Loading [a11y]/accessibility-menu.js
P4-NSAF: defending IPv6 networks against ICMPv6 DoS and DDoS attacks with P4 | IEEE Conference Publication | IEEE Xplore

P4-NSAF: defending IPv6 networks against ICMPv6 DoS and DDoS attacks with P4


Abstract:

Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 n...Show More

Abstract:

Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.
Date of Conference: 16-20 May 2022
Date Added to IEEE Xplore: 11 August 2022
ISBN Information:

ISSN Information:

Conference Location: Seoul, Korea, Republic of

Funding Agency:

No metrics found for this document.

I. Introduction

Internet Protocol version 6 (IPv6) is expected for rapid and widespread deployment worldwide. IPv6 is not compatible with IPv4 so the deployment of IPv6 leads to high costs. However, in November 2019, IPv4 addresses were exhausted completely [1]. For lack of available IPv4 addresses, IPv6 is expected to be developed rapidly. According to Google statistics, the proportion of global Internet users using IPv6 is reached 32.57% in November 2021, and the trend is still growing [2]. Popular network technologies, such as programmable data plane [3], are also robust supports for IPv6 networks.

Contact IEEE to Subscribe

References

References is not available for this document.