Experimentation and evaluation of IPv6 Secure Neighbor Discovery Protocol
MetadataShow full item record
The DoD is expected to transition to IPv6 networking within the next few years. The IPv6 Neighbor Discovery Protocol is responsible for autoconfiguration and neighbor address resolution which establishes hosts on the network and allows communication between hosts. IPsec, the default security mechanism for IPv6, does not allow for automatic protection of the autoconfiguration process. Thus, the Secure Neighbor Discovery Protocol (SeND) was created. SeND uses Cryptographically Generated Addresses (CGA) and asymmetric cryptography as a first line of defense against attacks on integrity and identity. It claims to achieve mutual authentication of hosts and routers without the need for a Certification Authority (CA). This thesis evaluates this claim by building a test-bed of SeND enabled hosts. The major findings include: (i) SeND does not really offer mutual authentication without a CA; and (ii) SeND is susceptible to CPU exhaustion attacks.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.