Enhanced Trust-based Security Mechanism to Prevent Temporal DoS Vulnerabilities in IPv6 Link-Local Networks

Article Sidebar

PDF
Published: 14 June 2026
DOI: https://doi.org/10.33093/jiwe.2026.5.2.5
Keywords:
IPv6, Denial-Of-Service, Link-Local Network, Network Security, Trust-Based Security Protocol

Main Article Content

Iznan Husainy Hasbullah
Universiti Sains Malaysia, Malaysia
Lokman Mohd Fadzil
Universiti Sains Malaysia, Malaysia
https://orcid.org/0000-0002-0398-0433
Selvakumar Manickam
Universiti Sains Malaysia, Malaysia
Supriyanto Praptodiyono
Universitas Pembangunan Nasional Veteran Jakarta, Indonesia
Mohamad Khairi Ishak
Ajman University, United Arab Emirates
https://orcid.org/0000-0002-3554-0061

Abstract

Many computer networks in operation today currently use both IPv4 and IPv6 stacks. On the other hand, there is a transition towards IPv6-only networks as a result of the limited availability of IPv4 addresses. The primary protocol for link-local IPv6 communication is the Neighbor Discovery Protocol (NDP). Regrettably, its insecure design and basic scope-based
security mechanisms make the local network susceptible to insider threats. The Internet Engineering Task Force’s recommended security mechanism for NDP, which is Secure Neighbor Discovery (SEND), is well documented but complex and unsuitable for resource-constrained devices and networks. Trust-ND was positioned as an alternative to SEND as a
lightweight trust-based distributed approach using the NDP extension headers. However, its timestamp design and utilization render it susceptible to temporal DoS vulnerabilities. Therefore, this research proposes eTrustND to improve the Trust-ND mechanism for securing IPv6 link-local networks from insider attacks by addressing the existing vulnerabilities by modifying the timestamp reference, format, precision, and validation rules. This paper documents the methodology, the experimentation, and the resulting outcome that show eTrustND eliminates Trust-ND’s temporal DoS vulnerabilities without adding computational and protocol overhead. It also highlights the challenges and best practices of timestamp design and usage in security mechanisms and protocols.

Article Details

How to Cite
Hasbullah, I. H., Mohd Fadzil, L., Manickam, S., Praptodiyono, S., & Ishak, M. K. (2026). Enhanced Trust-based Security Mechanism to Prevent Temporal DoS Vulnerabilities in IPv6 Link-Local Networks. Journal of Informatics and Web Engineering, 5(2), 70–92. https://doi.org/10.33093/jiwe.2026.5.2.5
Issue
Vol. 5 No. 2 (2026): June 2026
Section
Regular issue
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to

  • Share — copy and redistribute the material in any medium or format under the following conditions:
  • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
  • NonCommercial — You may not use the material for commercial purposes;
  • NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.

References

S. Deering and R. Hinden, “Internet Protocol, Version 6 (IPv6) Specification,” Jul. 2017. doi: 10.17487/RFC8200.

C. Zhiruo Liu et al., “IPv6 Best Practices, Benefits, Transition Challenges and the Way Forward,” 2020, ESTI, Sophia Antipolis CEDEX. Accessed: Sep. 19, 2021. [Online]. Available: https://www.etsi.org/images/files/ETSIWhitePapers/etsi_WP35_IPv6_Best_Practices_Benefits_Transition_Challenges_and_the_Way_Forward.pdf

A. Santhanam and R. Aswani, “Introducing IPv6-only subnets and EC2 instances,” Networking & Content Delivery. Accessed: Aug. 04, 2022. [Online]. Available: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-ipv6-only-subnets-and-ec2-instances/

H. Babiker, I. Nikolova, and K. K. Chittimaneni, “Deploying IPv6 in the Google Enterprise Network Lessons Learned,” in Proceedings of the 25th International Conference on Large Installation System Administration, in LISA’11. USA: USENIX Association, 2011, p. 10.

A. Oswal, “An IPv6 Campus of the Future - Cisco Blogs.” Accessed: Sep. 21, 2021. [Online]. Available: https://blogs.cisco.com/networking/an-ipv6-campus-of-the-future

V. McKillop, “Microsoft Works Toward IPv6-only Single Stack Network - Team ARIN.” Accessed: Sep. 19, 2021. [Online]. Available: https://teamarin.net/2019/04/03/microsoft-works-toward-ipv6-only-single-stack-network/

GSMA Intelligence, “The Mobile Economy 2025,” London, 2025. Accessed: Oct. 18, 2025. [Online]. Available: https://www.gsma.com/solutions-and-impact/connectivity-for-good/mobile-economy/wp-content/uploads/2025/04/030325-The-Mobile-Economy-2025.pdf

3GPP, “3GPP TR 21.101: ‘Technical Specifications and Technical Reports for a UTRAN-based 3GPP system (Release 8),’” Valbonne, France, Mar. 2009.

HexaBuild Inc, “IPv6 Adoption Report 2020,” Pheonix, AZ, 2020. Accessed: Sep. 24, 2021. [Online]. Available: https://hexabuild.io/assets/files/HexaBuild-IPv6-Adoption-Report-2020.pdf

China Mobile Limited, “Investor Relations > Monthly Customer Data.” Accessed: Jul. 26, 2022. [Online]. Available: https://www.chinamobileltd.com/en/ir/operation_m.php

T. Narten, E. Nordmark, W. Simpson, and H. Soliman, “Neighbor Discovery for IP version 6 (IPv6),” Sep. 2007, RFC Editor. doi: 10.17487/RFC4861.

S. Thomson Narten T. and T. Jinmei, “RFC 4862 IPv6 Stateless Address Autoconfiguration,” 2007, [Online]. Available: http://www.rfc-editor.org/info/rfc4862

J. Arkko, J. Kempf, B. Zill, and P. Nikander, “RFC 3971 - Secure neighbor discovery (SEND),” 2005. [Online]. Available: http://www.hjp.at/doc/rfc/rfc3971.html

Y. E. Gelogo, R. D. Caytiles, and B. Park, “Threats and security analysis for enhanced secure neighbor discovery protocol (SEND) of IPv6 NDP security,” International Journal of Control and Automation, vol. 4, no. 4, pp. 179–184, 2011.

A. Alsa’deh and C. Meinel, “Secure neighbor discovery: Review, challenges, perspectives, and recommendations,” IEEE Security and Privacy, no. July/August, pp. 26–34, 2012. doi: 10.1109/MSP.2012.27.

G. An, K. Kim, J. Jang, and Y. Jeon, “Analysis of SEND protocol through implementation and simulation,” in 2007 International Conference on Convergence Information Technology, ICCIT 2007, 2007, pp. 670–676. doi: 10.1109/ICCIT.2007.4420336.

O. E. Elejla, M. Anbar, and B. Belaton, “ICMPv6-Based DoS and DDoS Attacks and Defense Mechanisms: Review,” IETE Technical Review (Institution of Electronics and Telecommunication Engineers, India), vol. 34, no. 4, pp. 390–407, Jul. 2017, doi: 10.1080/02564602.2016.1192964.

M. Pohl, “Experimentation and evaluation of IPv6 Secure Neighbor Discovery Protocol,” Naval Postgraduate School, Monterey, CA, 2007. Accessed: Oct. 03, 2021. [Online]. Available: http://hdl.handle.net/10945/3222

M. Tayyab, B. Belaton, and M. Anbar, “ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review,” IEEE Access, 2020, doi: 10.1109/access.2020.3022963.

Supriyanto, “Trust-ND: Lightweight And Secured IPv6 Neighbor Discovery Using A Distributed Trust Mechanism,” Unpublished PhD thesis, Universiti Sains Malaysia, 2015.

L. Rasmusson and S. Jansson, “Simulated Social Control for Secure Internet Commerce,” in Proceedings of the 1996 Workshop on New Security Paradigms, in NSPW ’96. New York, NY, USA: Association for Computing Machinery, 1996, pp. 18–25. doi: 10.1145/304851.304857.

A. Josang and R. Ismail, “The beta reputation system,” in Proceedings of the 15th bled electronic commerce conference, 2002, pp. 2502–2511.

C. J. Mitchell, “Timestamps and authentication protocols,” Surrey, Feb. 2005.

S. Chiu and E. Gamess, “Easy-SEND: A Didactic Implementation of the Secure Neighbor Discovery Protocol for IPv6,” in Proceedings of the World Congress on Engineering and Computer Science 2009, 2009.

T. Chown and S. Venaas, “Rogue IPv6 Router Advertisement Problem Statement,” Feb. 2011. doi: 10.17487/RFC6104.

MITRE, “CWE - 2022 CWE Top 25 Most Dangerous Software Weaknesses.” Accessed: Nov. 01, 2022. [Online]. Available: https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#cwe_top_25

M. Handley, E. Rescorla, and IAB, “Internet Denial-of-Service Considerations,” Dec. 2006, doi: 10.17487/RFC4732.

S. Ramanauskaite and A. Cenys, “Taxonomy of DoS attacks and their countermeasures,” Open Computer Science, vol. 1, no. 3, pp. 355–366, Sep. 2011, doi: 10.2478/s13537-011-0024-y.

R. Rasti, M. Murthy, N. Weaver, and V. Paxson, “Temporal lensing and its application in pulsing denial-of-service attacks,” Proc IEEE Symp Secur Priv, vol. 2015-July, pp. 187–198, Jul. 2015, doi: 10.1109/SP.2015.19.

M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, “An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection,” Pattern Recognit Lett, vol. 51, pp. 1–7, Jan. 2015, doi: 10.1016/J.PATREC.2014.07.019.

A. K. Al-Ani, M. Anbar, S. Manickam, C. Y. Wey, Y.-B. Leau, and A. Al-Ani, “Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-Local Network: A Survey on Limitations and Requirements,” Arab J Sci Eng, vol. 44, no. 4, pp. 3745–3763, Apr. 2019, doi: 10.1007/s13369-018-3643-y.

P. Thulasiraman and Y. Wang, “A Lightweight Trust-Based Security Architecture for RPL in Mobile IoT Networks,” in 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2019, pp. 1–6. doi: 10.1109/CCNC.2019.8651846.

I. H. Hasbullah, M. M. Kadhum, Y.-W. Chong, K. Alieyan, A. Osman, and Supriyanto, “Timestamp utilization in Trust-ND mechanism for securing Neighbor Discovery Protocol.,” in 14th Annual Conference Privacy, Security & Trust, Auckland, New Zealand, 2016, pp. 275–281. doi: 10.1109/PST.2016.7906974.

A. K. Al-Ani, M. Anbar, A. Al-Ani, and D. R. Ibrahim, “Match-Prevention Technique against Denial-of-Service Attack on Address Resolution and Duplicate Address Detection Processes in IPv6 Link-Local Network,” IEEE Access, vol. 8, pp. 27122–27138, 2020, doi: 10.1109/ACCESS.2020.2970787.

S. U. Rehman and S. Manickam, “Novel mechanism to prevent denial of service (DoS) attacks in IPv6 duplicate address detection process,” International Journal of Security and Its Applications, vol. 10, no. 4, pp. 143–154, 2016.

A. Al-Ani, A. K. Al-Ani, S. A. Laghari, S. Manickam, K. W. Lai, and K. Hasikin, “NDPsec: Neighbor Discovery Protocol Security Mechanism,” IEEE Access, 2022, doi: 10.1109/ACCESS.2022.3196028.

M. Anbar, R. Abdullah, R. M. A. Saad, and I. H. Hasbullah, “Review of preventive security mechanisms for neighbour discovery protocol,” Adv Sci Lett, vol. 23, no. 11, pp. 11306–11310, Nov. 2017, doi: 10.1166/asl.2017.10272.

B. Haberman, B. Zill, E. Nordmark, T. Jinmei, and Dr. S. E. Deering, “IPv6 Scoped Address Architecture,” RFC Editor, Mar. 2005. doi: 10.17487/RFC4007.

A. K. Al-Ani, M. Anbar, S. Manickam, and A. Al-Ani, “DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network,” PLoS One, vol. 14, no. 4, Apr. 2019, doi: 10.1371/JOURNAL.PONE.0214518.

A. S. A. Mohamed Sid Ahmed, R. Hassan, and N. E. Othman, “IPv6 Neighbor Discovery Protocol Specifications, Threats and Countermeasures: A Survey,” IEEE Access, vol. 5, pp. 18187–18210, 2017, doi: 10.1109/ACCESS.2017.2737524.

Supriyanto, I. H. Hasbullah, R. K. Murugesan, and S. Ramadass, “Survey of Internet Protocol Version 6 Link Local Communication Security Vulnerability and Mitigation Methods,” IETE Technical Review, vol. 30, no. 1, pp. 64–71, 2013, doi: 10.4103/0256-4602.107341.

W. Fang, W. Zhang, W. Chen, T. Pan, Y. Ni, and Y. Yang, “Trust-Based Attack and Defense in Wireless Sensor Networks: A Survey,” Wirel Commun Mob Comput, vol. 2020, 2020, doi: 10.1155/2020/2643546.

G. Leurent and T. Peyrin, “From collisions to chosen-prefix collisions application to full SHA-1,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11478 LNCS, pp. 527–555, 2019, doi: 10.1007/978-3-030-17659-4_18/COVER.

M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov, “The first collision for full SHA-1,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10401 LNCS, pp. 570–596, 2017, doi: 10.1007/978-3-319-63688-7_19/FIGURES/6.

S. U. Rehman and S. Manickam, “Improved Mechanism to Prevent Denial of Service Attack in IPv6 Duplicate Address Detection Process,” International Journal of Advanced Computer Science and Applications, vol. 8, no. 2, 2017, doi: 10.14569/IJACSA.2017.080209.

F. Buchholz and B. Tjaden, “A Brief Study of Time,” in The Digital Forensic Research Conference, Pittsburgh, PA: Elsevier Ltd, 2007, pp. 31–42. doi: 10.1016/j.diin.2007.06.004.

G. Klyne and C. Newman, “Date and Time on the Internet: Timestamps,” Jul. 2002. doi: 10.17487/rfc3339.

J. L. Loeppky, J. Sacks, and W. J. Welch, “Choosing the sample size of a computer experiment: A practical guide,” Technometrics, vol. 51, no. 4, pp. 366–376, Nov. 2009, doi: 10.1198/TECH.2009.08040.

F. M. Hemez and S. Atamturktur, “The dangers of sparse sampling for the quantification of margin and uncertainty,” Reliab Eng Syst Saf, vol. 96, no. 9, pp. 1220–1231, Sep. 2011, doi: 10.1016/J.RESS.2011.02.015.

D. Bingham, P. Ranjan, and W. J. Welch, “Design of Computer Experiments for Optimization, Estimation of Function

Contours, and Related Objectives,” in Statistics in Action: A Canadian Outlook, 1st ed., Chapman and Hall/CRC, 2014,

pp. 109–124.