A Free and Didactic Implementation of the SEND Protocol for IPv6

IPv6 adds many improvements to IPv4 in areas such as address space, built-in security, quality of service, routing and network auto-configuration. IPv6 nodes use the Neighbor Discovery (ND) protocol to discover other nodes on the link, to determine their link-layer addresses, to find routers, to detect duplicate address, and to maintain reachability information about the paths to active neighbors. ND is vulnerable to various attacks when it is not secured. The original specifications of ND called for the use of IPsec as a security mechanism to protect ND messages. However, its use is impractical due to the very large number of manually configured security associations needed for protecting ND. For this reason, the Secure Neighbor Discovery Protocol (SEND) was proposed. In this work, we present Easy-SEND, an open source implementation of SEND that can be used in production environment or as a didactic application for the teaching and learning of the SEND protocol. Easy-SEND is easy to install and use, and it has an event logger that can help network administrators to troubleshoot problems or students in their studies. It also includes a tool to generate and verify Cryptographically Generated Addresses (CGA) that are used with SEND.

[1]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) , 1995, RFC.

[2]  W. W. Royce,et al.  Managing the development of large software systems: concepts and techniques , 1987, ICSE '87.

[3]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[4]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[5]  Silvia Hagen,et al.  IPv6 Essentials , 2002 .

[6]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[7]  Marcelo Bagnulo,et al.  Cryptographically Generated Addresses (CGA) Extension Field Format , 2006, RFC.

[8]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[9]  Jun Zhang,et al.  TRDP: a Trusted Router Discovery Protocol , 2007, 2007 International Symposium on Communications and Information Technologies.

[10]  Angela Orebaugh,et al.  Wireshark & Ethereal Network Protocol Analyzer Toolkit , 2007 .

[11]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[12]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[13]  Pekka Nikander,et al.  IPv6 Neighbor Discovery (ND) Trust Models and Threats , 2004, RFC.

[14]  Adrian Farrel,et al.  The Internet and Its Protocols: A Comparative Approach , 2004 .

[15]  Stephen E. Deering,et al.  Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification , 2006, RFC.

[16]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[17]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[18]  Stephen E. Deering,et al.  ICMP Router Discovery Messages , 1991, RFC.