View article

Trust-ND is an alternative lightweight security mechanism based on distributed trust management model to secure IPv6 Neighbor Discovery Protocol. Trust-ND introduced a new NDP option, called Trust option, with three fields: Message Generation Time (or timestamp), Nonce, and Message Authentication Data. A thorough investigation and analysis of the use of timestamp field has identified four scenarios which could result in Denial-of-Service (DoS) as well as a source of inefficiency. DoS is triggered when two or more IPv6 nodes in the same link have unsynchronized clocks with large time difference between them due to the use of local clock, attack on the synchronization mechanism, misconfiguration or faulty clock. DoS could also occurs as the result of faulty validation process caused by the inability of the timestamp to capture and represent two distinct messaging events due to insufficient granularity or lack of …