Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017, Article ID 5838657, 9 pages
Research Article

An SDN-Based Authentication Mechanism for Securing Neighbor Discovery Protocol in IPv6

South China University of Technology, Guangzhou, China

Correspondence should be addressed to Meng Wang; nc.ude.tucs.liam@51m.w

Received 18 September 2016; Revised 27 November 2016; Accepted 13 December 2016; Published 24 January 2017

Academic Editor: Jesús Díaz-Verdejo

Copyright © 2017 Yiqin Lu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite, and it provides many basic functions for the normal operation of IPv6 in a local area network (LAN), such as address autoconfiguration and address resolution. However, it has many vulnerabilities that can be used by malicious nodes to launch attacks, because the NDP messages are easily spoofed without protection. Surrounding this problem, many solutions have been proposed for securing NDP, but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes, which is inevitable in the traditional distributed networks. Nevertheless, Software-Defined Networking (SDN) provides a new perspective to think about protecting NDP. In this paper, we proposed an SDN-based authentication mechanism to verify the identity of NDP packets transmitted in a LAN. Using the centralized control and programmability of SDN, it can effectively prevent the spoofing attacks and other derived attacks based on spoofing. In addition, this mechanism needs no additional protocol supporting or configuration at hosts and routers and does not introduce any dedicated devices.