Title :
Using SEND Signature Algorithm Agility and Multiple-Key CGA to Secure Proxy Neighbor Discovery and Anycast Addressing
Author :
Cheneau, Tony ; Laurent, Maryline
Author_Institution :
Inst. TELECOM, TELECOM SudParis, Evry, France
Abstract :
The Neighbor Discovery Protocol (NDP) is a fundamental component of the IPv6 protocol suite in charge of the Link-layer interactions (Address Resolution, Router Discovery, etc.). Over the years, it has been extended to new usages, such as Mobility (Mobile IPv6), proxy advertisements (Neighbor Discovery Proxies) and security (Secure Neighbor Discovery, SEND). However, SEND´s protection is currently incompatible with two NDP functions, namely the proxy Neighbor Discovery function (used in Mobile IPv6) and the IPv6 anycast addresses (i.e. shared addresses on a same link). On one hand, Cryptographically Generated Addresses (CGA) and SEND protect the NDP messages. The former, an address generation scheme, binds a single public key to an address. The latter secures NDP messages by signing them with the corresponding private key of the source address, thus achieving a proof of address ownership. On the other hand, proxy Neighbor Discovery and IPv6 anycast addressing are mechanisms binding one address to multiple nodes. In this article, we present an overview of the existing solutions addressing these divergent objectives and tackle their limitations. We then propose an alternate solution and introduce the Multiple-Key Cryptographically Generated Addresses (MCGA) concept. This proposal relies on SEND´s Signature Algorithm Agility extensions (also defined by the authors) to bind more than one Public Key to an address. As such, it enables multiple nodes to properly share and protect the same address and thus resolves proxy Neighbor Discovery and Anycast issues. Finally, we present implementation results and discuss the advantages of our approach over the existing solutions.
Keywords :
IP networks; cryptographic protocols; digital signatures; mobile computing; private key cryptography; public key cryptography; telecommunication network routing; IP protocol; SEND signature algorithm agility extensions; address resolution; anycast addressing; link-layer interactions; mobile IP; multiple-key CGA; multiple-key cryptographically generated addresses; neighbor discovery protocol; private key; proxy neighbor discovery function; public key; router discovery; secure proxy neighbor discovery; source address; Digital signatures; Neodymium; Proposals; Protocols; Public key;
Conference_Titel :
Network and Information Systems Security (SAR-SSI), 2011 Conference on
Conference_Location :
La Rochelle
Print_ISBN :
978-1-4577-0735-3
DOI :
10.1109/SAR-SSI.2011.5931376