Abstract
A number of approaches to the automatic generation of IPv6 addresses have been proposed with the goal of preserving the privacy of IPv6 hosts. However, existing schemes for address autoconfiguration do not adequately consider the full context in which they might be implemented, in particular the impact of low quality random number generation. This can have a fundamental impact on the privacy property of unlinkability, one of the design goals of a number of IPv6 address autoconfiguration schemes. In this paper, the potential shortcomings of previously proposed approaches to address autoconfiguration are analysed in detail, focussing on what happens when the assumption of strong randomness does not hold. Practical improvements are introduced, designed to address the identified issues by making the random generation requirements more explicit, and by incorporating measures into the schemes designed to ensure adequate randomness is used.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
One possible issue with using this as a source of randomness in this context is that address updates may occur at fixed times, e.g. at the same time every day. If this is the case then the number of bits of randomness obtained is likely to be significantly reduced.
References
Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 4941, Internet Engineering Task Force (2007)
Hinden, R., Deering, S.: IP version 6 addressing architecture. RFC 4291, Internet Engineering Task Force (2006)
Thomson, S., Narten, T., Jinmei, T.: IPv6 stateless address autoconfiguration. RFC 4862, Internet Engineering Task Force (2007)
Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic host configuration protocol for IPv6 (DHCPv6). RFC 3315, Internet Engineering Task Force (2003)
Gont, F.: A method for generating semantically opaque interface identifiers with IPv6 Stateless address autoconfiguration (SLAAC). Internet Engineering Task Force, Internet draft-ietf-6man-stable-privacy-addresses-17 (2014)
Cooper, A., Gont, F., Thaler, D.: Privacy considerations for IPv6 address generation mechanisms. Internet Engineering Task Force, Internet draft-ietf-6man-ipv6-address-generation-privacy-01 (2014)
Rivest, R.L.: The MD5 message-digest algorithm. RFC 1321, Internet Engineering Task Force (1992)
Broersma, R.: IPv6 everywhere: living with a fully IPv6-enabled environment. Presentation at the Australian IPv6 Summit 2010, Melbourne, Australia (2010)
International Organization for Standardization Genève, Switzerland: ISO/IEC 10118–3, Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. 3rd edn. (2004)
Rafiee, H., Meinel, C.: Privacy and security in IPv6 networks: challenges and possible solutions. In: Elci, A., Gaur, M.S., Orgun, M.A., Makarevich, O.B. (eds.) The 6th International Conference on Security of Information and Networks, SIN 2013, 26–28 November 2013, Aksaray, Turkey, pp. 218–224. ACM (2013)
AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 stateless address autoconfiguration: balancing between security, privacy and usability. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 149–161. Springer, Heidelberg (2013)
Rafiee, H., Meinel, C.: SSAS: a simple secure addressing scheme for IPv6 autoconfiguration. In: Castella-Roca, J., Domingo-Ferrer, J., Garcia-Alfaro, J., Ghorbani, A.A., Jensen, C.D., Manjon, J.A., Onut, I.V., Stakhanova, N., Torra, V., Zhang, J. (eds.) Eleventh Annual International Conference on Privacy, Security and Trust, PST 2013, 10–12 July 2013, Tarragona, Catalonia, Spain, pp. 275–282. IEEE (2013)
Aura, T.: Cryptographically generated addresses (CGA). RFC 3972, Internet Engineering Task Force (2005)
Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security. RFC 4086, Internet Engineering Task Force (2005)
Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Cryptology ePrint Archive: Report 2012/62 (2012)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack (2012). arXiv:1209.2531 [cs.CY]
Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20–23 May 2007, Oakland, California, USA, pp. 335–349. IEEE Computer Society Press, Los Alamitos (2007)
Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In: Yu, T., Danezis, G., Gligor, V.D., (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 50–61. ACM (2012)
Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 38–49. ACM (2012)
International Organization for Standardization Genève, Switzerland: ISO/IEC 18031:2011, Information technology – Security techniques – Encryption algorithms – Random bit generation. 2nd edn. (2011)
Gallery, E.: An overview of trusted computing technology. In: Mitchell, C.J. (ed.) Trusted Computing, pp. 29–114. IEE Press, London (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kayuni, M.N., Khan, M.S.A., Li, W., Mitchell, C.J., Yau, PW. (2015). Generating Unlinkable IPv6 Addresses. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-27152-1_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27151-4
Online ISBN: 978-3-319-27152-1
eBook Packages: Computer ScienceComputer Science (R0)