Skip to main content
SpringerLink
Log in
Book cover

International Conference on Research in Security Standardisation

SSR 2015: Security Standardisation Research pp 185–199Cite as

Generating Unlinkable IPv6 Addresses

  • Conference paper
  • First Online:

  • 613 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9497))

Abstract

A number of approaches to the automatic generation of IPv6 addresses have been proposed with the goal of preserving the privacy of IPv6 hosts. However, existing schemes for address autoconfiguration do not adequately consider the full context in which they might be implemented, in particular the impact of low quality random number generation. This can have a fundamental impact on the privacy property of unlinkability, one of the design goals of a number of IPv6 address autoconfiguration schemes. In this paper, the potential shortcomings of previously proposed approaches to address autoconfiguration are analysed in detail, focussing on what happens when the assumption of strong randomness does not hold. Practical improvements are introduced, designed to address the identified issues by making the random generation requirements more explicit, and by incorporating measures into the schemes designed to ensure adequate randomness is used.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    One possible issue with using this as a source of randomness in this context is that address updates may occur at fixed times, e.g. at the same time every day. If this is the case then the number of bits of randomness obtained is likely to be significantly reduced.

References

  1. Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 4941, Internet Engineering Task Force (2007)

    Google Scholar 

  2. Hinden, R., Deering, S.: IP version 6 addressing architecture. RFC 4291, Internet Engineering Task Force (2006)

    Google Scholar 

  3. Thomson, S., Narten, T., Jinmei, T.: IPv6 stateless address autoconfiguration. RFC 4862, Internet Engineering Task Force (2007)

    Google Scholar 

  4. Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic host configuration protocol for IPv6 (DHCPv6). RFC 3315, Internet Engineering Task Force (2003)

    Google Scholar 

  5. Gont, F.: A method for generating semantically opaque interface identifiers with IPv6 Stateless address autoconfiguration (SLAAC). Internet Engineering Task Force, Internet draft-ietf-6man-stable-privacy-addresses-17 (2014)

    Google Scholar 

  6. Cooper, A., Gont, F., Thaler, D.: Privacy considerations for IPv6 address generation mechanisms. Internet Engineering Task Force, Internet draft-ietf-6man-ipv6-address-generation-privacy-01 (2014)

    Google Scholar 

  7. Rivest, R.L.: The MD5 message-digest algorithm. RFC 1321, Internet Engineering Task Force (1992)

    Google Scholar 

  8. Broersma, R.: IPv6 everywhere: living with a fully IPv6-enabled environment. Presentation at the Australian IPv6 Summit 2010, Melbourne, Australia (2010)

    Google Scholar 

  9. International Organization for Standardization Genève, Switzerland: ISO/IEC 10118–3, Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. 3rd edn. (2004)

    Google Scholar 

  10. Rafiee, H., Meinel, C.: Privacy and security in IPv6 networks: challenges and possible solutions. In: Elci, A., Gaur, M.S., Orgun, M.A., Makarevich, O.B. (eds.) The 6th International Conference on Security of Information and Networks, SIN 2013, 26–28 November 2013, Aksaray, Turkey, pp. 218–224. ACM (2013)

    Google Scholar 

  11. AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 stateless address autoconfiguration: balancing between security, privacy and usability. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 149–161. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  12. Rafiee, H., Meinel, C.: SSAS: a simple secure addressing scheme for IPv6 autoconfiguration. In: Castella-Roca, J., Domingo-Ferrer, J., Garcia-Alfaro, J., Ghorbani, A.A., Jensen, C.D., Manjon, J.A., Onut, I.V., Stakhanova, N., Torra, V., Zhang, J. (eds.) Eleventh Annual International Conference on Privacy, Security and Trust, PST 2013, 10–12 July 2013, Tarragona, Catalonia, Spain, pp. 275–282. IEEE (2013)

    Google Scholar 

  13. Aura, T.: Cryptographically generated addresses (CGA). RFC 3972, Internet Engineering Task Force (2005)

    Google Scholar 

  14. Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security. RFC 4086, Internet Engineering Task Force (2005)

    Google Scholar 

  15. Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Cryptology ePrint Archive: Report 2012/62 (2012)

    Google Scholar 

  16. Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack (2012). arXiv:1209.2531 [cs.CY]

  17. Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20–23 May 2007, Oakland, California, USA, pp. 335–349. IEEE Computer Society Press, Los Alamitos (2007)

    Google Scholar 

  18. Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In: Yu, T., Danezis, G., Gligor, V.D., (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 50–61. ACM (2012)

    Google Scholar 

  19. Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 38–49. ACM (2012)

    Google Scholar 

  20. International Organization for Standardization Genève, Switzerland: ISO/IEC 18031:2011, Information technology – Security techniques – Encryption algorithms – Random bit generation. 2nd edn. (2011)

    Google Scholar 

  21. Gallery, E.: An overview of trusted computing technology. In: Mitchell, C.J. (ed.) Trusted Computing, pp. 29–114. IEE Press, London (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, UK

    Mwawi Nyirenda Kayuni, Mohammed Shafiul Alam Khan, Wanpeng Li, Chris J. Mitchell & Po-Wah Yau

Authors
  1. Mwawi Nyirenda Kayuni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Shafiul Alam Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wanpeng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chris J. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Po-Wah Yau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chris J. Mitchell .

Editor information

Editors and Affiliations

  1. Hewlett Packard Laboratories, Bristol, United Kingdom

    Liqun Chen

  2. NICT, Tokyo, Japan

    Shin'ichiro Matsuo

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Kayuni, M.N., Khan, M.S.A., Li, W., Mitchell, C.J., Yau, PW. (2015). Generating Unlinkable IPv6 Addresses. In: Chen, L., Matsuo, S. (eds) Security Standardisation Research. SSR 2015. Lecture Notes in Computer Science(), vol 9497. Springer, Cham. https://doi.org/10.1007/978-3-319-27152-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27152-1_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27151-4

  • Online ISBN: 978-3-319-27152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation