Experimentation and evaluation of IPv6 Secure Neighbor Discovery Protocol

Pohl, Marcin.

Download

07Sep_Pohl.pdf (714.5Kb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

Pohl, Marcin.

Date

2007-09

Advisor

Xie, Geoffrey

Second Reader

Fulp, J.D.

Metadata

Show full item record

Abstract

The DoD is expected to transition to IPv6 networking within the next few years. The IPv6 Neighbor Discovery Protocol is responsible for autoconfiguration and neighbor address resolution which establishes hosts on the network and allows communication between hosts. IPsec, the default security mechanism for IPv6, does not allow for automatic protection of the autoconfiguration process. Thus, the Secure Neighbor Discovery Protocol (SeND) was created. SeND uses Cryptographically Generated Addresses (CGA) and asymmetric cryptography as a first line of defense against attacks on integrity and identity. It claims to achieve mutual authentication of hosts and routers without the need for a Certification Authority (CA). This thesis evaluates this claim by building a test-bed of SeND enabled hosts. The major findings include: (i) SeND does not really offer mutual authentication without a CA; and (ii) SeND is susceptible to CPU exhaustion attacks.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

URI

http://hdl.handle.net/10945/3222

Collections

1. Thesis and Dissertation Collection, all items