Cryptographically Generated Addresses (CGA)

Aura, Tuomas

doi:10.1007/10958513_3

Tuomas Aura⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2851))

Included in the following conference series:

International Conference on Information Security

805 Accesses
44 Citations
6 Altmetric

Abstract

Cryptographically generated addresses (CGA) are IPv6 addresses some address bits are generated by hashing the address owner’s public key. The address owner uses the corresponding private key to assert address ownership and to sign messages sent from the address without a PKI or other security infrastructure. This paper describes a generic CGA format that can be used in multiple applications. Our focus is on removing weaknesses of earlier proposals and on the ease of implementation. A major contribution of this paper is a hash extension technique that increases the effective hash length beyond the 64-bit limit of earlier proposals.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aura, T.: Mobile IPv6 security. In: Proc. Security Protocols, 10th International Workshop, Cambridge, UK, April 2002. Springer, Heidelberg (2002)
Google Scholar
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote trust-management system version 2. RFC 2704, IETF Network Working Group (September 1999)
Google Scholar
Castelluccia, C., Montenegro, G.: IPv6 opportunistic encryption. Technical Report 4568, INRIA (October 2002)
Google Scholar
Eastlake, D.: Domain name system security extensions. RFC 2535, IETF Network Working Group (March 1999)
Google Scholar
Ellison, C., Franz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylönen, T.: SPKI certificate theory. RFC 2693, IETF Network Working Group (September 1999)
Google Scholar
Hinden, R.M., Deering, S.E.: IP version 6 addressing architecture. RFC 2373, IETF Network Working Group (July 1998)
Google Scholar
Housley, R., Ford, W., Polk, T., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 3280, IETF Network Working Group (April 2002)
Google Scholar
Johnson, D.B., Perkins, C., Arkko, J.: Mobility support in IPv6. Internet-Draft draft-ietf-mobileip-ipv6-24.txt, IETF Mobile IP Working Group, Work in progress (June 2003)
Google Scholar
Karn, P., Simpson, W.A.: Photuris: session-key management protocol. RFC 2522, IETF Network Working Group (March 1999)
Google Scholar
Mazierès, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. Operating Systems Review 34(5), 124–139 (1999)
Google Scholar
Montenegro, G., Castelluccia, C.: Statistically unique and cryptographically verifiable identifiers and addresses. In: Proc. ISOC Symposium on Network and Distributed System Security (NDSS 2002), San Diego (February 2002)
Google Scholar
Moskowitz, R.: Host identity payload and protocol. Internet-Draft draft-ietf-moskowitz-hip-05.txt (October 2001) (work in progress)
Google Scholar
Narten, T., Draves, R.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 3041, IETF Network Working Group (January 2001)
Google Scholar
Narten, T., Nordmark, E., Simpson, W.A.: Neighbor discovery for IP version 6 (IPv6). RFC 2461, IETF Network Working Group (December 1998)
Google Scholar
Nikander, P.: A scaleable architecture for IPv6 address ownership. Internet-draft (March 2001) (work in Progress)
Google Scholar
Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi-homing in a HIP way. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2003), San Diego, CA, USA, pp. 87–99 (February 2003)
Google Scholar
Okazaki, S., Desai, A., Gentry, C., Kempf, J., Silverberg, A., Yin, Y.L.: Securing MIPv6 binding updates using address based keys (ABKs). Internet-Draft draft-okazaki-mobileip-abk-01.txt (October 2002) (work in progress)
Google Scholar
O’Shea, G., Roe, M.: Child-proof authentication for MIPv6 (CAM). ACM Computer Communications Review 31(2) (April 2001)
Google Scholar
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Chapter Google Scholar
Thomson, S., Narten, T.: IPv6 stateless address autoconfiguration. RFC 2462, IETF Network Working Group (December 1998)
Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Research, Roger Needham Building, 7 JJ Thomson Avenue, Cambridge, CB3 0FB, UK
Tuomas Aura

Authors

Tuomas Aura
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia
Colin Boyd
Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8QZ, Bristol, UK
Wenbo Mao

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Aura, T. (2003). Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_3

Download citation

DOI: https://doi.org/10.1007/10958513_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics