Hasso-Plattner-Institut
 
    • de
 

Why WinSEND?

SEcure Neighbor Discovery (SEND), RFC 3972, is yet not supported in Windows XP/Vista/7. This means that the majority of hosts are not secured by SEND since the Windows family of operating systems is the most popular, accounting for more than 80% of the user-base compared to the other operating systems. This deficiency leaves IPv6 local networks vulnerable to many types of attacks and consequently will lead to a limited deployment of IPv6.
In order to address this problem, we have implemented a version SEND for  use with the Windows Family (WinSEND) of operating systems. This implementation makes use of information contained in both RFC 3972,"Cryptographically Generated Addresses (CGA)", and RFC 3971, "SEcure Neighbor Discovery (SEND)". Because RFCs usually only specify what is to be implemented, rather than how to implement it, we have make major efforts with both the architecture and engineering phases of the development to make this implementation as seamless as possible. In this way we hope to have achieved a solid implementation of SEND for Windows which will finally help to unleash the complete deployment of IPv6.

Basic Functionalities

WinSEND is a SEcure Neighbor Discovery (SEND) implementation for the Windows families of operating systems. It has the functionalities of SEND, such as Cryptographically Generated Addresses (CGA), RSA signature generation and verification. WinSEND attaches CGA, the RSA Signature, Nonce, and Timestamp options to Secure ND Messages. In addition, it performs the router authorization process. WinSEND has direct access to the Network Interface Card (NIC) and efficiently handles NDP messages. It works as a service with easy to use user interface with which to set the security parameters for selected NICs.

RFCs Implementation

WinSEND is an implementation that makes use of the information contained in the following RFCs:

  • RFC 3971: SEcure Neighbor Discovery (SEND)
  • RFC 3972: Cryptographically Generated Addresses (CGA)
  • RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers

WinSEND Design and Architecture

WinSEND is divided into 3 components: WinSEND service, User Interface, and Main Libraries. The WinSEND Main Libraries contain shared classes that are called by both the WinSEND Service and the User Interface. The User Interface allows users to set or modify WinSEND input parameters, such as the security level for the CGA generation algorithm, the RSA key size, and the desired Network Interface Card. The WinSEND service is integrated into the Windows Operating System in order to secure NDP messages. Some WinSEND parameters, such as key size, desired network interface, and CGA address, are stored in an XML format.

 

WinSEND main components

Download

Not available for public yet!

Publications

Please refer to our complete list of publications related to IPv6 Security

Former Team member

Dr. rer. nat. Ahmad AlSadeh

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.