Voucher-Based Addressing & Sessions: A Simple, Flexible, Privacy-Preserving Recipe for Mitigating IPv6 Neighbor Discovery Redirection Attacks

Abstract

The vast majority of local IPv6 networks continue to remain insecure and vulnerable to neighbor spoofing attacks, a fearsomely practical attack vector formally described many years ago. The Secure Neighbor Discovery (SEND) standard and its concomitant Cryptographically Generated Addressing (CGA) scheme were introduced, revised, and adopted by large standards bodies to codify practical mitigations. Considering their poor adoption, much research since their acceptance has continued to find new perspectives and proffer new ideas. The orthodox solutions for securing Neighbor Discovery traffic have historically struggled to successfully harmonize three core ideals: simplicity, flexibility, and privacy preservation. This research introduces an alternative to IPv6 address generation methods that secures the Neighbor Discovery address resolution process while remaining highly adaptable, indistinguishable, and privacy-focused. Applying a unique concoction of cryptographic key derivation functions, hash chaining, link-layer address binding, and neighbor consensus on the parameters of address generation, local address ownership is verifiable without the need for techniques that have hindered the adoption of the canonical specifications. Voucher-Based Addressing and end-to-end Neighbor Discovery Sessions are presented as synergistic, low-configuration, low-cost, and high-impact specifications for securing local networks against neighbor spoofing attacks.