SEcure Neighbor Discovery (SEND) Ye, Ting Wang, Feng

Content z 1. Some Terms in SEND z 2. Introduction of NDP z 3. Main functions of NDP z 4. NDP-message z 5. SEcure Neighbor Discovery Options z 6. Cryptographically Generated Addresses z 7. Types of attack z 8. Conclusion z 9. References

1.Some Terms in SEND zCryptographically Generated Address (CGA) zDuplicate Address Detection (DAD) zNonce zNeighbor Unreachability Detection (NUD) zRouter Discovery (RD)

2.Introduction of NDP zThe Neighbor Discovery Protocol is a part of ICMPV6 zNodes on the same link use NDP to discover each other presence and linklayer addresses, to find routers. and to maintain reachability information about the paths to active neighbors. z It is used by both hosts and the routers

3. Main functions of NDP zRouter Discovery (RD) ----allows IPv6 hosts to discover the local routers on an attached link.

zRedirect Discovery -----used for automatically redirecting a host to a better first-hop router, or to inform hosts that a destination is in fact a neighbor

zDuplicate Address Detection (DAD) ----used for preventing address collisions

3. Main functions of NDP (Cont.) z Address Auto configuration ----used for automatically assigning addresses to a host

z Address Resolution Function ----allows a node on the link to resolve another node's IPv6 address to the corresponding link-layer address.

z Neighbor Unreachability Detection (NUD) ----used for tracking the reachability of neighboring nodes, both hosts and routers.

4.NDP-message zAn actual NDP-message includes an NDP message header,which consisting of an ICMPV6 header and ND message specific data and zero or more NDP-Options. *--------------------------------------------------------------------------------------* | IPv6 Header | ICMPv6 | ND Message- | ND Message | | Next Header = 58 | Header | specific | Options | | (ICMPv6) | | data | | *--------------------------------------------------------------------------------------*

The NDP message follow the ICMPv6 message format. All NDP functions are realized by using: zRouter Solicitation (RS) zRouter Advertisement (RA) zNeighbor Solicitation (NS) zNeighbor Advertisement (NA) zRedirect

5. SEcure Neighbor Discovery Options To secure the various functions in NDP, a set of new Neighbor Discovery options is introduced. zCGA Option zRSA Signature Option zTimestamp & Nonce Option

5.1 CGA Option zCryptographically Generated Addresses (CGA) are used to make sure the sender of a ND message is the owner of the claimed address. zIt also allows a node to use non CGAs with certificates that authorize their use.

5.2 RSA Signature Option

zThe RSA Signature option allows public key-based signatures to be attached to NDP messages. zThe RSA Signature option, is used to protect all messages relating to ND and RD.

5.3 Timestamp & Nonce Option zTo prevent replay attacks, two ND options Timestamp and nonce are introduced. zTimestamp is to make sure that unsolicited advertisements and redirects have not been replayed. zNonce is to make sure that an advertisement is fresh response to a solicitation sent earlier by the node.

CRYPTOGRAPHICALLY GENERATED ADDRESSES

The basic idea CGA was independently invented by O’shea & Roe. Basically, it was recognized that 62 of the low order bits in an IPV6 address can be used to store a cryptographic hash of a public key. The basic mechanism can be defined as follows:

hostID = HASH62 ( public _ key) Internet Technology

However, sometimes it is beneficial to be able to claim ownership of an address without using public key cryptography. Solution:

H N = HASH160 ( public _ key | random) H i = HASH160 ( public _ key | H i +1 ) hostID = HASH 62 ( H 0 ) Thus in the case of collision, both parties just reveal their H1. The only reason why two host would reveal the same H1 is that one of them has learned the value from the second.

CRYPTOGRAPHICALLY GENERATED ADDRESSES

Binding addresses to location We simply include the network’s route prefix or the host’s link-layer address into the hash input.

Internet Technology

Chapter 6.Types of attacks z Neighbor Solicitation/Advertisement spoofing z Neighbor unreachability detection failure z Duplicate address detection DoS attacks z Router solicitation and advertisement attacks. z Replay Attacks z Neighbor discovery Dos Attack z Attacks against SEND itself

Neighbor Solicitation/Advertisement spoofing zAttacker approaches router with router solicitation, router inserts a entry in the neighbor cache zNow a node performing DAD for that address stops it because it gets a neighbor solicitation for same address and feels that it is a conflict

Neighbor Solicitation/Advertisement spoofing zSolution SEND requires nodes to send solicitation messages with RSA signature and CGA source address which the router can verify So the neighbor cache binding is correct.

Neighbor Unreachability Detection Failure z An attacker can send a neighbor unreachability detection failure message. SEND counters it by requiring that a node responding to neighbor solicitations sent as a neighbor unreachability detection probes include an RSA signature option and a proof of authorization to use the interface identifier in the address being probed. If these prerequisties are not met the node performing Neighbor unrachability discards the responses.

Duplicate address detection DoS Attacks z If a node is performing Duplicate Address Detection then an attacker may send a message to node stating that it has the address. z This is countered by SEND in the following way. Neighbor advertisements that are sent as responses to DAD include an RSA signature option and proof of authorization to use the interface identifier. If this is not found then node discards the messages.

Router solicitation and advertisement attacks z An attacker may send router advertisement to a node and thus cause harm to node to avoid this. z SEND requires router advertisement to have a RSA signature that is calculated using the nodes public key. Thus only node can access it and use it. The router proves its authorization by showing a certificate containing the specific prefix that is allowed or permitted to route.

Replay Attack z Replay attacks are averted using SEND. SEND uses a nonce and timestamp to implement a challenge response mechanism. z But a window of vulnerability exists till time stamp expires. z Time synchronization can be tampered with thus extending the life of timestamps. z So proper security measures must be taken against tampering of time synchronization.

Neighbor discovery DoS attacks zAn attacker may bombard the router with packets for fictitious address on the link, causing the router to busy itself by performing neighbor solicitation for addresses that do not exist. zSEND does not address this problem as it can be handled by intelligent router management.

Attacks against SEND itself zFlooding not prevented. zAuthorization delegation discovery may be vulnerable to DoS. Attacker may send large number of certification path to be discovered to the router. zAttacker may also send large number of certification paths to the node forcing node to spend much time on processing them.

Conclusion zThus we have seen that SEND protocol is used to Secure NDP off flaws and we have also seen the Security threats that SEND deals with.

References zRFC-3971 zftp://ftp.rfc-editor.org/in-notes/rfc3971.txt zSecuring IPv6 Neighbor and Router Discovery