Here Comes Defended ND
The IETF has connected a defended adaptation of ND, which is additionally applicative to RA: Secure
Neighbor Discovery (SEND), defined in RFC 39714, relies on the use of
cryptographically generated IPv6 addresses (RFC 39725).
What Is SEND?
SEND works by accepting a brace of accessible and clandestine keys for all hosts and routers in a
network.
With SEND, hosts cannot adjudge on their own about their interface ID (the lower 64 $.25 of
their IPv6 address). It’s cryptographically generated based on the accepted IPv6 network
prefix and the accessible key.
Figure 7-8 shows the altered apparatus acclimated to acquire a cryptographically generated
address (CGA). It’s based on the CGA parameters, which abide of the following:
• Modifier. A accidental cardinal that achieves the aforementioned ambition as the about generated
IPv6 address: Ensure the user’s privacy.
• Accessible key of the host.
• Subnet prefix. Prefix of the adapted address, about accustomed through RA.
The ancestry of the CGA is again trivial: Artlessly administer the SHA-1 hashing algorithm to the
CGA ambit and booty the atomic cogent 64 $.25 to get the interface ID. The IPv6
address is again congenital by prefixing this interface ID with the subnet prefix. With this
generation of the interface ID, the CGA is affiliated to the subnet prefix. (It changes anniversary time
the host moves to addition subnet and to the character of the host [by the use of the host’s
public key].)
Figure 7-8 CGA
Modifier
(Nonce)
Public
Key
RSA Keys
Priv Pub
Subnet
Prefix
Subnet
Prefix
CGA Params
Interface
Identifier
SHA-1
132 Chapter 7: Exploiting IPv6 Neighbor Discovery and Router Advertisement
Doing this is not abundant to ensure that the actual host uses the CGA (that is, the host
having the agnate key pair). SEND extends the ND agreement by abacus additional
fields to the exchange, as Figure 7-9 shows:
• CGA parameters. Sent so that the ally can assassinate the aforementioned algorithm and check
whether they compute the aforementioned CGA.
• Signature. CGA ambit are active by application the host’s clandestine key.
Figure 7-9 Signature Use in SEND
When host A wants to ascertain host B’s MAC address, it multicasts the ND appeal for host
B CGA. Host B replies as accepted with the mapping, but it adds the CGA
parameters and the signature of the CGA parameters. To assurance the accustomed reply, host A
extracts the accessible key of the CGA ambit and verifies the signature. This validates that
the accustomed CGA ambit accord to host B. Then, host A verifies that the CGA derived
from the ambit is absolutely the one it tries to discover.
NOTE There is no charge to accredit the key brace of SEND hosts. There is no assurance accustomed to the CGA—
that is, no advantage to be on that network. CGA is artlessly a way to advance the bounden of a
MAC to an IPv6 address. This makes for an accessible deployment of SEND.
RAs can be anchored by application a agnate apparatus area the routers assurance all RAs. Because
the hosts charge to assurance the routers, the routers charge accept a affidavit associated with their
key pair. This affidavit and the signature are transmitted in all RAs. The affidavit can
include the prefixes that the router can announce.
Of course, routers charge to use SEND to advertise their MAC abode for all hosts.
Signature
Priv Pub
RSA Keys
CEA Parems
SEND Messages
Subnet
Prefix
Public
Key
Modifier
(Nonce)
References 133
Implementation
It’s accepted that Microsoft Vista SP1 will accept an accomplishing of SEND. Network
devices should additionally get SEND in the aforementioned timeframe.
Challenges
The capital claiming is the availability of SEND. Addition claiming is added technical: All
public-key operations are CPU intensive.
Even if SEND is optimized to assure the responder (because it computes alone one
signature for anniversary of its CGA), annihilation prevents an antagonist from calamity a SEND initiator
with a spoofed reply, banishment the responder to do bags of public-key operations. This
attack overwhelms the receiver’s CPU, which is accepted as a DoS attack.
For added advice about ascendancy even attacks and how to abate them, see Chapter
12, “Introduction to Denial of Service Attacks,” through Chapter 15, “Using Switches to
Detect a Data Even DoS.”
Summary
IPv6 is the abutting bearing of IP protocols, and in the advancing years, it is accepted to be in
common use. Instead of application ARP to ascertain the mapping amid a Ethernet MAC
address and an IPv6 address, IPv6 relies on the ND agreement (on the top of ICMPv6). This
protocol exhibits the aforementioned vulnerabilities as ARP and is, therefore, not secure. Although it
can be accepted that arrangement accessories will accept appearance to defended ND, the IETF has
standardized a defended adaptation of ND (called SEND).
SEND relies on public-key cryptography to accomplish nonspoofable IPv6 addresses—that is,
no antagonist can bluff your address.
References
1 Nikander, P., et al. RFC 3756, “IPv6 Neighbor Discovery (ND) Assurance Models and
Threats.” May 2004.
2 Hain, T., Vandevelde, G., et al. RFC 4864, “Local Arrangement Protection for IPv6.”
May 2007.
3 The Hacker Choice. http://thc.org/thc-ipv6/.
4 Arkko, J., et al. RFC 3971, “Secure Neighbor Discovery (SEND).” March 2005.
5 Aura, T. RFC 3972, “Cryptographically Generated Addresses (CGA).” March 2005.