Skip to content. | Skip to navigation

Personal tools

This is SunRain Plone Theme

Navigation

You are here: Home / Events / INET Seminar / Ahmad AlSadeh: Augmented SEND

Ahmad AlSadeh: Augmented SEND

Augmented SEND for Early IPv6 Authentication and Authorization
When Apr 23, 2013
from 04:15 PM to 05:15 PM
Where R 560
Contact Name
Add event to calendar vCal
iCal

SEcure Neighbor Discovery (SEND) extends IPv6 Neighbor Discovery Protocol (NDP) with some security options and messages to protect it against various kinds of attacks. SEND relies on Cryptographically Generated Addresses (CGA) and RSA signature Options for address authentication. For the router authorization, SEND uses Authorization Delegation Discovery (ADD) mechanism that is based on hierarchical X.509 certificates. SEND offers the protection for NDP messages against replay attacks by using Nonce and Timestamp Options.

However, SEND is a security standard without matured implementations and its deployment is not easy and thus is challenging. SEND is computation-intensive and bandwidth-consuming. Additionally, SEND's ADD is theoretical rather than practical. Moreover, SEND itself can be vulnerable to Denial of Service (DoS) and privacy-related attacks. Consequently, SEND needs to be adopted for end user. Otherwise, IPv6 local network will be left vulnerable to various kinds of attacks.

This work tackles the problem of SEND deployments.  It has the following contributions. (i) Develop Windows SEcure Neighbor Discovery (WinSEND). It is the first SEND implementation for Windows operating system. (ii) Extend the standard CGA verification algorithm to mitigate DoS attacks. The node discards the NDP message that contains the exact CGA parameters and signature packet as its own because the probability that two legitimate CGA nodes will generate the same interface ID is very low. (iii) Propose the Time-based CGA, where the users determine the desired time as an input for CGA generation and the CGA algorithm return the 'most secure' CGA address within this period of time. (iv) Propose an extension for CGA to protect the user's privacy. The high cost of CGA generation may keep hosts that use a high security values from periodically changing their addresses on a frequent basis. This leaves hosts subject to privacy related attacks. CGA can be more privacy-conscious by changing the addresses over time. (v) Pursue the idea of using the Resource Public Key Infrastructure (RPKI) for ADD mechanism in SEND.

Slides

Document Actions

Filed under:
Navigation
« January 2018 »
January
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
293031
Upcoming Events
RIOT IoT Hackathon Jan 18, 2018 - Jan 19, 2018 — Einstein Forum Berlin
RIOT Hack'n'ACK (2018/01) Jan 30, 2018 05:00 PM - 11:00 PM — HAW Hamburg, BT7, R4.60
C++ User Group (2018/02) Feb 14, 2018 07:00 PM - 09:00 PM — R11.60
Upcoming events…