Proposed DAD-match Security Technique based on Hash Function to Secure Duplicate Address Detection in IPv6 Link-local Network

With the increasing number of nodes, connecting on the same link needs a distinct Internet protocol (IP) address for each node. Duplicate address detection (DAD) is the process responsible for verifying the uniqueness of the IP address on the same link by using two neighbor discovery protocol (NDP) messages, namely, neighbor solicitation and neighbor advertisement. Given that NDP messages are unsecured by their design, any node can manipulate these messages and launch a denial of service (DoS) attack. This attack on DAD prevents legitimate node from configuring its IP address. Many mechanisms have been proposed to address this issue, but they have exhibited side effects, such as complexity and performance degradation. This study proposed a new security technique called DAD-match that relies on cryptographic hash function to hide a tentative IP address during the DAD procedure. We aimed to develop a DAD-match technique that will provide a noncomplex lightweight security and completely prevent DoS attacks during DAD procedure in IPv6 link-local network.