http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
Shafiq Ul Rehman,Selvakumar Manickam 보안공학연구지원센터 2015 International Journal of Security and Its Applicat Vol.9 No.11
In addition to addressing the scarcity of IP address space, Internet Protocol version 6 (IPv6) also addressed some of the shortcomings of Internet Protocol version 4(IPv4). These include neighbor discovery, address auto-configuration, and others. Many of this message exchange are done via the Internet Control Message Protocol (ICMP) and the use of this protocol in the IPv6 paradigm, i.e. ICMPv6 plays a bigger role compared to ICMPv4. One of the key process that is carried during neighbor discovery process is to check if the address generated already exists. This process is called the Duplicate Address Detection (DAD). Nevertheless, the design of this process has led to a severe security vulnerability allowing attackers to easily carry out Denial-of-Service (DoS) attack by causing every address generated to be a duplicate leading to new hosts unable to join the network. Various techniques and mechanisms have been introduced to address this vulnerability such as NDPMon, SeND, and SAVA. Nevertheless, these techniques are either not robust or have performance implications vis-à-vis with the DAD DoS detection and mitigation. In this paper, we put forward a novel framework that is able to detect, mitigate DoS attacks while being light-weight at the same time.
Shafiq Ul Rehman,Selvakumar Manickam 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.4
Most IPv6 security issues are still the same as IPv4; IPv6 has its own unique design characteristics that have additional impact to system and network security, as well as the potential impact on policies and procedures. Address autoconfiguration is a key feature of the IPv6 protocol stack that allow hosts to generate own addresses using a confluence of information from other hosts and information from router advertisement. Duplicate Address Detection (DAD) is a process that is part of address autoconfiguration that is used to check if the addresses generated has already been configured. Nevertheless, the design of DAD process is vulnerable to Denial of Service (DoS) attack leaving hosts unconfigured. For example, any host can reply to Neighbor Solicitations (NS) for a temporary address, causing the other host to consider it as a duplicate and eventually reject the address. Various mechanisms such as SeND and SAVI has been introduced to address such attacks, but these techniques were not very effective as there were still possibilities of DoS attacks to be carried out. As such, a new mechanism is needed to more effectively prevent DoS attacks on DAD process. In this paper, we present a detailed design and development of a novel mechanism that can address the shortfalls of existing prevention techniques.