Using multi-address generation and duplicate address detection to prevent DoS in IPv6

The Neighbour Discovery Protocol and the Address Resolution Protocol are important protocols in the data link layer. Their functions include Internet Protocol (IP) address configuration, resolving the correspondence between an IP address and a medium access control address, and duplicate address detection (DAD). In DAD, the new address that the node is going to use is public, and thus, it is vulnerable to malicious node attacks. Moreover, address configuration is inefficient because only one address is generated and detected each time. In this study, the authors propose a multi-address generation and DAD scheme called MAGD. MAGD generates a set of addresses each time, but only discloses a part of the set during DAD, thereby reducing the risk of being attacked. DAD will only fail when all the addresses are in conflict, and thus, the efficiency of node's address configuration is enhanced. Experiments show that the additional overhead in the CPU and memory caused by MAGD's multiple address configuration is within an acceptable range. When subjected to denial-of-service (DoS) attacks, MAGD performs better than traditional encryption schemes.