Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security
نویسندگان
چکیده
IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers, and to maintain reachability information about the paths to active neighbors. Secure Neighbor Discovery Protocol (SEND Protocol) is a security extension of Neighbor Discovery. The SEND protocol is designed to counter the threats to NDP. This paper presents the threats and security analysis for SEND and all the possible security options for more secure IPv6 Neighbor Discovery Protocol. Keyword: IPV6, Secured Neighbor Discovery Protocol, CGA, NDP
منابع مشابه
Improvement of Address Resolution Security in IPv6 Local Network using Trust-ND
The principle of a computer network is transferring information in terms of packets from one node to another. To do this the communicating nodes has to be assigned an Internet Protocol (IP) address. However, in a local area network, the availability of IP address alone is not enough to do communication. It also needs neighboring nodes Medium Access Control (MAC) address. The current Internet in...
متن کاملAn Enhanced Security Protocol for Fast Mobile IPv6
Recently, Kempf and Koodli have proposed a security protocol for Fast Mobile IPv6 (FMIPv6). Through the SEcure Neighbor Discovery (SEND) protocol, it achieves secure distribution of a handover key, and consequently becomes a security standard for FMIPv6. However, it is still vulnerable to redirection attacks. In addition, due to the SEND protocol, it suffers from denial of service attacks and e...
متن کاملSurvey of Internet Protocol Version 6 Link Local Communication Security Vulnerability and Mitigation Methods
IPv6 is a network layer protocol of the OSI reference model. IPv6 uses the Neighbor Discovery Protocol (NDP) that works on link local scope of IPv6 network. NDP covers host initialization and address auto configuration that is one of IPv6 advantages and other important functionalities. IPv6 mandates to support Internet Protocol Security (IPSec) for end‐to‐end communication security. However, th...
متن کاملA Security Analysis on Kempf-Koodli's Security Scheme for Fast Mobile IPv6
Recently, the security scheme, proposed by Kempf and Koodli, has been adopted as a security standard for Fast handover for Mobile IPv6. But, it does not prevent denial of service attacks while resulting in high computation cost. More importantly, we find that it is still vulnerable to redirection attacks because it fails to secure the Unsolicited Neighbor Advertisement messages. In this paper, ...
متن کاملSecure Neighbor Discovery Working
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as refer...
متن کامل