Analysis of SEND Protocol through Implementation and Simulation

Neighbor Discovery (ND) protocol has been proposed to discover neighboring hosts and routers in IPv6 wired or wireless local networks. Even though ND protocol is very useful, it has a weakness to security because it allows a malicious user to impersonate a legitimate host or a router by forging ND protocol messages. To address the security problem, IETF (Internet Engineering Task Force) has proposed SEcure Neighbor Discovery (SEND) protocol. The key functions of SEND protocol include address ownership proof mechanism, ND protocol message protection mechanism, reply attack prevention mechanism, and router authentication mechanism. In this paper, we analyze SEND protocol in the view point of security through several experiments. For this, we implement SEND protocol in IPv6 real system and develop a simulation environment. Based on the experimental results, we also propose a monitoring-based ND message differentiation scheme which is able to make up for security vulnerability of SEND protocol effectively.

[1]  Martina Zitterbart,et al.  Mobile ad hoc networks - current approaches and future directions , 2004, IEEE Network.

[2]  Andrew B. Whinston,et al.  Defeating distributed denial of service attacks , 2000 .

[3]  Claude Castelluccia,et al.  Compact neighbor discovery: a bandwidth defense through bandwidth optimization , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[4]  T. Moon The expectation-maximization algorithm , 1996, IEEE Signal Process. Mag..

[5]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol for IPv6 (DHCPv6) , 2003, RFC.

[6]  Silvia Hagen,et al.  IPv6 Essentials , 2002 .

[7]  Pekka Nikander,et al.  Securing IPv6 neighbor and router discovery , 2002, WiSE '02.

[8]  Kevin C. Almeroth,et al.  Towards realistic mobility models for mobile ad hoc networks , 2003, MobiCom '03.

[9]  Mario Gerla,et al.  Ad hoc probe: path capacity probing in wireless ad hoc networks , 2005, First International Conference on Wireless Internet (WICON'05).

[10]  Balachander Krishnamurthy,et al.  Looking for Science in the Art of Network Measurement , 2001, IWDC.

[11]  Joon S. Park,et al.  Packet Marking Based Cooperative Attack Response Service for Effectively Handling Suspicious Traffic , 2006, Inscrypt.

[12]  Jorma T. Virtamo,et al.  Spatial node distribution of the random waypoint mobility model with applications , 2006, IEEE Transactions on Mobile Computing.

[13]  Yu-Chee Tseng,et al.  Secure bootstrapping and routing in an IPv6-based ad hoc network , 2003, 2003 International Conference on Parallel Processing Workshops, 2003. Proceedings..

[14]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[15]  Xiaoyan Hong,et al.  Recent advances in mobility modeling for mobile ad hoc network research , 2004, ACM-SE 42.

[16]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification , 2006, RFC.

[17]  Robert Nowak,et al.  Network Tomography: Recent Developments , 2004 .

[18]  Konstantinos Psounis,et al.  Predicting the Performance of Mobile Ad Hoc Networks Using Scaled-Down Replicas , 2007, 2007 IEEE International Conference on Communications.

[19]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[20]  David J. Buttler,et al.  Encyclopedia of Data Warehousing and Mining Second Edition , 2008 .

[21]  Eleonora Borgia,et al.  Effects of Unstable Links on AODV Performance in Real Testbeds , 2007, EURASIP J. Wirel. Commun. Netw..

[22]  Pekka Nikander,et al.  IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[23]  Donald F. Towsley,et al.  Network Delay Tomography from End-to-End Unicast Measurements , 2001, IWDC.

[24]  G. Michailidis,et al.  Network delay tomography using flexicast experiments , 2006 .