The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July-Aug. (2012 vol.10)
pp: 26-34
Ahmad AlSa'deh , Hasso-Plattner-Institut
Christoph Meinel , Hasso-Plattner-Institut
ABSTRACT
Neighbor Discovery Protocol (NDP) is one of the main protocols in IPv6 suite. However, it has no security mechanisms and is vulnerable to various attacks. Using an RSA key pair, cryptographically generated addresses, a digital signature, and X.509 certificates, Secure Neighbor Discovery (SEND) is designed to countermeasure NDP threats. Unfortunately, SEND deployment is still a challenge for several reasons. First, SEND is compute intensive. Second, its deployment isn't trivial, and its authorization delegation discovery mechanism is theoretical rather than practical. Third, operating systems lack sophisticated SEND implementations. In this article, the authors give an overview of the SEND deployment challenges and review some of the proposals to optimize SEND to make it applicable.
INDEX TERMS
Public key cryptography, Protocols, Authorization, Privacy, IP networks, CGAs, network-level security and protection, IPv6 security, cryptographically generated address
CITATION
Ahmad AlSa'deh, Christoph Meinel, "Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations", IEEE Security & Privacy, vol.10, no. 4, pp. 26-34, July-Aug. 2012, doi:10.1109/MSP.2012.27
REFERENCES
1. T. Narten et al., “Neighbor Discovery for IP Version 6 (IPv6),” RFC 4861, Sept. 2007; http://tools.ietf.org/htmlrfc4861.
2. S. Thomson, T. Narten, and T. Jinmei, “IPv6 Stateless Address Autoconfiguration,” RFC 4862, Sept. 2007; http://tools.ietf.org/htmlrfc4862.
3. P. Nikander, J. Kempf, and E. Nordmark, “IPv6 Neighbor Discovery (ND) Trust Models and Threats,” RFC 3756, May 2006; http://tools.ietf.org/htmlrfc3756.
4. J. Arkko et al., “SEcure Neighbor Discovery (SEND),” RFC 3971, Mar. 2005; http://tools.ietf.org/htmlrfc3971.
5. T. Aura, “Cryptographically Generated Addresses (CGA),” RFC 3972, Mar. 2005; http://tools.ietf.org/htmlrfc3972.
6. A. Conta, S. Deering, and M. Gupta, “Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification,” RFC 4443, Mar. 2006; http://tools.ietf.org/htmlrfc4443.
7. T. Narten, R. Draves, and S. Krishnan, “Privacy Extensions for Stateless Address Autoconfiguration in IPv6,” RFC 4941, Sept. 2007; http://tools.ietf.org/htmlrfc4941.
8. R. Hinden and S. Deering, “IP Version 6 Addressing Architecture,” RFC 4291, Feb. 2006; http://tools.ietf.org/htmlrfc4291.
9. “IPv6 Secure Neighbor Discovery: Protecting Your IPv6 Layer 2 Access Network,” Cisco Systems, 2009; www.cisco.com/en/US/prod/collateral/iosswrel/ ps6537/ps6553whitepaper_c11-602135.html .
10. J.W. Bos, O. Özen, and J.-P. Hubaux, “Analysis and Optimization of Cryptographically Generated Addresses,” LNCS 5735, Springer, 2009, pp. 17–32.
11. A. AlSa'deh,H. Rafiee, and C. Meinel, “Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses,” Proc. 26th IEEE Int'l Conf. Information Networking (ICOIN 12), IEEE, 2012, pp. 257–262.
12. S. Jiang, “Analysis of Possible DHCPv6 and CGA Interactions,” draft, 12 Mar. 2012; http://tools.ietf.org/htmldraft-ietf-csi-dhcpv6-cga-ps-09 .
13. S. Chiu and E. Gamess, “A Free and Didactic Implementation of the SEND Protocol for IPv6,” Machine Learning and Systems Engineering, vol. 68, S.-I. Ao, B. Rieger, and M.A. Amouzegar eds. Springer, 2010, pp. 451–463.
14. H. Rafiee, A. AlSa'deh, and C. Meinel, “WinSEND: Windows Secure Neighbor Discovery,” Proc. 4th Int'l Conf. Security of Information and Networks (SIN 11), ACM, 2011, pp. 243–246.
15. A. Kukek and B.A. Zeeb, “Native Send Kernel API for BSD,” 2010; http://people.freebsd.org/~anchieSeND_AsiaBSDCon_2010.pdf .
16. T. Cheneau, A. Boudguiga, and M. Laurent, “Significantly Improved Performances of the Cryptographically Generated Addresses Thanks to ECC and GPGPU,” Computers & Security, vol. 29, no. 4, 2010, pp. 419–431.
17. S. Guangxue et al., “A Quick CGA Generation Method,” Proc. 2nd Int'l Conf. Future Computer and Communication (ICFCC), IEEE, 2010, pp. V1-769–V1-773.
18. S. Jiang and S. Xia, “Configuring Cryptographically Generated Addresses (CGA) Using DHCPv6,”11 Apr. 2012; http://tools.ietf.org/htmldraft-ietf-dhc-cga-config-dhcpv6-02 .
19. H. Rafiee, A. AlSa'deh, and C. Meinel, “Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems,” Proc. 26th IEEE Int'l Conf. Information Networking (ICOIN 12), IEEE, 2012, pp. 269–274.
20. T. Aura and M. Roe, “Strengthening Short Hash Values,” 2009; http://citeseerx.ist.psu.edu/viewdocsummary?doi=10.1.1.145.7681 .
21. E. Levy et al., “IPv6 Router Advertisement Guard,” RFC 6105, Feb. 2011; http://tools.ietf.org/htmlrfc6105.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool