Network (Aug 2024)

Securing IPv6 Neighbor Discovery Address Resolution with Voucher-Based Addressing

  • Zachary T. Puhl,
  • Jinhua Guo

DOI
https://doi.org/10.3390/network4030016
Journal volume & issue
Vol. 4, no. 3
pp. 338 – 366

Abstract

Read online

The majority of local IPv6 networks continue to remain insecure and vulnerable to neighbor spoofing attacks. The Secure Neighbor Discovery (SEND) standard and its concomitant Cryptographically Generated Addressing (CGA) scheme were accepted by large standard bodies to codify practical mitigations. SEND and CGA have never seen widespread adoption due to their complexities, obscurity, costs, compatibility issues, and continued lack of mature implementations. In light of their poor adoption, research since their standardization has continued to find new perspectives and proffer new ideas. The orthodox solutions for securing Neighbor Discovery have historically struggled to successfully harmonize three core ideals: simplicity, flexibility, and privacy preservation. This research introduces Voucher-Based Addressing, a low-configuration, low-cost, and high-impact alternative to IPv6 address generation methods. It secures the Neighbor Discovery address resolution process while remaining simple, highly adaptable, indistinguishable, and privacy-focused. Applying a unique concoction of cryptographic key derivation functions, link-layer address binding, and neighbor consensus on the parameters of address generation, the resolved address bindings are verifiable without the need for complex techniques that have hindered the adoption of canonical specifications.

Keywords