Skip to main content

11. Security Considerations

This document updates IPv6 Neighbor Discovery and related 6LoWPAN/RPL specifications to allow a node to register an IPv6 prefix with neighbor routers. Key protocol details are preserved below from the RFC text.

11.  Security Considerations

This specification updates [RFC8505], and the security considerations
of that document also apply to this document. In particular, the
link layer SHOULD be sufficiently protected to prevent rogue access,
else a rogue node with physical access to the network may inject
packets and perform an attack from within.

Section 9 leverages AP-ND [RFC8928] to prevent a rogue node from
registering a unicast address that it does not own. The mechanism
could be extended to anycast and multicast addresses if the values of
the ROVR they use are known in advance, but how this is done is not
in scope for this specification. One way would be to authorize in
advance the ROVR of the valid users. A less preferred way could be
to synchronize the ROVR and TID values across the valid registering
nodes as a preshared key material.

In the latter case, it could be possible to update the keys
associated to a prefix in all the 6LNs, but the flow is not clearly
documented and may not complete in due time for all nodes in LLN use
cases. It may be simpler to install an all-new address with new keys
over a period of time and switch the traffic to that address when the
migration is complete.