ISEND: An Improved Secure Neighbor Discovery Protocol for Wireless Networks

In charge of several critical functionalities, the Neighbor Discovery Protocol (NDP) is used by IPv6 nodes to find out nodes on the link, to learn their link-layer addresses to discover routers, and to preserve reachability information about the paths to active neighbors. Given its important and multifaceted role, security and efficiency must be ensured. However, NDP is vulnerable to critical attacks such as spoofing address, denial-of-service (DoS) and reply attack. Thus, in order to protect the NDP protocol, the Secure Neighbor Discovery (SEND) was designed. Nevertheless, SEND’s protection still suffers from numerous threats and it is currently incompatible with the context of mobility and especially with the proxy Neighbor Discovery function used in Mobile IPv6. To overcome these limitations, this article defines a new protocol named Improved Secure Neighbor Discovery (ISEND) which adapt SEND protocol to the context of mobility and extend it to new functionalities. The proposed protocol (ISEND) has been modeled and verified using the Security Protocol ANimator software (SPAN) for the Automated Validation of Internet Security Protocols and Applications (AVISPA) which have proved that authentication goals are achieved. Hence, the scheme is safe and efficient when an intruder is present.