Securing IPv6 neighbor and router discovery

Authors:
Jari Arkko;Tuomas Aura;James Kempf;Vesa-Matti Mäntylä;Pekka Nikander;Michael Roe
Affiliations:
Ericsson Research NomadicLab, FIN-02420 JORVAS, FINLAND;Microsoft Research Cambridge, Cambridge CB3 0FB, UK;DoCoMoLabs U.S.A., San Jose, CA;Ericsson Research NomadicLab, FIN-90570 OULU, FINLAND;Ericsson Research Nomadiclab, FIN-02150 HUT, FINLAND;Microsoft Research Cambridge, Cambridge CB3 0FB, UK
Venue:
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Year:
2002

Citing 7
Cited 10

Identity-based cryptosystems and signature schemes

Proceedings of CRYPTO 84 on Advances in cryptology
How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
Zero-knowledge proofs of identity

Journal of Cryptology
Security problems in the TCP/IP protocol suite

ACM SIGCOMM Computer Communication Review
Child-proof authentication for MIPv6 (CAM)

ACM SIGCOMM Computer Communication Review
Supersingular Abelian Varieties in Cryptology

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Denial-of-Service, Address Ownership, and Early Authentication in the IPv6 World

Revised Papers from the 9th International Workshop on Security Protocols

Crypto-based identifiers (CBIDs): Concepts and applications

ACM Transactions on Information and System Security (TISSEC)
Cryptographically Generated Addresses for Constrained Devices*

Wireless Personal Communications: An International Journal
An efficient identity-based signature scheme with batch verifications

InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Security in Mobile IPv6: A survey

Information Security Tech. Report
TARP: Ticket-based address resolution protocol

Computer Networks: The International Journal of Computer and Telecommunications Networking
Distributed authentication protocol for the security of binding updates in mobile IPv6

ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
An improved address ownership in mobile IPv6

Computer Communications
Real-Time IP Checking and Packet Marking for Preventing ND-DoS Attack Employing Fake Source IP in IPv6 LAN

ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
Limitations of IPsec policy mechanisms

Proceedings of the 11th international conference on Security Protocols
Effective control of abnormal neighbor discovery congestion on IPv6 local area network

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.