OverviewMan using phone

Neighbor Discovery Protocol (NDP) is defined in RFCs 2461[7] and 2462[8]. It has specific functions like Neighbor Discovery (ND), Address Auto-configuration, Router Discovery (RD), Neighbor Un-reachability Detection (NUD), Address Resolution, Duplicate Address Detection (DAD), Redirection etc.

Neighbor Discovery Protocol diagram

The NDP message format is given below.

NDP message format

Cryptographic Generated Addresses (CGA)

In basic CGA, 62 bits are used to store cryptographic hash of a public key.

host ID = HASH62(public_key)

By embedding security parameter, “sec” in the two rightmost bits of 128-bit Ipv6 address, the hash length can be increased to gain strong security.

In this case, the CGA will have the 64 + 20 x Sec rightmost bits of the hash value equal the concatenation of 20 x Sec zero bits and the interface identifier of the address. While comparing, the two rightmost bits and the universal and group bits are ignored.

Hash = HASH(public_key)

Hash function diagram


The NDP specifications emphasize the use of IPsec to protect NDP messages. But RFCS do not describe the instructions of using IPsec in NDP.

IPsec AH can be used with NDP messages to enhance security. Also, the hosts can verify through AH that Neighbor Advertisements and Router Advertisements do contain proper and accurate information.

IPsec can be used in NDP only through manual configuration of Security Associations (SA) and this can be a tedious or impractical task considering the volume. The main reasons for manual configuration are:

  • SAs can be created only through using the Internet Key Exchange (IKE). But IKE requires a functional IP stack in order to function and this result in a bootstrapping problem.
  • Even if SAs were established, it is not possible to verify the ownership of dynamically generated IP addresses.

SEND Protocol

As NDP is used by both hosts and routers, it is more vulnerable to various attacks unless secured. To encounter the threats to NDP, Secure Neighbor Discovery (SEND) protocol is designed. Various protocol options are given below.

  • Cryptographically Generated Addresses (CGA) Option

The CGA ensures that the sender of an NDP message is the owner of the claimed address. Before claiming an address, each node generates a public-private key pair and the CGA option verifies this key.

The format of the CGA option is:


format CGA

  • RSA Signature Option

The public key signatures maintain the integrity of the messages and authenticate the sender identity. The RSA Signature option protects messages by requiring public-key based signatures attached to every NDP message.

The format of the RSA Signature option is:format RSA Signature

format of the RSA Signature

  • Timestamp Option

The Timestamp option provides replay protection and ensures that unsolicited advertisements and redirects have not been replayed.

The format of Timestamp option is

format of Timestamp option

  • Nonce Option

The Nonce option protects messages when used in solicitation-advertisement pairs. It ensures that an advertisement is a fresh response to a solicitation sent earlier by the node.

The format of nonce option is:

  • format of nonce
  • Certification Path Solicitation

Authorization is provisioned for both routers and hosts with routers getting certificates from a trust anchor and hosts getting configured to authorize routers. Separate certification path solicitation and advertisement messages are used to know the certification path to the trust anchor. Hosts will send the Certification Path Solicitations.

Certification Path Solicitation

Routers will send the Certification Path Advertisement messages.

Certification Path Advertisement messages

Threats Countered by SEND

Threats Countered by SEND table