short-paper

WinSEND: Windows SEcure Neighbor Discovery

Authors:

Hosnieh Rafiee,

Ahmad Alsa'deh,

Christoph MeinelAuthors Info & Claims

SIN '11: Proceedings of the 4th international conference on Security of information and networks

Pages 243 - 246

https://doi.org/10.1145/2070425.2070469

Published: 14 November 2011 Publication History

Abstract

Neighbor Discovery Protocol (NDP) is an essential protocol in IPv6 suite, but it is known to be vulnerable to critical attacks. Thus, SEcure Neighbor Discovery (SEND) is proposed to counter NDP security threats. Unfortunately, operating systems lack the sophisticated implementations for SEND. There is limited success with SEND implementation for Linux and BSD, and no implementation for Windows families. Therefore, the majority of the users are not secured with SEND. In this paper, we will introduce an implementation of SEND for Windows families (WinSEND). WinSEND is a user-space application which provides the protection for NDP in Windows. It has direct access to Network Interface Card (NIC) and efficiently handles NDP messages by using Winpcap. WinSEND works as a service with easy user interface to set the security parameters for selected NIC.

References

[1]

Nikander, P., Kempf, J., and Nordmark E., IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC 3756, May 2004.

Digital Library

[2]

Arkko, J., Kempf, J., Zill, B., and Nikander, P., SEcure Neighbor Discovery (SEND), RFC 3971, March 2005.

[3]

Aura, T., Cryptographically Generated Addresses (CGA), RFC 3972, March 2005. Updated by RFCs 4581, 4982.

[4]

Microsoft TechNet, IPv6 Security Considerations and Recommendations, http://technet.microsoft.com/en-us/library/bb726956, 2011.

[5]

OS Platform Statistics, http://www.w3schools.com/browsers/browsers_os.asp, 2011.

[6]

Narten, T., Nordmark, E., Simpson, W., and Soliman, H., Neighbor Discovery for IP version 6 (IPv6), RFC 4861, September 2007.

[7]

Thomson, S., Narten, T., and Jinmei, C., IPv6 Stateless Address Autoconfiguration, RFC 4862, September 2007.

[8]

Koodli, R., Ed., "Mobile IPv6 Fast Handovers", RFC 5568, July 2009.

[9]

Narten, T., Draves, R., and Krishnan, S., Privacy Extensions for Stateless Address Autoconfiguration in IPv6, RFC 4941, September 2007.

[10]

DoCoMo USA labs, http://www.docomolabs-usa.com/lab_opensource.html

[11]

NDprotector, http://amnesiak.org/NDprotector/

[12]

Chiu, S. and Gamess, E., Easy-SEND: A Didactic Implementation of the Secure Neighbor Discovery Protocol for IPv6, Proceedings of the World Congress on Engineering and Computer Science, volume 1, 2009.

[13]

Kukec, A. and Zeeb, B.A., Native SeND kernel API for* BSD, 2010. http://people.freebsd.org/~anchie/SeND_AsiaBSDCon_2010.pdf

[14]

ipv6-send-cga, http://code.google.com/p/ipv6-send-cga/

[15]

Winpcap documentation, http://www.winpcap.org

[16]

SIO_RCVALL Control Code, Build date: 21. 07. 2011, http://msdn.microsoft.com/enus/library/ee309610

[17]

Windows Filtering Platform, http://msdn.microsoft.com/en-us/windows/hardware/gg463267.aspx

[18]

Transport Driver Interface (TDI), 2011, http://msdn.microsoft.com/en-us/library/ms819740.aspx

[19]

Smith, M., and Loguinov, D., Enabling high-performance internet-wide measurements on windows. In PAM'10: Proc. of Passive and Active Measurement Conference, pages 121--130, Zurich, Switzerland, 2010.

Digital Library

Cited By

Seth ABiswas SDhar A(2023)DADCNFComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109539222:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.comnet.2022.109539
Zhang LSun JYan JGuo YCheng LDu W(2022)CGA Configuration Detection Method of IPv6 Nodes by Combining Active Probing with Passive Sniffing2022 IEEE 22nd International Conference on Communication Technology (ICCT)10.1109/ICCT56141.2022.10072432(1358-1362)Online publication date: 11-Nov-2022
https://doi.org/10.1109/ICCT56141.2022.10072432
Shah J(2019)Secure Neighbor Discovery ProtocolInternational Journal of Business Data Communications and Networking10.4018/IJBDCN.201901010515:1(71-87)Online publication date: Jan-2019
https://doi.org/10.4018/IJBDCN.2019010105
Show More Cited By

Index Terms

WinSEND: Windows SEcure Neighbor Discovery
1. Networks
  1. Network protocols
2. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Evaluating TCP-friendliness in light of Concurrent Multipath Transfer

In prior work, a CMT protocol using SCTP multihoming (termed SCTP-based CMT) was proposed and investigated for improving application throughput. SCTP-based CMT was studied in (bottleneck-independent) wired networking scenarios with ns-2 simulations. ...
TCP CERL: congestion control enhancement over wireless networks

In this paper, we propose and verify a modified version of TCP Reno that we call TCP Congestion Control Enhancement for Random Loss (CERL). We compare the performance of TCP CERL, using simulations conducted in ns-2, to the following other TCP variants: ...
The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections
SIGMETRICS '00: Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Our research focuses on end-to-end congestion avoidance algorithms that use round trip time (RTT) fluctuations as an indicator of the level of network congestion. The algorithms are referred to as delay-based congestion avoidance or DCA. Due to the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

SIN '11: Proceedings of the 4th international conference on Security of information and networks

November 2011

276 pages

ISBN:9781450310208

DOI:10.1145/2070425

General Chairs:
Mehmet A. Orgun
Macquarie University, Australia
,
Atilla Elçi
Süleyman Demirel University, Turkey
,
Oleg Makarevich
Southern Federal University, Russia
,
Sorin Huss
Techniche Universitat Darmstadt, Germany
,
Program Chairs:
Josef Pieprzyk
Macquarie University, Australia
,
Lyudmila Babenko
Southern Federal University, Russia
,
Alexander Chefranov
Eastern Mediterranean University, North Cyprus
,
Rajan Shankaran
Macquarie University, Australia

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SDU: Suleyman Demirel University
AOARD: Asian Office of Aerospace Research and Development
RDECOM: U.S. Army Research, Development and Engineering Command
US Army ITC-PAC Asian Research Office
AFOSR: AFOSR
ONRGlobal: U.S. Office of Naval Research Global
Macquarie University-Sydney

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

SIN 2011

SIN 2011: The 4th International Conference on Security of Information and Networks

November 14 - 19, 2011

Sydney, Australia

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
222
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Seth ABiswas SDhar A(2023)DADCNFComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109539222:COnline publication date: 1-Feb-2023
https://dl.acm.org/doi/10.1016/j.comnet.2022.109539
Zhang LSun JYan JGuo YCheng LDu W(2022)CGA Configuration Detection Method of IPv6 Nodes by Combining Active Probing with Passive Sniffing2022 IEEE 22nd International Conference on Communication Technology (ICCT)10.1109/ICCT56141.2022.10072432(1358-1362)Online publication date: 11-Nov-2022
https://doi.org/10.1109/ICCT56141.2022.10072432
Shah J(2019)Secure Neighbor Discovery ProtocolInternational Journal of Business Data Communications and Networking10.4018/IJBDCN.201901010515:1(71-87)Online publication date: Jan-2019
https://doi.org/10.4018/IJBDCN.2019010105
Tian DButler KChoi JMcDaniel PKrishnaswamy P(2017)Securing ARP/NDP From the Ground UpIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.269598312:9(2131-2143)Online publication date: Sep-2017
https://doi.org/10.1109/TIFS.2017.2695983
Mohamed Sid Ahmed AHassan ROthman N(2017)IPv6 Neighbor Discovery Protocol Specifications, Threats and Countermeasures: A SurveyIEEE Access10.1109/ACCESS.2017.27375245(18187-18210)Online publication date: 2017
https://doi.org/10.1109/ACCESS.2017.2737524
Song GJi Z(2016)Anonymous-address-resolution modelFrontiers of Information Technology & Electronic Engineering10.1631/FITEE.150038217:10(1044-1055)Online publication date: 14-Oct-2016
https://doi.org/10.1631/FITEE.1500382
Praptodiyono SMurugesan RHasbullah IWey CKadhum MOsman A(2015)Security mechanism for IPv6 stateless address autoconfiguration2015 International Conference on Automation, Cognitive Science, Optics, Micro Electro-Mechanical System, and Information Technology (ICACOMIT)10.1109/ICACOMIT.2015.7440150(31-36)Online publication date: Oct-2015
https://doi.org/10.1109/ICACOMIT.2015.7440150
AlSa’deh ARafiee HMeinel C(2013)SEcure Neighbor DiscoveryTheory and Practice of Cryptography Solutions for Secure Information Systems10.4018/978-1-4666-4030-6.ch008(178-198)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-4030-6.ch008
Rafiee Hvon Lowis MMeinel C(2013)DNS Update Extension to IPv6 Secure AddressingProceedings of the 2013 27th International Conference on Advanced Information Networking and Applications Workshops10.1109/WAINA.2013.117(896-902)Online publication date: 25-Mar-2013
https://dl.acm.org/doi/10.1109/WAINA.2013.117
Guangjia SZhenzhou J(2013)Review of Address Resolution Process Attacks and Prevention ResearchProceedings of the 2013 Third International Conference on Instrumentation, Measurement, Computer, Communication and Control10.1109/IMCCC.2013.221(994-998)Online publication date: 21-Sep-2013
https://dl.acm.org/doi/10.1109/IMCCC.2013.221
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents