Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI
  • de

Augmented Secure Neighbor Discovery: Aligning Security, Privacy, and Usability

Neighbor Discovery Protocol (NDP) is a fundamental element of the IPv6 suite. NDP is responsible for discovering routers and other \on-link" devices, determining their link-layer addresses, and maintaining reachability information about the paths to active neighbors. However, NDP messages are not authenticated, which allows attackers to carry out di erent types of attacks such as spoo ng, replay, Man-in-the-Middle (MitM), and Denial of Service (DoS) attacks. Thus, SEcure Neighbor Discovery (SEND) has been proposed as an extension for NDP to mitigate these attacks. SEND uses Cryptographically Generated Addresses (CGAs) and RSA signatures to prevent theft of existing IPv6 addresses, and it uses Nonce and Timestamp Options to prevent replay attacks. It relies on the Authorization Delegation Discovery (ADD) mechanism to verify the authority of routers.

Although SEND is a proposed standard, there are several obstacles that hinder its deployment: It is computer intensive and bandwidth consuming. SEND can be exposed to some types of DoS attacks. The ADD of SEND is not straightforward, but a complex process of certi cate delegation. Also, SEND lacks mature implementations for end-user operating systems such as Windows.

To tackle the aforementioned obstacles, we thoroughly analyzed all SEND elements by examining the underlying algorithms, explored the possible attacks against SEND, and discussed the appropriate operation mode for SEND with respect to performance, security, privacy, and usability.

We proposed several modi cations to SEND: (i) a Time-Based CGA, where the nodes can obtain the \most secure" address within a speci c period of time, (ii) a more privacyconscious CGA through changing addresses over time, (iii) an extension of the CGA verifcation algorithm to mitigate DoS attacks, and (iv) a Compact and more Secure CGA (CS-CGA), where we adopted Elliptic Curve Cryptograph (ECC) keys in CGA++. We implementedWindows SEND (WinSEND) to demonstrate and evaluate the feasibility of our contributions to enhance SEND. Besides that, we proposed a collaborative approach between SEND and IPsec, where IPsec uses the CGA parameters and RSA signature key obtained by SEND instead of negotiating its own authentication credentials. This not only saves time, but also reduces the hurdles involved in IPsec authentication confguration.

Our evaluation demonstrates that our augmented SEND has several bene ts in a real world network, including the ability to mitigate DoS attacks against SEND, diminish possible CGA privacy concerns, and determine the best level of security within a given time period. These enhancements allow users to deploy SEND based on their own preferences in terms of security level, privacy setting, and time complexity.