Abstract: This Paper introduces the security threats of Neighbor Discovery Protocol(NDP), and analyses the mechanism of Secure Neighbor Discovery (SEND), which is the current security algorithm, to prevent nodes from spoofing attacks by adding some options to the NDP packets, eg. CGA and RSA signature option, etc. In order to solve the management problem of public key in SEND, Public Key Infrastructure(PKI) is introduced to establish secure communication using certifications, which can improve the security of NDP.

Key words: IPv6, Neighbor Discovery Protocol(NDP), Secure Neighbor Discovery(SEND), Public Key Infrastructure(PKI)

摘要： 介绍邻居发现协议(NDP)存在的安全威胁，分析其中的安全邻居发现算法(SEND)的工作机制，在NDP报文中加入CGA和RSA签名等选项，以抵御一些欺骗性攻击，针对SEND中未解决的公钥管理问题引入公钥基础设施，建立依靠证书的安全通信，进一步提高NDP的安全。

关键词: IPv6协议, 邻居发现协议, 安全邻居发现, 公钥基础设施

CLC Number: 

• TP393.08