Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30127
A Distributed Cryptographically Generated Address Computing Algorithm for Secure Neighbor Discovery Protocol in IPv6

Authors: M. Moslehpour, S. Khorsandi

Abstract:

Due to shortage in IPv4 addresses, transition to IPv6 has gained significant momentum in recent years. Like Address Resolution Protocol (ARP) in IPv4, Neighbor Discovery Protocol (NDP) provides some functions like address resolution in IPv6. Besides functionality of NDP, it is vulnerable to some attacks. To mitigate these attacks, Internet Protocol Security (IPsec) was introduced, but it was not efficient due to its limitation. Therefore, SEND protocol is proposed to automatic protection of auto-configuration process. It is secure neighbor discovery and address resolution process. To defend against threats on NDP’s integrity and identity, Cryptographically Generated Address (CGA) and asymmetric cryptography are used by SEND. Besides advantages of SEND, its disadvantages like the computation process of CGA algorithm and sequentially of CGA generation algorithm are considerable. In this paper, we parallel this process between network resources in order to improve it. In addition, we compare the CGA generation time in self-computing and distributed-computing process. We focus on the impact of the malicious nodes on the CGA generation time in the network. According to the result, although malicious nodes participate in the generation process, CGA generation time is less than when it is computed in a one-way. By Trust Management System, detecting and insulating malicious nodes is easier.

Keywords: NDP, IPsec, SEND, CGA, Modifier, Malicious node, Self-Computing, Distributed-Computing.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1339259

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1018

References:


[1] Neighbor Discovery Protocol, http://howdoesinternetwork.com/2012/ndp-ipv6-neighbor-discovery-protocol.
[2] T. Narten, E. Nordmark, W. Simpson, Neighbor Discovery for IP version 6 (IPv6), RFC2461, Internet Engineering Task Force, Dec. 1998.
[3] M. Moslehpour, S. Khorsandi, Improving Cryptographically Generated Address Algorithm in IPv6 Secure Neighbor Discovery Protocol through Trust Management,” In Press, 18th International Conference on Information and Communications Security (ICICS), Jun, 2016.
[4] A. AlSa’deh, H. Rafiee, and C. Meinel, Secure Neighbor Discovery: A Cryptographic Solution for Securing IPv6 Local Link Operation, Theory and Practice of Cryptography Solutions for Secure Information Systems Book, May, 2013.
[5] J. Arkko, J. Kempf, B. Zill, and P. Nikander, Secure Neighbor Discovery (SEND), RFC 3971, Internet Engineering Task Force, Mar. 2005.
[6] H. Rafiee, A. AlSa’deh, and C. Meinel, Multicore-Based Auto-Scaling Secure Neighbor Discovery for Windows Operating Systems, 26th IEEE International Conference on Information Networking (ICOIN), Feb. 2012.
[7] A. Conta, S. Deering, M. Gupta, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, RFC 4443, Internet Engineering Task Force, March 2006.
[8] T. Aura (2005), Cryptographically Generated Addresses (CGA) (Online). Available: http://tools.ietf.org/pdf/rfc3972.pdf
[9] OS Platform Statistics, http://www.w3schools.com/browsers/browsers_os.asp, 2011.
[10] Jiang, S., & Xia, S. (2012). Configuring cryptographically generated addresses (CGA) using DHCPv6.Retrieved from http://tools.ietf.org/html/draft-ietf-dhc-cga-config-dhcpv6-02.
[11] A. Moore, N. (2006). Optimistic duplicate address detection (DAD) for IPv6.Retrieved from http://tools.ietf.org/html/rfc4429.
[12] H. Rafiee, A. AlSa’deh, and C. Meinel, Multicore-Based Auto-Scaling Secure Neighbor Discovery for Windows Operating Systems, 26th IEEE International Conference on Information Networking (ICOIN), Feb. 2012.
[13] T. Cheneau, T. Boudguiga, A., & Laurent, M. (2010). Significantly Improved Performance of the Cryptographically Generated Addresses thanks to ECC and GPGPU. Computers & Security, 29(4), 419-431. Doi;10.1016/j.cose.2009.12.008.