1. Secure Neighbor Discovery in IPv6 Jari Arkko Ericsson Research James Kempf DoCoMo US Labs

2. Neighbor and Router Discovery Security Router Host RD NUD Host ND DAD Host Vulnerabilities: Routers could be spoofed Neighbors could be spoofed Blocking address allocation Secure upper layers help, but do not prevent all attacks Problems with “just use IPsec” Number of SAs very high 2*N+2 per node Chicken-and-egg problem Does not help with authorization

3. SEND WG Approach BOF in 2002 Final RFCs out this week (we hope) Solution consists of Securing router discovery Securing operations on hosts’ addresses, such as DAD, or responses to solicitations

4. Solution - Router Discovery Every router has a certificate from a trust anchor Clients know what trust anchor they trust Hosts pick routers that can show a certificate chain to trust anchor (During a transition hosts can still allow non-secure routers if no secure routers are present.)

5. Solution - Operations on Addresses Host A Address A = prefix | hash(public key A) Approach based on “zero config” security Cryptographically Generated Addresses (CGAs): In verifying a response to neighbor discovery, duplicate address detection, and so on, check that: 1) Responder’s address is a hash of a public key 2) There is a signature from the associated private key Attackers can come up with new addresses, but they can not take over an address of an existing host or router -- they do not have the private key! (IPR -- but with friendly licenses)