secure neighbour discovery send
play

SEcure Neighbour Discovery (SEND) Arun Raghavan Department of - PowerPoint PPT Presentation

Sep 18, 2023 •178 likes •624 views

The Problem SEcure Neighbour Discovery Miscellanea SEcure Neighbour Discovery (SEND) Arun Raghavan Department of Computer Science IIT Kanpur CS625: Advanced Computer Networks Arun Raghavan SEcure Neighbour Discovery (SEND) The Problem

  1. The Problem SEcure Neighbour Discovery Miscellanea SEcure Neighbour Discovery (SEND) Arun Raghavan Department of Computer Science IIT Kanpur CS625: Advanced Computer Networks Arun Raghavan SEcure Neighbour Discovery (SEND)

  2. The Problem SEcure Neighbour Discovery Miscellanea Outline The Problem 1 Neighbour Discovery Problems with Neighbour Discovery SEcure Neighbour Discovery 2 Overview Cryptographically Generated Addresses SEND Protocol Options Authorisation Delegation Discovery Miscellanea 3 Arun Raghavan SEcure Neighbour Discovery (SEND)

  3. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Outline The Problem 1 Neighbour Discovery Problems with Neighbour Discovery SEcure Neighbour Discovery 2 Overview Cryptographically Generated Addresses SEND Protocol Options Authorisation Delegation Discovery Miscellanea 3 Arun Raghavan SEcure Neighbour Discovery (SEND)

  4. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Neighbour Discovery Messages Part of ICMPv6 Neighbour Solicitation/Discovery Neighbour Discovery Address resolution Neighbour Unreachability Detection Duplicate Address Detection Router Solicitation/Discovery (node configuration) Router/Prefix Discovery Address (auto)configuration Redirect (router provides a better first-hop router) Arun Raghavan SEcure Neighbour Discovery (SEND)

  5. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Outline The Problem 1 Neighbour Discovery Problems with Neighbour Discovery SEcure Neighbour Discovery 2 Overview Cryptographically Generated Addresses SEND Protocol Options Authorisation Delegation Discovery Miscellanea 3 Arun Raghavan SEcure Neighbour Discovery (SEND)

  6. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea The Problem: Security No proper way to authorise/authenticate nodes From RFC 2461 A node SHOULD include an Authentication Header when sending Neighbor Discovery packets if a security association for use with the IP Authentication Header exists for the destination address. The security associations may have been created through manual configuration or through the operation of some key management protocol. Arun Raghavan SEcure Neighbour Discovery (SEND)

  7. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea The Problem: Security No proper way to authorise/authenticate nodes From RFC 2461 A node SHOULD include an Authentication Header when sending Neighbor Discovery packets if a security association for use with the IP Authentication Header exists for the destination address. The security associations may have been created through manual configuration or through the operation of some key management protocol. Arun Raghavan SEcure Neighbour Discovery (SEND)

  8. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Some Attacks Neighbour Advertisement Spoofing Can redirect messages intended for any other node on link Can cause a DoS during NUD/DAD Router Advertisement Spoofing Fake Redirect Can provide wrong (malicious) autoconfiguration parameters ’Kill’ the router(s) – if default router list at the client is empty, all nodes are treated as on-link Replay attacks Arun Raghavan SEcure Neighbour Discovery (SEND)

  9. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Some Attacks Neighbour Advertisement Spoofing Can redirect messages intended for any other node on link Can cause a DoS during NUD/DAD Router Advertisement Spoofing Fake Redirect Can provide wrong (malicious) autoconfiguration parameters ’Kill’ the router(s) – if default router list at the client is empty, all nodes are treated as on-link Replay attacks Arun Raghavan SEcure Neighbour Discovery (SEND)

  10. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Some Attacks Neighbour Advertisement Spoofing Can redirect messages intended for any other node on link Can cause a DoS during NUD/DAD Router Advertisement Spoofing Fake Redirect Can provide wrong (malicious) autoconfiguration parameters ’Kill’ the router(s) – if default router list at the client is empty, all nodes are treated as on-link Replay attacks Arun Raghavan SEcure Neighbour Discovery (SEND)

  11. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Possible (infeasible) Solutions Single shared secret Weak security IKE with manual Security Associations Not scalable Public-key crypto preferable 802.1X (relatively recent for wired networks) Need relatively complex infrastructure None of these are really feasible for public access networks Arun Raghavan SEcure Neighbour Discovery (SEND)

  12. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Possible (infeasible) Solutions Single shared secret Weak security IKE with manual Security Associations Not scalable Public-key crypto preferable 802.1X (relatively recent for wired networks) Need relatively complex infrastructure None of these are really feasible for public access networks Arun Raghavan SEcure Neighbour Discovery (SEND)

  13. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Possible (infeasible) Solutions Single shared secret Weak security IKE with manual Security Associations Not scalable Public-key crypto preferable 802.1X (relatively recent for wired networks) Need relatively complex infrastructure None of these are really feasible for public access networks Arun Raghavan SEcure Neighbour Discovery (SEND)

  14. The Problem Neighbour Discovery SEcure Neighbour Discovery Problems with Neighbour Discovery Miscellanea Possible (infeasible) Solutions Single shared secret Weak security IKE with manual Security Associations Not scalable Public-key crypto preferable 802.1X (relatively recent for wired networks) Need relatively complex infrastructure None of these are really feasible for public access networks Arun Raghavan SEcure Neighbour Discovery (SEND)

  15. Overview The Problem Cryptographically Generated Addresses SEcure Neighbour Discovery SEND Protocol Options Miscellanea Authorisation Delegation Discovery Outline The Problem 1 Neighbour Discovery Problems with Neighbour Discovery SEcure Neighbour Discovery 2 Overview Cryptographically Generated Addresses SEND Protocol Options Authorisation Delegation Discovery Miscellanea 3 Arun Raghavan SEcure Neighbour Discovery (SEND)

  16. Overview The Problem Cryptographically Generated Addresses SEcure Neighbour Discovery SEND Protocol Options Miscellanea Authorisation Delegation Discovery Key Ideas Routers authorised by “trust anchors” Cryptographically Generated Addresses to prevent spoofing/hijacking Digital signatures for all NDP messages Arun Raghavan SEcure Neighbour Discovery (SEND)

  17. Overview The Problem Cryptographically Generated Addresses SEcure Neighbour Discovery SEND Protocol Options Miscellanea Authorisation Delegation Discovery Integrating with IPv6 For each feature, there is an option that is plugged into the format shown below Allows for backwards compatibility as well as extensibility NDP Message Options in IPv6 ❁✲✲✲✲✲✲✲✲✲✲✲✲✲✲◆❉P ▼❡ss❛❣❡✲✲✲✲✲✲✲✲✲✲✲✲✲✲❃ ✯✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✯ ⑤ ■P✈✻ ❍❡❛❞❡r ⑤ ■❈▼P✈✻ ⑤ ◆❉ ▼❡ss❛❣❡✲ ⑤ ◆❉ ▼❡ss❛❣❡ ⑤ ⑤ ◆❡①t ❍❡❛❞❡r ❂ ✺✽ ⑤ ❍❡❛❞❡r ⑤ s♣❡❝✐❢✐❝ ⑤ ❖♣t✐♦♥s ⑤ ⑤ ✭■❈▼P✈✻✮ ⑤ ⑤ ❞❛t❛ ⑤ ⑤ ✯✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✲✯ ❁✲✲✲◆❉P ▼❡ss❛❣❡ ❤❡❛❞❡r✲✲✲❃ Arun Raghavan SEcure Neighbour Discovery (SEND)

  18. Overview The Problem Cryptographically Generated Addresses SEcure Neighbour Discovery SEND Protocol Options Miscellanea Authorisation Delegation Discovery Outline The Problem 1 Neighbour Discovery Problems with Neighbour Discovery SEcure Neighbour Discovery 2 Overview Cryptographically Generated Addresses SEND Protocol Options Authorisation Delegation Discovery Miscellanea 3 Arun Raghavan SEcure Neighbour Discovery (SEND)

  19. Overview The Problem Cryptographically Generated Addresses SEcure Neighbour Discovery SEND Protocol Options Miscellanea Authorisation Delegation Discovery CGA We need a way to bind an IP address to a host Complex (or any ) infrastructure won’t work for networks that are not tightly controlled CGA provides a cryptographic binding between a host and it’s IP address Without the introduction of any new infrastructure Arun Raghavan SEcure Neighbour Discovery (SEND)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VANCOUVER VANCOUVER Cga Cga and Send nd Send maIntenance aIntenance BOF OF 70th I IETF m

VANCOUVER VANCOUVER Cga Cga and Send nd Send maIntenance aIntenance BOF OF 70th I IETF m

VANCOUVER VANCOUVER Cga Cga and Send nd Send maIntenance aIntenance BOF OF 70th I IETF m meeting SeND status SeND is defined in RFC 3971 - SEcure Neighbor Discovery Proposed standard - March 2005 RFC 3972 -

331 views • 15 slides
Inclusion in secure estates for neurodiverse / SEND residents Claire Collins (CCC) for the

Inclusion in secure estates for neurodiverse / SEND residents Claire Collins (CCC) for the

Inclusion in secure estates for neurodiverse / SEND residents Claire Collins (CCC) for the Education and Training Foundation Prisoner Learning Alliance Conference, 8 Sept 2020 Our workshop space and a chance to meet others Room orientation

359 views • 21 slides
Repo porting Requ quirements 1 Upload and Download Links Do not send information via email;

Repo porting Requ quirements 1 Upload and Download Links Do not send information via email;

Repo porting Requ quirements 1 Upload and Download Links Do not send information via email; send using the secure link provided in your invitation email 2 Upload and Download Links Do not send information via email; send using the secure

344 views • 16 slides
Nearest Neighbour Searching in Metric Spaces Kenneth Clarkson (1999, 2006) Nearest Neighbour

Nearest Neighbour Searching in Metric Spaces Kenneth Clarkson (1999, 2006) Nearest Neighbour

Nearest Neighbour Searching in Metric Spaces Kenneth Clarkson (1999, 2006) Nearest Neighbour Search Problem NN Given: Set U Distance measure D Set of sites S U Query point q U Find: Point p S such that D (

617 views • 51 slides
Fast Nearest Neighbour Classification Gordon Lesti July 17, 2015 Structure Introduction

Fast Nearest Neighbour Classification Gordon Lesti July 17, 2015 Structure Introduction

Fast Nearest Neighbour Classification Gordon Lesti July 17, 2015 Structure Introduction Problem Use Solutions Full Search Orchards Algorithm Annulus Method AESA Outlook Resources Nearest-Neighbour Searching Input Set U

370 views • 34 slides
Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho

Inferring and Debugging Path MTU Discovery Failures Matthew Luckie (U. Waikato) Kenjiro Cho (IIJ/WIDE) Bill Owens (NYSERNet) 1 The Problem It is desirable to send data in the fewest number of packets possible Path MTU Discovery

339 views • 19 slides
Neighbour-transitive codes in Johnson graphs Mark Ioppolo Centre for Mathematics of Symmetry and

Neighbour-transitive codes in Johnson graphs Mark Ioppolo Centre for Mathematics of Symmetry and

Codes in Graphs Neighbour-transitive codes Neighbour-transitive codes in Johnson graphs Mark Ioppolo Centre for Mathematics of Symmetry and Computation University of Western Australia August 6, 2013 Joint work with John Bamberg, Alice

238 views • 23 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Will you be my neighbour? Exploring community connections between newcomers and

Will you be my neighbour? Exploring community connections between newcomers and

Will you be my neighbour? Exploring community connections between newcomers and long-standing residents Dr. Sarah Morrison Natalie Fasheh Dr. Charlene Pauls mosaicmusiccollective.com

568 views • 15 slides
Silver and Gold Were we to know the value of helping our neighbour for the love of God, we

Silver and Gold Were we to know the value of helping our neighbour for the love of God, we

Silver and Gold Were we to know the value of helping our neighbour for the love of God, we would value it more than silver and gold. Blessed Edmund Rice CHRISTMAS 20 14 Gift Catalogue for Ghana PRESENTATION BROTHERS & BREBEUF

442 views • 4 slides
CS480/680 Lecture 2: May 8 th , 2019 Nearest Neighbour [RN] Sec. 18.8.1, [HTF] Sec. 2.3.2, [D]

CS480/680 Lecture 2: May 8 th , 2019 Nearest Neighbour [RN] Sec. 18.8.1, [HTF] Sec. 2.3.2, [D]

CS480/680 Lecture 2: May 8 th , 2019 Nearest Neighbour [RN] Sec. 18.8.1, [HTF] Sec. 2.3.2, [D] Chapt. 3, [B] Sec. 2.5.2, [M] Sec. 1.4.2 University of Waterloo CS480/680 Spring 2019 Pascal Poupart 1 Inductive Learning (recap) Induction

1.2k views • 25 slides
Basic Classification Algorithms (2) Rules, Linear Regression, Nearest Neighbour Outline Rules

Basic Classification Algorithms (2) Rules, Linear Regression, Nearest Neighbour Outline Rules

Basic Classification Algorithms (2) Rules, Linear Regression, Nearest Neighbour Outline Rules Linear Regression Nearest Neighbour Generating Rules A decision tree can be converted into a rule set A>5 + B>=0

815 views • 57 slides
Basic Classification Algorithms Rules, Linear Regression, Nearest Neighbour Outline Rules

Basic Classification Algorithms Rules, Linear Regression, Nearest Neighbour Outline Rules

Basic Classification Algorithms Rules, Linear Regression, Nearest Neighbour Outline Rules Linear Regression Nearest Neighbour Generating Rules A decision tree can be converted into a rule set A>5 + B>=0 B<7

1.09k views • 57 slides
Iola Missionary Baptist Church Send the Light Hymn # 595 Theres a call comes ringing over

Iola Missionary Baptist Church Send the Light Hymn # 595 Theres a call comes ringing over

Iola Missionary Baptist Church Send the Light Hymn # 595 Theres a call comes ringing over the restless wave, Send the light! Send the light! There are souls to rescue there are souls to save, Send the light! Send the light! Send

1.05k views • 65 slides
for SEND, IFA and Residential Children and Young People's Services Select Committee June 2018

for SEND, IFA and Residential Children and Young People's Services Select Committee June 2018

Dynamic Purchasing System for SEND, IFA and Residential Children and Young People's Services Select Committee June 2018 Whats the problem? To meet demand, we have a statutory requirement to secure external residential placements for

169 views • 12 slides
SEND Roadshow September 2019 SEND Roadshow Please download Mentimeter from your App store Aims

SEND Roadshow September 2019 SEND Roadshow Please download Mentimeter from your App store Aims

SEND Roadshow September 2019 SEND Roadshow Please download Mentimeter from your App store Aims of the Roadshow To achieve a better understanding of the SEND inspection and consider your own assess , plan, deliver, review cycle in

536 views • 32 slides
SkyCity Entertainment Group Limited 2019 Annual Meeting 18 October 2019 2019 Annual Meeting

SkyCity Entertainment Group Limited 2019 Annual Meeting 18 October 2019 2019 Annual Meeting

SkyCity Entertainment Group Limited 2019 Annual Meeting 18 October 2019 2019 Annual Meeting Meeting duly convened Quorum present Minutes of 2018 Annual Meeting available on SkyCitys website Sequence of Meeting Chairs

445 views • 44 slides
I must first take you through some housekeeping. In the event of an emergency please make your way

I must first take you through some housekeeping. In the event of an emergency please make your way

Good afternoon My name is Michael Bushby, I am the Chairman of your company, EROAD. I must first take you through some housekeeping. In the event of an emergency please make your way to one of the two exits in this room (where you came in and

808 views • 43 slides
Q1 2019 financial results 30 April 2019 Novaturas Group Q1 2019 highlights 41,0 41,097 97 EUR

Q1 2019 financial results 30 April 2019 Novaturas Group Q1 2019 highlights 41,0 41,097 97 EUR

Novaturas Group Presentation addressing Q1 2019 financial results 30 April 2019 Novaturas Group Q1 2019 highlights 41,0 41,097 97 EUR 28.8 EUR 28.8m 15.7 15.7% share in Q1 2019 sales PAX sold in Q1 2019 Q1 2019 revenue (+9.2% y/y)

710 views • 21 slides
REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL 2019 REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL

REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL 2019 REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL

REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL 2019 REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL 2019 We are CLEAR about what we need to do to provide value to our shareholders REFINING NZ ANNUAL GENERAL MEETING | 12 APRIL 2019 To delight

417 views • 31 slides
Special Meeting of Shareholders 16 January 2020 Agenda Chairs Address Resolutions 2

Special Meeting of Shareholders 16 January 2020 Agenda Chairs Address Resolutions 2

Special Meeting of Shareholders 16 January 2020 Agenda Chairs Address Resolutions 2 Investore Property Limited Special Meeting of Shareholders 16 January 2020 Background to the Transaction Loan to value ratio 42% 5. Contract Rental

402 views • 21 slides
Presentation of the Financial Affairs Committee (FAC) to the Faculty Senate (April 20, 2016)

Presentation of the Financial Affairs Committee (FAC) to the Faculty Senate (April 20, 2016)

Presentation of the Financial Affairs Committee (FAC) to the Faculty Senate (April 20, 2016) George G. Adams, Chair Kathleen C. Kelly Professor of MIE Professor of English Helen H. Suh Harlan D. Platt Hameed Metghalchi Professor of

959 views • 14 slides
ANNUAL SHAREHOLDERS MEETING 24 October 2019 AGENDA 1. CHAIRS ADDRESS 2. CEOS ADDRESS

ANNUAL SHAREHOLDERS MEETING 24 October 2019 AGENDA 1. CHAIRS ADDRESS 2. CEOS ADDRESS

ANNUAL SHAREHOLDERS MEETING 24 October 2019 AGENDA 1. CHAIRS ADDRESS 2. CEOS ADDRESS 3. RESOLUTIONS & VOTING 4. GENERAL Q&A 5. REFRESHMENTS 2 Chris Aiken Mark Binns Rod Snodgrass Kim Ellis Carolyn Steele Noeline

564 views • 40 slides
Annual General Meeting Flight Centre Travel Group ASX: FLT | November 7, 2019 AGENDA Todays

Annual General Meeting Flight Centre Travel Group ASX: FLT | November 7, 2019 AGENDA Todays

Annual General Meeting Flight Centre Travel Group ASX: FLT | November 7, 2019 AGENDA Todays Chairmans Address Gary Smith Schedule MDs Address Graham Turner Resolutions General Questions Polling Refreshments Results &

507 views • 32 slides

More recommend