| Along with the development of Internet, the address pool of IPv4 is getting empty. As the next generation of Internet protocol, IPv6 is proposed by IETF, and gain widespread deployment as an effort to alleviate IPv4 address exhaustion. NDP is a network layer protocol in IPv6 protocol stack, and it is the IPv6 version of the combination of the ARP and some ICMP functions of IPv4. The main functions of NDP are Neighbor Discovery, Router Discovery and Routing Redirect.One of the most concerned research subjects of IPv6 is Security, and it's most acute in NDP. The authors of NDP didn't take security issues into considerations in NDP specification, which makes NDP a vulnerable target of most attacks. In order to counter these threats, SEND is proposed as the security extension of NDP. By using CGA addresses, digital signatures and X.509v3 certificates of PKI, SEND could counter most of the threats of NDP.This thesis first analyses the NDP protocol, SEND protocol and its extension (which proposed by Huawei Technologies), focusing on their message formats and funtionalities. Then, by using the results of the analyses, the preliminary design of the implementation of SEND protocol and its extension on a LINUX system is proposed. In the following chapter, the article proposed the details of the implementation of SEND protocol. A part of the test results is also provided in this thesis.Finally, the major work of this thesis is summarized, and the existent insufficiencies and future improvements of the implementation of SEND are pointed out. Work and research during master are listed at last. |
PDF Full Text Request