Networks have enhanced our ability to communicate and access information by allowing one personal computer to communicate over a network (or network connection) with another personal computer and/or other networking devices, using electronic messages. When transferring an electronic message between personal computers or networking devices, the electronic message will often pass through a protocol stack that performs operations on the data within the electronic message (e.g., packetizing, routing, flow control).
The first major version of addressing structure, Internet Protocol Version 4 (IPv4), is still the dominant protocol of the Internet, although the successor, Internet Protocol Version 6 (IPv6) is being deployed actively worldwide. It is anticipated that the transition between IPv4 Internet and an IPv6-based Internet will be a long process during which both protocol versions will coexist. Specifically, during the gradual transition, existing IPv4 applications will be able to work with the newer IPv6 enabled application using a dual-stack, which includes both an IPv4 protocol stack and an IPv6 protocol stack.
The IPv6 network protocol provides that IPv6 hosts or host devices (e.g., image forming apparatuses and other devices) can configure themselves automatically (i.e., stateless address autoconfiguration) when connected to an IPv6 network using ICMPv6 neighbor discovery messages (i.e., Neighbor Discovery Protocol or NDP). When first connected to a network, an IPv6 host sends a link-local multicast neighbor solicitation request advertising its tentative link-local address for double address detection (dad) if no problem is encountered the host uses the link-local address. The router solicitations are sent (or router advertisements are received depending on timing) to obtain network-layer configuration parameters, and routers respond to such a request with a router advertisement packet that contains network-layer configuration parameters.
However, the Neighbor Discovery Protocol (NDP) specifications call for the use of IPsec to protect NDP messages, which can present problems for hosts (or host devices). Specifically, IPsec can only be used with a manual configuration of security associations, due to bootstrapping problems in using IKE (Internet Key Exchange), since establishing the required session to send NDP messages first requires the prior exchange of NDP messages in order to enable delivery of any IPv6 packets. In addition, it can be appreciated that the solution of manually configured IPsec sessions is not feasible for the typical number of hosts in a network. Furthermore, the number of manually configured security associations needed for protecting NDP can be very large, making that approach impractical for most purposes.
Thus, one solution to the above-mentioned problem has been the use of the SEcure Neighbor Discovery (SEND) protocol, which is a security extension of the Neighbor Discovery Protocol (NDP) in IPv6. SEcure Neighbor Discovery (SEND) provides a mechanism for securing NDP with a cryptographic method that is independent of IPsec, the original and inherent method of securing IPv6 communications.