discovery protocol, the IETF SEND working group standardized a Secure Neighbor Discovery protocol, and a Cryptographically Generated Address protocol. Neighbor Discovery protocol can be provided with secure functions by adding the RSA signature option and the CGA parameter option. But there are still attacks against SEND itself, particularly, Denial-of-Service attacks. Because the CGA verification consumes large amount of computing resources, attackers may forge a large number of attack data packages to make the node run out of resources. To provide the safeguard of Secure Neighbor Discovery protocol in Mobile IPv6 environment, we propose a mechanism that prevent SEND from part of DoS attacks by adding a set message interaction before CGA verification without a certification authority or any security infrastructure.