Improving Cryptographically Generated Address Algorithm in IPv6 Secure Neighbor Discovery Protocol through Trust Management
Authors: M. Moslehpour, S. Khorsandi
Abstract:
As transition to widespread use of IPv6 addresses has gained momentum, it has been shown to be vulnerable to certain security attacks such as those targeting Neighbor Discovery Protocol (NDP) which provides the address resolution functionality in IPv6. To protect this protocol, Secure Neighbor Discovery (SEND) is introduced. This protocol uses Cryptographically Generated Address (CGA) and asymmetric cryptography as a defense against threats on integrity and identity of NDP. Although SEND protects NDP against attacks, it is computationally intensive due to Hash2 condition in CGA. To improve the CGA computation speed, we parallelized CGA generation process and used the available resources in a trusted network. Furthermore, we focused on the influence of the existence of malicious nodes on the overall load of un-malicious ones in the network. According to the evaluation results, malicious nodes have adverse impacts on the average CGA generation time and on the average number of tries. We utilized a Trust Management that is capable of detecting and isolating the malicious node to remove possible incentives for malicious behavior. We have demonstrated the effectiveness of the Trust Management System in detecting the malicious nodes and hence improving the overall system performance.
Keywords: NDP, SEND, CGA, modifier, malicious node.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1339269
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1154References:
[1] A. AlSa’deh, H. Rafiee, and C. Meinel, “Secure Neighbor Discovery: A Cryptographic Solution for Securing IPv6 Local Link Operation”, Theory and Practice of Cryptography Solutions for Secure Information Systems Book, May, 2013.
[2] P. Nikander, J. Kempf, and E. Nordmark, “IPv6 Neighbor Discovery (ND) Trust Models and Threats”, RFC 3756 (Informational), Internet Engineering Task Force, May 2004.
[3] J. Arkko, J. Kempf, B. Zill, and P. Nikander, “Secure Neighbor Discovery (SEND)”, RFC 3971, Internet Engineering Task Force, March 2005.
[4] H. Rafiee, A. AlSa’deh, and Ch. Meinel, “Multicore-Based Auto-Scaling Secure Neighbor Discovery for Windows Operating Systems”, 26th IEEE International Conference on Information Networking (ICOIN), February 2012.
[5] A. Conta, S. Deering, M. Gupta, “Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification”, RFC 4443, Internet Engineering Task Force, March 2006.
[6] A. Raghavan, “Secure Neighbor Discovery: A Report”.
[7] S. Qadir and M.U. Siddiqi, “Cryptographically Generated Addresses (CGAs): A Survey and an Analysis of Performance for Use in Mobile Environment”, IJCSNS International Journals of Computer Science and Network Security, February 2011.
[8] T. Aura, “Cryptographically Generated Addresses (CGA)”. RFC 3972, Internet Engineering Task Force, March 2005. Online Available: http://tools.ietf.org/pdf/rfc3972.pdf.
[9] T. Cheneau, A. Boudguiga, M. Laurent, “Significantly Improved Performance of the Cryptographically Generated Addresses Thanks to ECC and GPGPU”, Computers and Security, Elsevier, 2010.
[10] S. Jiang & Z. Xia, “Configuring cryptographically generated addresses (CGA) using DHCPv6”.Retrieved from http://tools.ietf.org/html/draft-ietf-dhc-cga-config-dhcpv6-02, 2012.
[11] N. Moore, “Optimistic duplicate address detection (DAD) for IPv6”. RFC 4429, Internet Engineering Task Force, September 2006.
[12] H. Rafiee, A. AlSa’deh, and Ch. Meinel, “WinSEND: Windows SEcure Neighbor Discovery”, 4th International Conference on Security of Information and Networks (SIN 2011), 14-19 November 2011, Sydney, Australia 2011.
[13] OS Platform Statistics, http://www.w3schools.com/browsers/browsers_os.asp, 2011.