摘要
邻居发现协议(NeighborDiscoveryProtocol,NDP)作为IPv6协议的重要组成部分,取代了IPv4中的ARP协议、ICMP路由发现和ICMP重定向功能。文章分析了NDP存在的安全问题,尤其是伪造IP地址攻击,并在此基础上提出采用加密生成地址和签名技术等来解决这些安全威胁。
NDP(Neighbor Discovery Protocol, NDP) is an important part of IPv6 protocol, which corresponds to a combination of ARP protocol, ICMP router discovery and ICMP redirect function in IPv4. This paper analyses security problem that may be subjected to NDP, especially IP address spoofing attack. At last, this paper puts forward CGA (Cryptographically Generated Addresses, CGA) and signature to solve the threats of IPv6 NDP.
出处
《信息安全与通信保密》
2006年第9期100-101,104,共3页
Information Security and Communications Privacy
基金
国家网络与信息安全中心(2004-研1-917-C-021)项目资助。
