Abstract—IPv6 adds many improvements to IPv4 in areas such as address space, built-in security, quality of service, routing and network auto-configuration. IPv6 nodes use the Neighbor Discovery (ND) protocol to discover other nodes on the link, to determine their link-layer addresses, to find routers, to detect duplicate address, and to maintain reachability information about the paths to active neighbors. ND is vulnerable to various attacks when it is not secured. The original specifications of ND called for the use of IPsec as a security mechanism to protect ND messages. However, its use is impractical due to the very large number of manually configured security associations needed for protecting ND. For this reason, the Secure Neighbor Discovery Protocol (SEND) was proposed. In this paper, we present Easy-SEND, an open source implementation of SEND that can be used in production environment or as a didactic application for the teaching and learning of the SEND protocol. Easy-SEND is easy to install and use, and it has an event logger that can help network administrators to troubleshoot problems or students in their studies. It also includes a tool to generate and verify Cryptographically Generated Addresses (CGA) that are used with SEND. Index Terms— Cryptography, CGA, IPv6, Secure Neighbor Discovery Protocol, Security. I. INTRODUCTION IPv6 [6][7][9] (Internet Protocol version 6) is a solution to the problem of the shortage of public IPv4 addresses that faces Internet. IPv6 adds many improvements to IPv4 in areas such as quality of service, routing and network auto-configuration. Even if IPv6 has been around for more than ten years now, there is a lack of IPv6 network specialists in Venezuela and around the world. Therefore, the training of IPv6 specialists has become an important issue. In the undergraduate program of Computer Science at Central University of Venezuela (in Spanish: Universidad Central de Venezuela), some courses have been upgraded or added to the curriculum to face the problem. For example, Advanced Network Protocols (in Spanish: Protocolos Avanzados en Redes) is a new course that was introduced to the curriculum of the undergraduate program of Computer Science in 2005. Its objectives include the understanding of IPv6 standards, such as the ND [13] (Neighbor Discovery) protocol and the SEND [1] (Secure Neighbor Discovery) protocol. Manuscript received July 7, 2009. S. Chiu is with the School of Computer Science, Universidad Central de Venezuela, Facultad de Ciencias, Los Chaguaramos, Caracas, Venezuela (e-mail: saychiu@gmail.com). E. Gamess is with the Laboratory of Communications and Networks, Universidad Central de Venezuela, Facultad de Ciencias, Caracas, Venezuela (phone: +58-212-6051061; e-mail: egamess@kuaimare.ciens.ucv.ve). Since ND [13] is supported by all the actual modern operating systems, a variety of practices are done in the course (Advanced Network Protocols) to strengthen student’s knowledge about this important protocol. However, we have been facing the lack of support for SEND [1] (as stated is Section V) from manufacturers and it has been almost impossible for us to do laboratories to clarify the complex procedures involved in SEND. Therefore, we decided to develop a new application (Easy-SEND) from scratch that implements the SEND protocol, with good support for the teaching and learning process. Its main goal is to be used as a didactic application in advanced courses related to networks at Central University of Venezuela. Additionally, Easy-SEND can be used in production networks where security is important as a replacement of the ND protocol. The rest of this paper is organized as follows: An overview of ND is presented in Section II. Vulnerability issues for ND are discussed in Section III. SEND is presented in Section IV. Related works are viewed in Section V. Easy-SEND is introduced and justified in Section VI. Conclusions and future work are discussed in Section VII. II. NEIGHBOR DISCOVERY PROTOCOL OVERVIEW The ND [13] (Neighbor Discovery) protocol solves a set of problems related to the interaction between nodes attached to the same link. It defines mechanisms to solution each of the following problems: router discovery, prefix discovery, parameter discovery, address auto-configuration, address resolution, next-hop determination, Neighbor Unreachability Detection (NUD), Duplicate Address Detection (DAD), and redirect. The ND protocol has five messages or PDUs (Protocol Data Units) provided by ICMPv6 [5] (Internet Control Message Protocol version 6), an updated version of ICMPv4 [8] (Internet Control Message Protocol version 4). These messages are: RS (Router Solicitation), RA (Router Advertisement), NS (Neighbor Solicitation), NA (Neighbor Advertisement), and Redirect. RS are sent by IPv6 hosts to discover neighboring routers on an attached link. RA are sent by IPv6 routers periodically (unsolicited multicast router advertisements) or in response to a RS message (solicited router advertisements). NS are sent by IPv6 nodes to resolve a neighbor’s IPv6 address to its link-layer address (MAC address) or to verify if an IPv6 node is still reachable (NUD). NA are sent by IPv6 nodes in response to a NS message or to propagate a link-layer address change. Redirect messages are sent by IPv6 routers to inform hosts of a better first-hop for a destination. Easy-SEND: A Didactic Implementation of the Secure Neighbor Discovery Protocol for IPv6 Say Chiu and Eric Gamess Proceedings of the World Congress on Engineering and Computer Science 2009 Vol I WCECS 2009, October 20-22, 2009, San Francisco, USA ISBN:978-988-17012-6-8 WCECS 2009