Light weight cryptographic address generation (LW-CGA) using system state entropy gathering for IPv6 based MANETs

In IPv6 based MANETs, the neighbor discovery enables nodes to self-configure and communicate with neighbor nodes through autoconfiguration. The Stateless address autoconfiguration (SLAAC) has proven to face several security issues. Even though the Secure Neighbor Discovery (SeND) uses Cryptographically Generated Addresses (CGA) to address these issues, it creates other concerns such as need for CA to authenticate hosts, exposure to CPU exhaustion attacks and high computational intensity. These issues are major concern for MANETs as it possesses limited bandwidth and processing power. The paper proposes empirically strong Light Weight Cryptographic Address Generation (LW-CGA) using entropy gathered from system states. Even the system users cannot monitor these system states; hence LW-CGA provides high security with minimal computational complexity and proves to be more suitable for MANETs. The LW-CGA and SeND are implemented and tested to study the performances. The evaluation shows that LW-CGA with good runtime throughput takes minimal address generation latency.

[1]  Thomas Narten,et al.  IPv6 Stateless Address Autoconfiguration , 1996, RFC.

[2]  Sureswaran Ramadass,et al.  Survey of Internet Protocol Version 6 Link Local Communication Security Vulnerability and Mitigation Methods , 2013 .

[3]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[4]  Jean-Pierre Hubaux,et al.  Analysis and Optimization of Cryptographically Generated Addresses , 2009, ISC.

[5]  Christoph Meinel,et al.  Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations , 2012, IEEE Security & Privacy.

[6]  Selvakumar Manickam,et al.  Novel Mechanism to Prevent Denial of Service (DoS) Attacks in IPv6 Duplicate Address Detection Process , 2016 .

[7]  Maryline Laurent-Maknavicius,et al.  Significantly improved performances of the cryptographically generated addresses thanks to ECC and GPGPU , 2010, Comput. Secur..

[8]  Zhongqi Xia,et al.  Configuring Cryptographically Generated Addresses (CGA) using DHCPv6 , 2009 .

[9]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[10]  Eric Gamess,et al.  A Free and Didactic Implementation of the SEND Protocol for IPv6 , 2010 .

[11]  Ana Kukec Native SeND kernel API for *BSD , 2010 .

[12]  Christoph Meinel,et al.  WinSEND: Windows SEcure Neighbor Discovery , 2011, SIN '11.

[13]  André Seznec,et al.  HAVEGE: A user-level software heuristic for generating empirically strong random numbers , 2003, TOMC.

[14]  Selvakumar Manickam,et al.  Significance of Duplicate Address Detection Mechanism in Ipv6 and its Security Issues: A Survey , 2015 .

[15]  Fernando Gont,et al.  A Method for Generating Semantically Opaque Interface Identifiers (IIDs) with the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) , 2016, RFC.

[16]  Pekka Nikander,et al.  IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[17]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[18]  Sean Shen,et al.  Analysis of Possible DHCPv6 and CGA Interactions , 2012 .

[19]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[20]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) , 1995, RFC.

[21]  Junaid Latief Shah A novel approach for securing IPv6 link local communication , 2016, Inf. Secur. J. A Glob. Perspect..

[22]  Gao Xuesong,et al.  A quick CGA generation method , 2010, 2010 2nd International Conference on Future Computer and Communication.