Abstract
The need for nodes to be able to generate their own address and verify those from others, without relying on a global trusted authority, is a well-known problem in networking. One popular technique for solving this problem is to use self-certifying addresses that are widely used and standardized; a prime example is cryptographically generated addresses (CGA). We re-investigate the attack models that can occur in practice and analyze the security of CGA-like schemes. As a result, an alternative protocol to CGA, called CGA++, is presented. This protocol eliminates several attacks applicable to CGA and increases the overall security. In many ways, CGA++ offers a nice alternative to CGA and can be used notably for future developments of the Internet Protocol version 6.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)
Aura, T., Roe, M.: Strengthening Short Hash Values, http://research.microsoft.com/en-us/um/people/tuomaura/misc/aura-roe-submission.pdf
Arkko, J., Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND). RFC 3971, IETF (March 2005), http://www.ietf.org/rfc/rfc3971.txt
Nordmark, E., Bagnulo, M.: Multihoming L3 Shim Approach (July 2005), http://tools.ietf.org/html/draft-nordmark-multi6dt-shim-00.txt
Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. RFC 3775, IETF (June 2004), http://www.ietf.org/rfc/rfc3775.txt
O’Shea, G., Roe, M.: Child-proof Authentication for MIPv6 (CAM). Computer Communication Review 31(2), 4–8 (2001)
Nikander, P.: A Scalable Architecture for IPv6 Address Ownership, Internet Draft (2001)
Montenegro, G., Castelluccia, C.: Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses. In: NDSS, The Internet Society (2002)
Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005), http://www.ietf.org/rfc/rfc3972.txt
Hinden, R., Deering, S.: Internet Protocol Version 6 Addressing Architecture. RFC 4291, IETF (February 2006), http://www.ietf.org/rfc/rfc4291.txt
Hinden, R., Deering, S., Nordmark, E.: IPv6 Global Unicast Address Format. RFC 3587, IETF (August 2003), http://www.ietf.org/rfc/rfc3587.txt
National Institute of Standards and Technology: Secure hash standard. FIPS 180-1, NIST (April 1995)
Bagnulo, M., Arkko, J.: Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs). RFC 4982, IETF (July 2007), http://www.ietf.org/rfc/rfc4982.txt
OpenSSL: The Open Source Toolkit for SSL/TLS (2008), http://www.openssl.org/
Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems, http://bench.cr.yp.to (accessed January 7, 2009)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 42–111 (February 1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bos, J.W., Özen, O., Hubaux, JP. (2009). Analysis and Optimization of Cryptographically Generated Addresses. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-04474-8_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04473-1
Online ISBN: 978-3-642-04474-8
eBook Packages: Computer ScienceComputer Science (R0)