SEcure Neighbor Discovery (SEND)

Ye, TingWang, Feng

Content

1. Some Terms in SEND2. Introduction of NDP3. Main functions of NDP4. NDP-message5. SEcure Neighbor Discovery Options6. Cryptographically Generated Addresses7. Types of attack8. Conclusion9. References

1.Some Terms in SEND

Cryptographically Generated Address (CGA)Duplicate Address Detection (DAD)NonceNeighbor Unreachability Detection (NUD)Router Discovery (RD)

2.Introduction of NDP

The Neighbor Discovery Protocol is a part of ICMPV6Nodes on the same link use NDP to discover each other presence and link-layer addresses, to find routers. and to maintain reachability information about the paths to active neighbors.It is used by both hosts and the routers

3. Main functions of NDPRouter Discovery (RD)----allows IPv6 hosts to discover the local routers on an attached link.Redirect Discovery

-----used for automatically redirecting a hostto a better first-hop router, or to inform hosts that adestination is in fact a neighborDuplicate Address Detection (DAD)----used for preventing address collisions

3. Main functions of NDP (Cont.)

Address Auto configuration----used for automatically assigning addresses to a host

Address Resolution Function----allows a node on the link to resolve another node's IPv6 address to the corresponding link-layer address.

Neighbor Unreachability Detection (NUD)----used for tracking the reachability of neighboring nodes, both hosts and routers.

4.NDP-message

An actual NDP-message includes an NDP message header,which consisting of an ICMPV6 header and ND message specific data and zero or more NDP-Options.

<-------------------NDP Message------------------->

*--------------------------------------------------------------------------------------*| IPv6 Header | ICMPv6 | ND Message- | ND Message || Next Header = 58 | Header | specific | Options || (ICMPv6) | | data | |*--------------------------------------------------------------------------------------*

<---NDP Message header-->

The NDP message follow the ICMPv6 message format. All NDP functions are realized by using:Router Solicitation (RS)Router Advertisement (RA)Neighbor Solicitation (NS) Neighbor Advertisement (NA)Redirect

5. SEcure Neighbor Discovery Options

To secure the various functions in NDP, a set of new Neighbor Discovery options is introduced. CGA OptionRSA Signature OptionTimestamp & Nonce Option

5.1 CGA Option

Cryptographically Generated Addresses (CGA) are used to make sure the sender of a ND message is the owner of the claimed address.It also allows a node to use non CGAs with certificates that authorize their use.

5.2 RSA Signature Option

The RSA Signature option allows public key-based signatures to be attached to NDP messages.The RSA Signature option, is used to protect all messages relating to ND and RD.

5.3 Timestamp & Nonce Option

To prevent replay attacks, two ND options Timestamp and nonce are introduced.Timestamp is to make sure that unsolicited advertisements and redirects have not been replayed.Nonce is to make sure that an advertisement is fresh response to a solicitation sent earlier by the node.

CRYPTOGRAPHICALLY GENERATED ADDRESSES

The basic ideaCGA was independently invented by O’shea & Roe.

Basically, it was recognized that 62 of the low order bits in an IPV6 address can be used to store a cryptographic hash of a public key. The basic mechanism can be defined as follows:

62( _ )hostID HASH public key=

Internet Technology

Thus in the case of collision, both parties just reveal their H1.The only reason why two host would reveal the same H1 is that

one of them has learned the value from the second.

However, sometimes it is beneficial to be able to claim ownership of an address without using public key cryptography.Solution:

160

160 1

62 0

( _ | )( _ | )

( )

N

i i

H HASH public key randomH HASH public key HhostID HASH H

+

=

=

=

CRYPTOGRAPHICALLY GENERATED ADDRESSES

Binding addresses to locationWe simply include the network’s route prefix or the host’s link-layer address into the hash input.

Internet Technology

Chapter 6.Types of attacks

Neighbor Solicitation/Advertisement spoofingNeighbor unreachability detection failureDuplicate address detection DoS attacksRouter solicitation and advertisement attacks.Replay AttacksNeighbor discovery Dos AttackAttacks against SEND itself

Neighbor Solicitation/Advertisement spoofing

Attacker approaches router with router solicitation, router inserts a entry in the neighbor cacheNow a node performing DAD for that address stops it because it gets a neighbor solicitation for same address and feels that it is a conflict

Neighbor Solicitation/Advertisement spoofing

SolutionSEND requires nodes to send solicitation messages with RSA signature and CGA source address which the router can verify So the neighbor cache binding is correct.

Neighbor Unreachability Detection Failure

An attacker can send a neighbor unreachabilitydetection failure message.SEND counters it by requiring that a node responding to neighbor solicitations sent as a neighbor unreachability detection probes include an RSA signature option and a proof of authorization to use the interface identifier in the address being probed. If these prerequisties are not met the node performing Neighbor unrachability discards the responses.

Duplicate address detection DoS Attacks

If a node is performing Duplicate Address Detection then an attacker may send a message to node stating that it has the address. This is countered by SEND in the following way. Neighbor advertisements that are sent as responses to DAD include an RSA signature option and proof of authorization to use the interface identifier. If this is not found then node discards the messages.

Router solicitation and advertisement attacks

An attacker may send router advertisement to a node and thus cause harm to node to avoid this.SEND requires router advertisement to have a

RSA signature that is calculated using the nodes public key. Thus only node can access it and use it. The router proves its authorization by showing a certificate containing the specific prefix that is allowed or permitted to route.

Replay Attack

Replay attacks are averted using SEND. SEND uses a nonce and timestamp to implement a challenge response mechanism.But a window of vulnerability exists till time stamp expires.Time synchronization can be tampered with thus extending the life of timestamps.So proper security measures must be taken against tampering of time synchronization.

Neighbor discovery DoS attacks

An attacker may bombard the router with packets for fictitious address on the link, causing the router to busy itself by performing neighbor solicitation for addresses that do not exist.SEND does not address this problem as it can be handled by intelligent router management.

Attacks against SEND itself

Flooding not prevented.Authorization delegation discovery may be vulnerable to DoS. Attacker may send large number of certification path to be discovered to the router.Attacker may also send large number of certification paths to the node forcing node to spend much time on processing them.

Conclusion

Thus we have seen that SEND protocol is used to Secure NDP off flaws and we have also seen the Security threats that SEND deals with.

References

RFC-3971ftp://ftp.rfc-editor.org/in-notes/rfc3971.txtSecuring IPv6 Neighbor and Router Discovery