Issue No.04 - July-Aug. (2012 vol.10)
Ahmad AlSa'deh , Hasso-Plattner-Institut
Christoph Meinel , Hasso-Plattner-Institut
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.27
Neighbor Discovery Protocol (NDP) is one of the main protocols in IPv6 suite. However, it has no security mechanisms and is vulnerable to various attacks. Using an RSA key pair, cryptographically generated addresses, a digital signature, and X.509 certificates, Secure Neighbor Discovery (SEND) is designed to countermeasure NDP threats. Unfortunately, SEND deployment is still a challenge for several reasons. First, SEND is compute intensive. Second, its deployment isn't trivial, and its authorization delegation discovery mechanism is theoretical rather than practical. Third, operating systems lack sophisticated SEND implementations. In this article, the authors give an overview of the SEND deployment challenges and review some of the proposals to optimize SEND to make it applicable.
Public key cryptography, Protocols, Authorization, Privacy, IP networks, CGAs, network-level security and protection, IPv6 security, cryptographically generated address
Ahmad AlSa'deh, Christoph Meinel, "Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations", IEEE Security & Privacy, vol.10, no. 4, pp. 26-34, July-Aug. 2012, doi:10.1109/MSP.2012.27