S. Si-ce-n-'est-pas-le-cas,-un and . Créé, ) l'état devient TENTATIVE_DAD, comme illustré dans la Figure 3.10. Le processus SEND SAVI attend la fin de la procédure DAD : si elle échoue, (2) l'état repasse en NO_BIND sinon (3) il passe en VALID. Pour le cas 2.b, (10) l'état devient TENTATIVE_NUD et l'entité SAVI initie une procédure NUD

S. Si-un, avec un état VALID pour le port P, cela peut indiquer que le noeud IP s'est connecté ailleurs. L'entité SAVI initie une procédure NUD et (5) l'état passe à TESTING_VP

S. Si-un, @. Le-port, and P. Qu, un DAD_NS est reçu sur un port différent P', cela peut indiquer que le noeud IP s'est connecté ailleurs. L'entité SAVI initie une procédure NUD et (8) l'état passe à TESTING_VP'. Si la procédure NUD réussit, alors (7) l'état repasse à VALID sinon (9) l'

S. Si-un, @. Le-port, P. Et-qu-'un, D. Reçu-sur, and P. , ) l'état devient TENTATIVE_DAD. Le processus SEND SAVI attend la fin de la procédure DAD : si elle échoue, (2) l'état passe en NO_BIND sinon (3) il repasse en VALID. Finalement, comme décrit auparavant, chaque SAVI-B a une durée de vie (i.e., champ LIFETIME) Cette dernière est renouvelée régulièrement en se basant sur l'activité du noeud IP (e.g., flux data). Un SAVI-B ayant l'état VALID et dont la durée de vie expire, p.alors

J. Bournelle, J. Combes, M. Laurent-maknavicius, and S. Larafa, Using PANA for Mobile IPv6 Bootstrapping, NETWORKING 2007. Ad Hoc and Sensor Networks, Wireless Networks, Next Generation Internet, pp.345-355, 2007.
DOI : 10.1007/978-3-540-72606-7_30
URL : https://hal.archives-ouvertes.fr/hal-01328113

]. J. Bvb-+-06, G. Bournelle, D. Valadon, S. Binet, M. Zrelli et al., AAA considerations within several NEMO deployments scenarios, The first International Workshop on Network Mobility (NEMO), 2006.

J. Combes, G. Arfaoui, and M. Laurent, Dynamic DNS Update Security, Based on Cryptographically Generated Addresses and ID-Based Cryptography, in an IPv6 Autoconfiguration Context, 2012 Seventh International Conference on Availability, Reliability and Security, 2012.
DOI : 10.1109/ARES.2012.69
URL : https://hal.archives-ouvertes.fr/hal-00756609

T. Cheneau and J. Combes, Une attaque par rejeu sur le protocole SEND, SAR-SSI '08 : 3e Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, pp.289-300, 2008.
URL : https://hal.archives-ouvertes.fr/hal-01327423

J. Combes and M. Laurent, Source Address Validation Improvements (SAVI), mécanismes de prévention contre l'usurpation d'adresses IP source, SSTIC '12 : Symposium sur la sécurité des technologies de l'information et des communications, pp.264-295, 2012.

J. Combes, A. Wailly, and M. Laurent, Internet Key Exchange Version 2 with IPV6 Cryptographically Generated Addresses, ICSNA '12 : International Conference on Secure networking and Applications, 2011.

J. Combes, A. Wailly, and M. Laurent, CGA as alternative security credentials with IKEv2 : implementation and analysis, SAR-SSI '12 : 7e Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, pp.53-59, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00747186

. Lbc-+-06-]-r, J. Marin-lopez, J. Bournelle, M. Combes, A. F. Laurent-maknavicius et al., Improved EAP keying framework for a secure mobility access service, International Wireless Communications and Mobile Computing Conference IWCMC 2006 Liste des contributions IETF [CKD10] J-M. Combes, S. Krishnan, and G. Daley. Securing Neighbor Discovery Proxy : Problem Statement. RFC 5909, 2006.

F. Costa, X. Pougnard, L. Lihongyu, and J. Combes, Duplicate Address Detection Proxy. Internet-Draft draft-ietf-6man-dad-proxy-02, 2012.

F. Dupont and J. Combes, Using IPsec between Mobile and Correspondent IPv6 Nodes. Internet-Draft draft-ietf-mip6-cn-ipsec-08, 2008.

J. [. Dupont, M. Combes, and . Laurent-maknavicius, Dynamic Home Agent Address Discovery (DHAAD) Considered Harmful. Internet-Draft draft- dupont-mext-dhaadharmful-00, 2008.

F. Xia, S. Krishnan, W. Haddad, J. Combes, and C. Li, Distributing a Symmetric Neighbor Discovery Key Using SEND. Internet-Draft draft-xia-csi- symmetric-key-00, 2008.

[. Brevets, D. Combes, and . Migault, Method for the secure allocation, to a private network node, of an IPv6 address, 1273.

J. Combes and D. Migault, Procédé d'allocation sécurisée d'une adresse IPv6 à un noeud d'un réseau privé, p.2961994, 2011.

D. Eastlake-3rd, Storage of Diffie-Hellman Keys in the Domain Name System (DNS). RFC 2539, 1999.

D. Eastlake-3rd, DNS Request and Transaction Signatures ( SIG(0)s ). RFC 2931, 2000.

]. D. Eastlake-3rd, RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) RFC 3110, 2001.

R. [. Atkins and . Austein, Threat Analysis of the Domain Name System (DNS), RFC, vol.3833, 2004.
DOI : 10.17487/rfc3833

R. R. Arends, M. Austein, D. Larson, S. Massey, and . Rose, DNS Security Introduction and Requirements, RFC, vol.4033, 2005.
DOI : 10.17487/rfc4033

C. An, J. Jiahaiyang, J. Wu, and J. Bi, Definition of Managed Objects for SAVI Protocol. Internet-Draft draft-an-savi-mib-00, 2010.

C. An, J. Jiahaiyang, J. Wu, and J. Bi, Definition of Managed Objects for SAVI Protocol. Internet-Draft draft-an-savi-mib-02, 2011.

J. Arkko, J. Kempf, B. Zill, and P. Nikander, SEcure Neighbor Discovery (SEND), RFC, vol.3971, 2005.
DOI : 10.17487/rfc3971

]. S. Arph03, K. Al-riyami, R. Paterson, and . Holloway, Certificateless public key cryptography, pp.452-473, 2003.

]. T. Aur and . Aura, Cryptographically Generated Addresses (CGA), Lecture Notes in Computer Science, vol.2851, pp.29-43
DOI : 10.1007/10958513_3

/. Springer-berlin, . Heidelberg, . Bibliographieaur05-]-t, and . Aura, Cryptographically Generated Addresses (CGA), RFC, vol.3972, 2005.

D. Boneh and M. Franklin, Identity-based encryption from the weil pairing, pp.213-229, 2001.

M. Bagnulo and A. Garcia-martinez, SEND-based Source-Address Validation Implementation. Internet-Draft draft-ietf-savi-send-07, 2012.

F. Baker and P. Savola, Ingress Filtering for Multihomed Networks, RFC, vol.3704, 2004.
DOI : 10.17487/rfc3704

J. Bi, J. Wu, G. Yao, and F. Baker, SAVI Solution for DHCP. Internet- Draft draft-ietf-savi-dhcp-07, 2010.

J. Bi, J. Wu, G. Yao, and F. Baker, SAVI Solution for DHCP. Internet- Draft draft-ietf-savi-dhcp-12, 2012.

]. J. Byhla11a, G. Bi, J. Yao, E. Halpern, and . Levy-abegnoli, SAVI for Mixed Address Assignment Methods Scenario. Internet-Draft draft-ietf-savi-mix-01, 2011.

]. J. Byhla11b, G. Bi, J. Yao, E. Halpern, and . Levy-abegnoli, SAVI for Mixed Address Assignment Methods Scenario. Internet-Draft draft-bi-savi-mix-04, 2011.

J. Bi, G. Yao, J. Wu, and F. Baker, SAVI Solution for Stateless Address. Internet-Draft draft-bi-savi-stateless-00, 2010.

T. Cheneau, A. Boudguiga, and M. Laurent, Significantly improved performances of the cryptographically generated addresses thanks to ECC and GPGPU, Computers & Security, vol.29, issue.4, pp.419-431, 2010.
DOI : 10.1016/j.cose.2009.12.008
URL : https://hal.archives-ouvertes.fr/hal-00496002

J. [. Cheneau and . Combes, Une attaque par rejeu sur le protocole SEND, SAR-SSI '08 : 3e Conférence sur la Sécurité des Architectures Réseaux et des Systèmes d'Information, pp.289-300, 2008.
URL : https://hal.archives-ouvertes.fr/hal-01327423

]. T. Cho11 and . Chown, IPv6 Address Accountability Considerations. Internet- Draft draft-chown-v6ops-address-accountability-01, 2011.

J. Combes, S. Krishnan, and G. Daley, Securing Neighbor Discovery Proxy : Problem Statement, RFC, vol.5909, 2010.

J. Combes and D. Migault, Method for the secure allocation, to a private network node, of an IPv6 address, 1273.

C. Castelluccia, G. Montenegro, J. Laganier, and C. Neumann, Hindering Eavesdropping via IPv6 Opportunistic Encryption, Proceedings of the European Symposium on Research in Computer Security, pp.309-321, 2004.
DOI : 10.1007/978-3-540-30108-0_19

X. [. Costa, L. Pougnard, J. Lihongyu, and . Combes, Duplicate Address Detection Proxy. Internet-Draft draft-ietf-6man-dad-proxy-02, 2012.

J. [. Dupont and . Combes, Using IPsec between Mobile and Correspondent IPv6 Nodes. Internet-Draft draft-ietf-mip6-cn-ipsec-08, 2008.

J. [. Dupont, M. Combes, and . Laurent-maknavicius, Dynamic Home Agent Address Discovery (DHAAD) Considered Harmful. Internet-Draft draft-dupont-mext-dhaadharmful-00, 2008.

A. [. Dolmatov, I. Chuprina, and . Ustinov, Use of GOST Signature Algorithms in DNSKEY and RRSIG Resource Records for DNSSEC, RFC, vol.5933, 2010.
DOI : 10.17487/rfc5933

S. Deering and R. Hinden, Internet Protocol, Version 6 (IPv6) Specification. RFC 2460, 1998.
DOI : 10.17487/rfc1883

]. V. Dol10, . Dolmatov, and . Gost-r, 11-94 : Hash Function Algorithm, RFC, vol.34, issue.5831, 2010.

T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246, 2008.

]. R. Dro97 and . Droms, Dynamic Host Configuration Protocol, RFC, vol.2131, 1997.

G. [. Ding and . Tsudik, Simple Identity-Based Cryptography with Mediated RSA, RSA, Proceedings CT-RSA 2003, pp.193-210, 2003.
DOI : 10.1007/3-540-36563-X_13

J. [. Ebalard, A. Combes, M. Boudguiga, and . Maknavicius, IPv6 autoconfiguration mechanisms security (node part), 2008.

]. A. Ecc-+-08, J. Ebalard, M. Combes, M. Charfi, F. Maknavicius et al., IPv6 autoconfiguration mechanisms security (router part), 2008.

J. Combes and D. Migault, Procédé d'allocation sécurisée d'une adresse IPv6 à un noeud d'un réseau privé, p.2961994, 2011.

P. [. Egevang and . Francis, The IP Network Address Translator (NAT). RFC 1631, 1994.

P. Ferguson and D. Senie, Network Ingress Filtering : Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC, vol.2827, 2000.

I. Gashinsky, J. Jaeggli, and W. Kumari, Operational Neighbor Discovery Problems. Internet-Draft draft-ietf-v6ops-v6nd-problems-05, 2012.

R. Gagliano, S. Krishnan, and A. Kukec, Certificate Profile and Certificate Management for SEcure Neighbor Discovery (SEND), RFC, vol.6494, 2012.
DOI : 10.17487/rfc6494

F. Gont, A method for Generating Stable Privacy-Enhanced Addresses with IPv6Stateless Address Autoconfiguration (SLAAC) Internet-Draft draft- gont-6man-stable-privacy-addresses-01, 2012.

F. Gont, Neighbor Discovery Shield (ND-Shield) : Protecting against Neighbor Discovery Attacks. Internet-Draft draft-gont-opsec-ipv6-nd-shield-00, 2012.

D. Harkins and D. Carrel, The Internet Key Exchange (IKE) RFC 2409, 1998.

S. [. Hinden and . Deering, IP Version 6 Addressing Architecture, RFC, vol.4291, 2006.
DOI : 10.17487/rfc4291

F. Hess, Efficient Identity Based Signature Schemes Based on Pairings, SAC 2002, pp.310-324, 2002.
DOI : 10.1007/3-540-36492-7_20

B. [. Hinden and . Haberman, Unique Local IPv6 Unicast Addresses, RFC, vol.4193, 2005.
DOI : 10.17487/rfc4193

D. Harrington, R. Presuhn, and B. Wijnen, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, RFC, vol.3411, 2002.
DOI : 10.17487/rfc3411

H. Krawczyk, M. Bellare, and R. Canetti, HMAC : Keyed-Hashing for Message Authentication, RFC, vol.2104, 1997.
DOI : 10.17487/rfc2104
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.383.2086

]. S. Ken05a and . Kent, IP Authentication Header, RFC, vol.4302, 2005.

]. S. Ken05b and . Kent, IP Encapsulating Security Payload (ESP), RFC, vol.4303, 2005.

. Knb-+-11-]-m, B. Kohno, R. Nitzan, Y. Bush, L. Matsuzaki et al., Using 127-Bit IPv6 Prefixes on Inter-Router Links, Bibliographie [Kob87] N. Koblitz. Elliptic Curve Cryptosystems, pp.203-209, 1987.

S. Kent and K. Seo, Security Architecture for the Internet Protocol, RFC, vol.4301, 2005.

]. W. Kum12 and . Kumari, Neighbor Discovery Enhancements for DOS mititgation. Internet-Draft draft-gashinsky-6man-v6nd-enhance-00, 2012.

M. Lepinski and S. Kent, An Infrastructure to Support Secure Internet Routing, RFC, vol.6480, 2012.
DOI : 10.17487/rfc6480

J. Laganier, G. Montenegro, and A. Kukec, Using IKE with IPv6 Cryptographically Generated Addresses. Internet-Draft draft-laganier-ike-ipv6- cga-02, 2007.

D. Mcpherson, F. Baker, and J. Halpern, SAVI Threat Scope. Internet- Draft draft-ietf-savi-threat-scope-05, 2011.

F. [. Marques and . Dupont, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing, RFC, vol.2545, 1999.
DOI : 10.17487/rfc2545

]. V. Mil and . Miller, Use of elliptic curves in cryptography, Advances in Cryptology -CRYPTO '85 Proceedings, pp.417-426

]. P. Moc87a and . Mockapetris, Domain names -concepts and facilities, RFC, vol.1034, 1987.

]. P. Moc87b and . Mockapetris, Domain names -implementation and specification, RFC, vol.1035, 1987.

N. Moore, Optimistic Duplicate Address Detection (DAD) for IPv6, RFC, vol.4429, 2006.
DOI : 10.17487/rfc4429

M. Myers and H. Tschofenig, Online Certificate Status Protocol (OCSP) Extensions to IKEv2, RFC, vol.4806, 2007.
DOI : 10.17487/rfc4806

R. Moskowitz, T. Tobiasheer, P. Jokela, and T. Henderson, Host Identity Protocol Version 2 (HIPv2) Internet-Draft draft-ietf-hip-rfc5201-bis-08, 2012.

M. [. Nordmark, E. Bagnulo, and . Levy-abegnoli, FCFS SAVI : First-Come First-Serve Source-Address Validation for Locally Assigned IPv6 Addresses, RFC, vol.6620, 2012.
DOI : 10.17487/rfc6620

T. Narten, R. Draves, and S. Krishnan, Privacy Extensions for Stateless Address Autoconfiguration in IPv6, RFC, vol.4941, 2007.

P. Nikander, J. Kempf, and E. Nordmark, IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC, vol.3756, 2004.
DOI : 10.17487/rfc3756

P. Nikander, J. Laganier, and F. Dupont, An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (ORCHID), RFC, vol.4843, 2007.
DOI : 10.17487/rfc4843

P. Nikander, J. Laganier, and F. Dupont, An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (ORCHID) Internet-Draft draft-ietf- hip-rfc4843-bis-01, 2011.

E. [. Narten, W. Nordmark, H. Simpson, and . Soliman, Neighbor Discovery for IP version 6 (IPv6), RFC, vol.4861, 2007.

R. [. Pereira and . Adams, The ESP CBC-Mode Cipher Algorithms, RFC, vol.2451, 1998.
DOI : 10.17487/rfc2451

C. Perkins, D. Johnson, and J. Arkko, Mobility Support in IPv6, RFC, vol.6275, 2011.

D. Plummer, Ethernet Address Resolution Protocol : Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware, 1982.
DOI : 10.17487/rfc0826

M. Richardson, A Method for Storing IPsec Keying Material in DNS, RFC, vol.4025, 2005.
DOI : 10.17487/rfc4025

R. Rivest, The MD5 Message-Digest Algorithm, RFC, vol.1321, 1992.
DOI : 10.17487/rfc1321

B. Y. Rekhter, D. Moskowitz, G. J. Karrenberg, E. De-groot, and . Lear, Address Allocation for Private Internets, 1918.

R. L. Rivest, A. Shamir, and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, pp.120-126, 1978.

P. Srisuresh and K. Egevang, Traditional IP Network Address Translator (Traditional NAT), RFC, vol.3022, 2001.
DOI : 10.17487/rfc3022

A. Shamir, Identity-Based Cryptosystems and Signature Schemes, Proceedings of CRYPTO 84 on Advances in cryptology, pp.47-53, 1985.
DOI : 10.1007/3-540-39568-7_5

B. Sarikaya, F. Xia, and G. Zaverucha, Lightweight Secure Neighbor Discovery for Low-power and LossyNetworks. Internet-Draft draft-sarikaya- 6lowpan-cgand-01, 2011.

M. [. Thaler, C. Talwar, and . Patel, Neighbor Discovery Proxies (ND Proxy), RFC, vol.4389, 2006.
DOI : 10.17487/rfc4389

]. J. Wbb-+-12, J. Wu, M. Bi, F. Bagnulo, C. Baker et al., Source Address Validation Improvement Framework. Internet-Draft draft-ietf-savi-framework-06, 2012.

N. Williams and M. Richardson, Better-Than-Nothing Security : An Unauthenticated Mode of IPsec, RFC, vol.5386, 2008.
DOI : 10.17487/rfc5386

F. Xia, S. Krishnan, W. Haddad, J. Combes, and C. Li, Distributing a Symmetric Neighbor Discovery Key Using SEND. Internet-Draft draft-xia- csi-symmetric-key-00, 2008.