Experimentation and Evaluation of IPV6 Secure Neighbor Discovery Protocol

Abstract

The DoD is expected to transition to IPv6 networking within the next few years. The IPv6 Neighbor Discovery Protocol is responsible for autoconfiguration and neighbor address resolution which establishes hosts on the network and allows communication between hosts. IPsec, the default security mechanism for IPv6, does not allow for automatic protection of the autoconfiguration process. Thus, the Secure Neighbor Discovery Protocol (SeND) was created. SeND uses Cryptographically Generated Addresses (CGA) and asymmetric cryptography as a first line of defense against attacks on integrity and identity. It claims to achieve mutual authentication of hosts and routers without the need for a Certification Authority (CA). This thesis evaluates this claim by building a test-bed of SeND enabled hosts. The major findings include: (i) that SeND does not really offer mutual authentication without a CA; (ii) using computationally intensive cryptography as the first line of defense allows CPU exhaustion attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2007
Accession Number
ADA474402

Entities

People

  • Marcin Pohl

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Authentication
  • Birds
  • Computer Access Control
  • Computer Communications
  • Computer Networks
  • Computer Programs
  • Computers
  • Cryptography
  • Denial Of Service Attack
  • Detection
  • Local Area Networks
  • Network Protocols
  • Network Science
  • Operating Systems
  • Performance Tests
  • Security
  • Security Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Psychological Intervention/Treatment for Stress, Anxiety, PTSD, and Related Emotional and Cognitive Health Symptoms.

Technology Areas

  • Cyber