Skip to main content
SpringerLink
Log in

Privacy is Not an Option: Attacking the IPv6 Privacy Extension

  • Conference paper
  • First Online:
Research in Attacks, Intrusions, and Defenses (RAID 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9404))

Included in the following conference series:

Abstract

The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i.e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension’s capability for protection by analyzing its algorithm for temporary address generation in detail. We develop an attack that is based on two insights and shows that the notion of protection is false: First, randomization is scarce and future identifiers can be predicted once the algorithm’s internal state is known. Second, a victim’s temporary addresses form a side channel and allow an adversary to synchronize to this internal state. Finally, we highlight mitigation strategies, and recommend a revision of the extension’s specification.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Technically speaking the MAC remains stable over the NIC’s lifetime, but we suppose that personal computers, laptops, tablets and mobiles keep their NIC over their whole lifetime.

  2. 2.

    Although the T days do not necessarily have to be successive, we claim so here for better readability. In case days are missing, e.g., due to weekends, one simply has to consider these gaps when calculating the current state.

  3. 3.

    The comparison is done on 63 different bits (0–5 and 7–63); bit 6 is always set to zero in temporary addresses, see Sect. 2.

  4. 4.

    p is the portion of candidates that can be excluded per iteration.

  5. 5.

    The candidate set \(C_0\) does not have to be stored as it contains all \(2^{64}\) possible values.

  6. 6.

    Kernel 3.16.0, /net/ipv6/addrconf.c, line 1898.

References

  1. Landau, S.: Making sense from snowden: what’s significant in the NSA surveillance relevations. IEEE Secur. Priv. Mag. 4, 54–63 (2013)

    Article  Google Scholar 

  2. Landau, S.: Making sense from snowden, part II: what’s significant in the NSA surveillance relevations. IEEE Secur. Priv. Mag. 1, 62–64 (2014)

    Article  Google Scholar 

  3. Leber, J.: Amazon Woos Advertisers with What It Knows about Consumers, January 2013. http://www.technologyreview.com/news/509471/amazon-woos-advertisers-with-what-it-knows-about-consumers/

  4. Blue, V.: Facebook turns user tracking ‘bug’ into data mining ‘feature’ for advertisers, June 2014. http://www.technologyreview.com/news/509471/amazon-woos-advertisers-with-what-it-knows-about-consumers/

  5. Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., Smith, R.: Privacy Considerations for Internet Protocols, RFC 6973, July 2013

    Google Scholar 

  6. Hinden, R., Deering, S.: IP Version 6 Addressing Architecture, RFC 4291, February 2006

    Google Scholar 

  7. Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, RFC 4941, September 2007

    Google Scholar 

  8. Ullrich, J., Krombholz, K., Hobel, H., Dabrowski, A., Weippl, E.: IPv6 security: attacks and countermeasures in a nutshell. In: USENIX Workshop on Offensive Technologies (WOOT). USENIX Association, San Diego, CA, August 2014. https://www.usenix.org/conference/woot14/workshop-program/presentation/ullrich

  9. Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration, RFC 4862, September 2007

    Google Scholar 

  10. Gont, F.: A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC), RFC 7217, April 2014

    Google Scholar 

  11. Aura, T.: Cryptographically Generated Addresses (CGA), RFC 3972, March 2005

    Google Scholar 

  12. Arkko, J., Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND), RFC 3971, March 2005

    Google Scholar 

  13. Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor Discovery for IP version 6 (IPv6), RFC 4861, September 2007

    Google Scholar 

  14. Dunlop, M., Groat, S., Marchany, R., Tront, J.: IPv6: now you see me, now you don’t’. In: International Conference on Networks (ICN), pp. 18–23 (2011)

    Google Scholar 

  15. Groat, S., Dunlop, M., Marchany, R., Tront, J.: IPv6: nowhere to run, nowhere to hide. In: Hawaii International Conference on System Sciences (HICSS) (2011)

    Google Scholar 

  16. Alsadeh, A., Rafiee, H., Meinel, C.: Cryptographically generated addresses (CGAs): possible attacks and proposed mitigation approaches. In: IEEE International Conference on Computer and Information Technology (CIT) (2012)

    Google Scholar 

  17. AlSadeh, A., Rafiee, H., Meinel, C.: IPv6 stateless address autoconfiguration: balancing between security, privacy and usability. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 149–161. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Barrera, D., Wurster, G., Van Oorschot, P.C.: Back to the future: revisiting IPv6 privacy extensions. USENIX Mag. 36(1), 16–26 (2011). LOGIN

    Google Scholar 

  19. Turner, S., Chen, L.: Updated Security Consideration for the MD5 Message-Digest and the HMAC-MD5 Algorithms, RFC 6151, March 2011

    Google Scholar 

  20. Gosney, J.M.: Password cracking HPC. In: Passwords Security Conference (2012)

    Google Scholar 

  21. Heuse, M.: Thc-ipv6 toolkit v2.7, April 2015. https://www.thc.org/thc-ipv6/

  22. TechNet: IPv6 Addressing (Tech Ref), April 2011. https://technet.microsoft.com/en-us/library/dd392266(v=ws.10).aspx

  23. Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 55–69. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. eBASH (ECRYPT Benchmarking of All Submitted Hashes), March 2015. http://bench.cr.yp.to/results-hash.html

Download references

Acknowledgments

The authors thank Peter Wurzinger, Dimitris E. Simos, Georg Merzdovnik and Adrian Dabrowski for many fruitful discussions. This research was funded by P 842485 and COMET K1, both FFG - Austrian Research Promotion Agency.

Author information

Authors and Affiliations

  1. SBA Research, Vienna, Austria

    Johanna Ullrich & Edgar Weippl

Authors
  1. Johanna Ullrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johanna Ullrich .

Editor information

Editors and Affiliations

  1. Vrije Universiteit Amsterdam, Amsterdam, Noord-Holland, The Netherlands

    Herbert Bos

  2. University of North Carolina at Chapel H, Chapel-Hill, USA

    Fabian Monrose

  3. Université Paris-Saclay, Evry, France

    Gregory Blanc

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ullrich, J., Weippl, E. (2015). Privacy is Not an Option: Attacking the IPv6 Privacy Extension. In: Bos, H., Monrose, F., Blanc, G. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2015. Lecture Notes in Computer Science(), vol 9404. Springer, Cham. https://doi.org/10.1007/978-3-319-26362-5_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26362-5_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26361-8

  • Online ISBN: 978-3-319-26362-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation