Experimentation and evaluation of IPv6 Secure Neighbor Discovery Protocol
Loading...
Authors
Pohl, Marcin.
Subjects
Advisors
Xie, Geoffrey
Date of Issue
2007-09
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
The DoD is expected to transition to IPv6 networking within the next few years. The IPv6 Neighbor Discovery Protocol is responsible for autoconfiguration and neighbor address resolution which establishes hosts on the network and allows communication between hosts. IPsec, the default security mechanism for IPv6, does not allow for automatic protection of the autoconfiguration process. Thus, the Secure Neighbor Discovery Protocol (SeND) was created. SeND uses Cryptographically Generated Addresses (CGA) and asymmetric cryptography as a first line of defense against attacks on integrity and identity. It claims to achieve mutual authentication of hosts and routers without the need for a Certification Authority (CA). This thesis evaluates this claim by building a test-bed of SeND enabled hosts. The major findings include: (i) SeND does not really offer mutual authentication without a CA; and (ii) SeND is susceptible to CPU exhaustion attacks.
Type
Thesis
Description
Series/Report No
Department
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 87 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.