Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations

Neighbor Discovery Protocol (NDP) is one of the main protocols in IPv6 suite. However, it has no security mechanisms and is vulnerable to various attacks. Using an RSA key pair, cryptographically generated addresses, a digital signature, and X.509 certificates, Secure Neighbor Discovery (SEND) is designed to countermeasure NDP threats. Unfortunately, SEND deployment is still a challenge for several reasons. First, SEND is compute intensive. Second, its deployment isn´t trivial, and its authorization delegation discovery mechanism is theoretical rather than practical. Third, operating systems lack sophisticated SEND implementations. In this article, the authors give an overview of the SEND deployment challenges and review some of the proposals to optimize SEND to make it applicable.