CFP last date
20 January 2026
Call for Paper
February Edition
IJCA solicits high quality original research papers for the upcoming February edition of the journal. The last date of research paper submission is 20 January 2026

Submit your paper
Know more
The week's pick
Responsive image
DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities

Joy Selasi Agbesi
Random Articles
Reseach Article

DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities

by Joy Selasi Agbesi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 70
Year of Publication: 2025
Authors: Joy Selasi Agbesi
10.5120/ijca2025926028

Joy Selasi Agbesi . DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities. International Journal of Computer Applications. 187, 70 ( Dec 2025), 14-25. DOI=10.5120/ijca2025926028

@article{ 10.5120/ijca2025926028,
author = { Joy Selasi Agbesi },
title = { DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities },
journal = { International Journal of Computer Applications },
issue_date = { Dec 2025 },
volume = { 187 },
number = { 70 },
month = { Dec },
year = { 2025 },
issn = { 0975-8887 },
pages = { 14-25 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number70/dhcpv6-security-threats-in-smart-city-infrastructure-a-comprehensive-case-study-of-usa-municipalities/ },
doi = { 10.5120/ijca2025926028 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-12-31T19:15:09+05:30
%A Joy Selasi Agbesi
%T DHCPv6 Security Threats in Smart City Infrastructure: A Comprehensive Case Study of USA Municipalities
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 70
%P 14-25
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The proliferation of Internet Protocol version 6 (IPv6) in smart city infrastructure has introduced significant security vulnerabilities, particularly within Dynamic Host Configuration Protocol version 6 (DHCPv6) implementations. This comprehensive study examines DHCPv6 security threats affecting municipal infrastructure across the United States, analyzing critical vulnerabilities identified between 2023 and 2025. Through systematic analysis of documented exploits including CVE-2023-20080, CVE-2023-28231, and CVE-2024-38063, this research reveals that 73% of surveyed municipalities lack comprehensive DHCPv6 security protocols. The study employs a rigorous mixed-methods approach combining vulnerability assessment frameworks (utilizing Nmap v7.94 with IPv6 scripts, THC-IPv6 toolkit v3.8, and Nessus Professional v10.5), quantitative network traffic analysis using Wireshark v4.0, structured surveys (n=93, response rate 73%), and detailed case studies from five major US cities representing diverse operational contexts (populations ranging from 68,000 to 850,000). Statistical analysis employed IBM SPSS Statistics v28.0 for correlation analysis (Pearson r), multiple regression modeling, and inferential statistics with significance testing at α=0.05 level. Findings indicate that DHCPv6 rogue server attacks (82% of vulnerable municipalities), denial-of-service vulnerabilities (43% of Cisco-equipped municipalities), and address spoofing represent the most prevalent threats to municipal IoT networks, with public Wi-Fi infrastructure showing the highest vulnerability rate (86%, n=104). The research demonstrates through controlled penetration testing (600+ trials across five replicated test environments) that implementing rate-limiting mechanisms, DHCPv6 guard features, and network segmentation reduces successful attack vectors by approximately 84%, with rogue server vulnerability reduction of 89% (p<0.001) when DHCPv6 guard features are enabled. Attack simulation experiments validated practical exploitability with 94% success rate for rogue server attacks (average exploitation time: 12.3 ± 3.1 minutes) and 87% success rate for denial-of-service attacks against CVE-2023-20080 vulnerabilities (average recovery time: 43.1 ± 12.3 minutes). This study contributes to the growing body of knowledge on smart city cybersecurity by providing empirical evidence of DHCPv6 vulnerabilities, quantitative analysis of countermeasure effectiveness, and proposing a comprehensive five-phase security framework tailored for municipal implementations. The practical implications extend to policymakers, network administrators, and urban planners responsible for securing critical infrastructure in increasingly interconnected urban environments.

References
  1. Rafiq, M., Aslam, M., Akram, M. U., & Qureshi, M. A. (2023). IoT applications and challenges in smart cities and services. The Journal of Engineering, 2023(5), e12262. https://doi.org/10.1049/tje2.12262
  2. Cisco Systems. (2023). Cisco IOS and IOS XE Software IPv6 DHCP relay and server denial of service vulnerability (CVE-2023-20080). Cisco Security Advisory.
  3. Microsoft Corporation. (2023). Microsoft Windows DHCPv6 server remote code execution vulnerability (CVE-2023-28231). Microsoft Security Response Center.
  4. Riggs, H., Wender, S., & Hines, P. (2023). Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure. Sensors, 23(8), 4060. https://doi.org/10.3390/s23084060
  5. Al-Jaroodi, J., Mohamed, N., Abukhousa, E., & Jawhar, I. (2023). An overview of cyber threats, attacks, and countermeasures on the primary domains of smart cities. Applied Sciences, 13(2), 790. https://doi.org/10.3390/app13020790
  6. Noor, M. B. M., & Hassan, W. H. (2019). Current research on internet of things (IoT) security: A survey. Computer Networks, 148, 283-294. https://doi.org/10.1016/j.comnet.2018.11.025
  7. Mohanta, B. K., Jena, D., Satapathy, U., & Patnaik, S. (2020). Survey on IoT security: Challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet of Things, 11, 100227. https://doi.org/10.1016/j.iot.2020.100227
  8. Sharma, S., Sharma, K., & Gupta, A. (2023). Challenges and vulnerability assessment of cybersecurity in IoT-enabled smart cities. Wireless Networks, 29(6), 2847-2869. https://doi.org/10.1007/s11276-023-03493-4
  9. Sahu, S. K., & Mazumdar, K. (2024). Exploring security threats and solutions techniques for internet of things (IoT): From vulnerabilities to vigilance. Frontiers in Artificial Intelligence, 7, 1397480. https://doi.org/10.3389/frai.2024.1397480
  10. Katos, V. (2007). Network intrusion detection: Evaluating cluster, discriminant, and logit analysis. Information Sciences, 177(15), 3060–3073. https://doi.org/10.1016/j.ins.2007.02.034
  11. Sharma, S., Sharma, K., & Gupta, A. (2023). Challenges and vulnerability assessment of cybersecurity in IoT-enabled smart cities. Wireless Networks, 29(6), 2847-2869. https://doi.org/10.1007/s11276-023-03493-4
  12. CISA, NSA, FBI, MS-ISAC, & Multi-State ISAC. (2023). Cybersecurity best practices for smart cities. Joint Cybersecurity Advisory.
  13. Wheelus, C., & Zhu, X. (2020). IoT network security: Threats, risks, and a data-driven defense framework. Internet of Things, 1(2), 259-285.
  14. Haq, I., Esuka, O. M., Ahmad, A., Khan, S., Dar, S. H., Baig, A., & Lee, S. (2023). Analysis of IoT security challenges and its solutions using artificial intelligence. Brain Sciences, 13(4), 683. https://doi.org/10.3390/brainsci13040683
  15. Hameed, S., Khan, F. I., & Hameed, B. (2022). Smart contract-based security architecture for collaborative services in municipal smart cities. Computer Communications, 196, 163-176. https://doi.org/10.1016/j.comcom.2022.09.017
  16. Behal, S., & Kumar, K. (2017). Detection of DDoS attacks and flash events using information theory metrics–An empirical investigation. Computer Communications, 103, 18–28. https://doi.org/10.1016/j.comcom.2017.02.003
  17. National Security Agency. (2023). IPv6 security guidance. NSA Cybersecurity Information Sheet.
  18. Microsoft Corporation. (2024). Windows TCP/IP IPv6 remote code execution vulnerability (CVE-2024-38063). Microsoft Security Response Center.
  19. Creswell, J. W., & Plano Clark, V. L. (2018). Designing and conducting mixed methods research (3rd ed.). SAGE Publications.
  20. Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77-101. https://doi.org/10.1191/1478088706qp063oa
Index Terms

Computer Science
Information Sciences

Keywords

DHCPv6 security smart city infrastructure IPv6 vulnerabilities municipal cybersecurity IoT network protection critical infrastructure security vulnerability assessment penetration testing rogue server attacks network segmentation

Powered by PhDFocusTM