A Study On The Security Mechanism Of SEND Protocol And Its Application To Local Area Network

Secure Neighbor Discovery Protocol is based on Neighbor Discovery Protocol(NDP) and IPv6 protocol, and solves a set of problems about the secure interaction between nodes attached to the same link. However, the NDP is relied on entirely the credible network and so is faced with a variety of security threats, especially the absence of routing authentication. Routing authentication mechanism provided by secure protocol represented in SEND includes two aspects at the moment, one is the authentication of messages, the other is the authentication of router. This thesis introduces the principle of pseudo-random sequence to the authentication. Based on the IPv6 extension header, the research emphasizes on the effective authentication of routing path and secure transmission of the data. The main contributions of this thesis are summarized as follows.The main functions of IPv6 protocol and SEND protocol are analyzed as well as its security mechanism, especially on the absence of routing authentication.This thesis proposes a new routing authentication concept. With the application of the periodicity and Certainty of the pseudo-random sequence, and the authentication data is delivered, in which the path of communication can be recorded every time. The routing authentication consists of three parts, the pre-configuration of nodes, the path authentication algorithm and the path IP tracing algorithm.An algorithm of routing path authentication is proposed. Due to the initial state and the state transition matrix of pseudo-random sequence can only determine the sequence, an authenticated chain is formed by sharing the same coefficient and a unique initial state sequence. In this way, the communication path is fixed and this mechanism is a effective defense of spoofing and tempering or other attacks.Based on the path authentication algorithm, A path IP tracing mechanism based on three types of control packets is proposed. The whole path information can be recorded, with the help of metric value and timeout message, each hop node send a message to receiving node after each backtrack. In addition, IPv6 extension header also used with path IP backtracking message in order to authenticating again.The simulation model of the path authentication schemes and algorithms is established by using the NS-3 simulator. The message is analyzed by using Wireshark. In this way, it will implement the basis of the data collection in routing authentication and provides data analysis. The new protocol are compared to calculate the extra time delay.Through demonstration and the analysis of simulation data, it shows this thesis proposes a secure routing authentication scheme, which is applied to network layer. It could effectively authenticate the path, protect the neighbor discovery, provide integrity check, and achieve the secure transmission without a significant in the power and computation consumption. It can be applied to a wide range of secure network communications.