Advertisement

ISEND: An Improved Secure Neighbor Discovery Protocol for Wireless Networks

  • Imen El Bouabidi
  • Salima Smaoui
  • Faouzi ZaraiEmail author
  • Mohammad S. Obaidat
  • Lotfi Kamoun
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 554)

Abstract

In charge of several critical functionalities, the Neighbor Discovery Protocol (NDP) is used by IPv6 nodes to find out nodes on the link, to learn their link-layer addresses to discover routers, and to preserve reachability information about the paths to active neighbors. Given its important and multifaceted role, security and efficiency must be ensured. However, NDP is vulnerable to critical attacks such as spoofing address, denial-of-service (DoS) and reply attack. Thus, in order to protect the NDP protocol, the Secure Neighbor Discovery (SEND) was designed. Nevertheless, SEND’s protection still suffers from numerous threats and it is currently incompatible with the context of mobility and especially with the proxy Neighbor Discovery function used in Mobile IPv6. To overcome these limitations, this article defines a new protocol named Improved Secure Neighbor Discovery (ISEND) which adapt SEND protocol to the context of mobility and extend it to new functionalities. The proposed protocol (ISEND) has been modeled and verified using the Security Protocol ANimator software (SPAN) for the Automated Validation of Internet Security Protocols and Applications (AVISPA) which have proved that authentication goals are achieved. Hence, the scheme is safe and efficient when an intruder is present.

Keywords

Wireless network NDP protocol SEND Incompatibility Delegation 

References

  1. 1.
    Narten, T., et al., “Neighbor Discovery for IP Version 6 (IPv6),” RFC 4861, September 2007. http://tools.ietf.org/html/rfc4861
  2. 2.
    Nikander, P., ed., Kempf, J., Nordmark, E.: “IPv6 Neighbor Discovery (ND) Trust Models and Threats”, IETF, RFC 3756, May 2004. http://tools.ietf.org/html/rfc3765
  3. 3.
    Gelogo, Y.E., Caytiles, R.D., Park, B.: Threats and security analysis for enhanced se-cure neighbor discovery protocol (SEND) of IPv6 NDP security. Int. J. Control Autom. 4(4), 179–184 (2011)Google Scholar
  4. 4.
    Arkko, J., Kempf, J., Zill, B., Nikander, P.: “SEcure Neighbor Discovery (SEND),” IETF, RFC 3971, March 2005. http://tools.ietf.org/html/rfc3971
  5. 5.
    Krishnan, S., Laganier, J., Bonola, M., Garcia-Martinez, A.: “Secure Proxy ND Support for SEND”, IETF, RFC 6496, February 2012. http://tools.ietf.org/html/rfc6496
  6. 6.
    Combes, J.-M., Krishnan, S., Daley, G.: “Securing Neighbor Discovery Proxy: Problem Statement,” IETF, RFC 5909, July 2010. http://tools.ietf.org/html/rfc5909
  7. 7.
    Nikander, P., Arkko, J.: Delegation of signalling rights. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 203–214. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Kempf, J., Wood, J., Ramzan, Z., Gentry, C.: IP Address Authorization for Secure Address Proxying Using Multi-key CGAs and Ring Signatures. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-I. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 196–211. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Cheneau, T., Laurent Network, M.: Using SEND Signature Algorithm Agility and Multi-ple-Key CGA to Secure Proxy Neighbor Discovery and Anycast Addressing. In: 6th Conference on Network Architectures and Information Systems Security (SAR-SSI), pp. 1–7 (2011)Google Scholar
  10. 10.
    The avispa project. http://www.avispaproject.org/
  11. 11.
    Armando, A., et al.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Cheminod, M., Bertolotti, I.C., Durante, L., Sisto, R., Valenzano, A.: Tools for cryptographic protocols analysis: a technical and experimental comparison. Comput. Stan. Interfaces 31(5), 954–961 (2009)CrossRefGoogle Scholar
  13. 13.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 350–357 (1983)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Imen El Bouabidi
    • 1
  • Salima Smaoui
    • 1
  • Faouzi Zarai
    • 1
    Email author
  • Mohammad S. Obaidat
    • 2
  • Lotfi Kamoun
    • 1
  1. 1.LETI LaboratoryUniversity of SfaxSfaxTunisia
  2. 2.Computer Science and Software Engineering DepartmentUniversity of MonmouthWest Long BranchUSA

Personalised recommendations