Augmented Secure Neighbor Discovery: Aligning Security, Privacy, and Usability
Neighbor Discovery Protocol (NDP) is a fundamental element of the IPv6 suite. NDP is responsible for discovering routers and other \on-link" devices, determining their link-layer addresses, and maintaining reachability information about the paths to active neighbors. However, NDP messages are not authenticated, which allows attackers to carry out dierent types of attacks such as spoong, replay, Man-in-the-Middle (MitM), and Denial of Service (DoS) attacks. Thus, SEcure Neighbor Discovery (SEND) has been proposed as an extension for NDP to mitigate these attacks. SEND uses Cryptographically Generated Addresses (CGAs) and RSA signatures to prevent theft of existing IPv6 addresses, and it uses Nonce and Timestamp Options to prevent replay attacks. It relies on the Authorization Delegation Discovery (ADD) mechanism to verify the authority of routers.
Although SEND is a proposed standard, there are several obstacles that hinder its deployment: It is computer intensive and bandwidth consuming. SEND can be exposed to some types of DoS attacks. The ADD of SEND is not straightforward, but a complex process of certicate delegation. Also, SEND lacks mature implementations for end-user operating systems such as Windows.
To tackle the aforementioned obstacles, we thoroughly analyzed all SEND elements by examining the underlying algorithms, explored the possible attacks against SEND, and discussed the appropriate operation mode for SEND with respect to performance, security, privacy, and usability.
We proposed several modications to SEND: (i) a Time-Based CGA, where the nodes can obtain the \most secure" address within a specic period of time, (ii) a more privacyconscious CGA through changing addresses over time, (iii) an extension of the CGA verifcation algorithm to mitigate DoS attacks, and (iv) a Compact and more Secure CGA (CS-CGA), where we adopted Elliptic Curve Cryptograph (ECC) keys in CGA++. We implementedWindows SEND (WinSEND) to demonstrate and evaluate the feasibility of our contributions to enhance SEND. Besides that, we proposed a collaborative approach between SEND and IPsec, where IPsec uses the CGA parameters and RSA signature key obtained by SEND instead of negotiating its own authentication credentials. This not only saves time, but also reduces the hurdles involved in IPsec authentication confguration.
Our evaluation demonstrates that our augmented SEND has several benets in a real world network, including the ability to mitigate DoS attacks against SEND, diminish possible CGA privacy concerns, and determine the best level of security within a given time period. These enhancements allow users to deploy SEND based on their own preferences in terms of security level, privacy setting, and time complexity.