Securing IPv6 neighbor and router discovery

Jari Arkko; Tuomas Aura; James Kempf; Vesa Matti Mäntylä; Pekka Nikander; Michael Roe

Securing IPv6 neighbor and router discovery

Jari Arkko^*, Tuomas Aura, James Kempf, Vesa Matti Mäntylä, Pekka Nikander, Michael Roe

^*Tämän työn vastaava kirjoittaja

Ei julkaistu Aalto-yliopiston affiliaatiolla

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussa › Conference contribution › Scientific › vertaisarvioitu

45 Sitaatiot (Scopus)

Abstrakti

When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

Alkuperäiskieli	Englanti
Otsikko	Proceedings of the Workshop on Wireless Security
Sivut	77-86
Sivumäärä	10
Tila	Julkaistu - 1 jouluk. 2002
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisuussa
Tapahtuma	ACM Workshop on Wireless Security - Atlanta, Yhdysvallat Kesto: 28 syysk. 2002 → 28 syysk. 2002

Workshop

Workshop	ACM Workshop on Wireless Security
Maa/Alue	Yhdysvallat
Kaupunki	Atlanta
Ajanjakso	28/09/2002 → 28/09/2002

OpenUrl-saatavuus

Koko teksti

Muut tiedostot ja linkit

Link to publication in Scopus

Siteeraa tätä

@inproceedings{2c5bcbafed424803be213ce6ee354de9,

title = "Securing IPv6 neighbor and router discovery",

abstract = "When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.",

keywords = "Autoconfiguration, Duplicate Address Detection, Identity-Based Cryptosystems, Neighbor Discovery, Router Discovery",

author = "Jari Arkko and Tuomas Aura and James Kempf and M{\"a}ntyl{\"a}, {Vesa Matti} and Pekka Nikander and Michael Roe",

year = "2002",

month = dec,

day = "1",

language = "English",

isbn = "1581135858",

pages = "77--86",

booktitle = "Proceedings of the Workshop on Wireless Security",

note = "ACM Workshop on Wireless Security ; Conference date: 28-09-2002 Through 28-09-2002",

}

TY - GEN

T1 - Securing IPv6 neighbor and router discovery

AU - Arkko, Jari

AU - Aura, Tuomas

AU - Kempf, James

AU - Mäntylä, Vesa Matti

AU - Nikander, Pekka

AU - Roe, Michael

PY - 2002/12/1

Y1 - 2002/12/1

N2 - When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

AB - When IPv6 Neighbor and Router Discovery functions were defined, it was assumed that the local link would consist of mutually trusting nodes. However, the recent developments in public wireless networks, such as WLANs, have radically changed the situation. The nodes on a local link cannot necessarily trust each other any more, but they must become mutually suspicious even when the nodes have completed an authentication exchange with the network. This creates a number of operational difficulties and new security threats. In this paper we provide a taxonomy for the IPv6 Neighbor and Router Discovery threats, describe two new cryptographic methods, Cryptographically Generated Addresses (CGA) and Address Based Keys (ABK), and discuss how these new methods can be used to secure the Neighbor and Router discovery mechanisms.

KW - Autoconfiguration

KW - Duplicate Address Detection

KW - Identity-Based Cryptosystems

KW - Neighbor Discovery

KW - Router Discovery

UR - http://www.scopus.com/inward/record.url?scp=0036980203&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0036980203

SN - 1581135858

SP - 77

EP - 86

BT - Proceedings of the Workshop on Wireless Security

T2 - ACM Workshop on Wireless Security

Y2 - 28 September 2002 through 28 September 2002

ER -

Securing IPv6 neighbor and router discovery

Abstrakti

Workshop

OpenUrl-saatavuus

Muut tiedostot ja linkit

Sormenjälki

Siteeraa tätä