IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability

AlSa’deh, Ahmad; Rafiee, Hosnieh; Meinel, Christoph

doi:10.1007/978-3-642-37119-6_10

Ahmad AlSa’deh²⁰,
Hosnieh Rafiee²⁰ &
Christoph Meinel²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7743))

Included in the following conference series:

International Symposium on Foundations and Practice of Security

1307 Accesses
7 Citations

Abstract

Included in the IPv6 suite is a method for devices to automatically configure their own addresses in a secure manner. This technique is called Cryptographically Generated Addresses (CGAs). CGA provides the ownership proof necessary for an IPv6 address without relying on any trust authority. However, the CGA’s computation is very high, especially for a high security level defined by the security parameter (Sec). Therefore, the high cost of address generation may keep hosts that use a high Sec values from changing their addresses on a frequent basis. This results in hosts still being susceptible to privacy related attacks. This paper proposes modifications to the standard CGA to make it more applicable security approach while protecting user privacy. We make CGA more privacy-conscious by changing addresses over time which protects users from being tracked. We propose to reduce the CGA granularity of the security level from 16 to 8. We believe that an 8 granularity is more feasible for use in most applications and scenarios. These extensions to the standard CGA are implemented and evaluated.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor Discovery for IP version 6 (IPv6). RFC 4861, Internet Engineering Task Force (September 2007)
Google Scholar
Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862, Internet Engineering Task Force (September 2007)
Google Scholar
Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941, Internet Engineering Task Force (September 2007)
Google Scholar
Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and Threats. RFC 3756 (Informational), Internet Engineering Task Force (May 2004)
Google Scholar
Arkko, J. (ed.), Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND). RFC 3971, Internet Engineering Task Force (March 2005)
Google Scholar
Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, Internet Engineering Task Force, updated by RFCs 4581, 4982 (March 2005)
Google Scholar
Groat, S., Dunlop, M., Marchany, R., Tront, J.: The privacy implications of stateless IPv6 addressing. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW 2010, pp. 52:1–52:4. ACM, New York (2010)
Google Scholar
Bos, J.W., Özen, O., Hubaux, J.-P.: Analysis and Optimization of Cryptographically Generated Addresses. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 17–32. Springer, Heidelberg (2009)
Chapter Google Scholar
Alsa’deh, A., Rafiee, H., Meinel, C.: Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses. In: 2012 International Conference on Information Networking (ICOIN), pp. 257–262 (2012)
Google Scholar
Rafiee, H., Alsa’deh, A., Meinel, C.: Multicore-based Auto-scaling SEcure Neighbor Discovery for Windows Operating Systems. In: 2012 International Conference on Information Networking (ICOIN), pp. 269–274 (2012)
Google Scholar
Rafiee, H., AlSa’deh, A., Meinel, C.: WinSEND: Windows SEcure Neighbor Discovery. In: 4th International Conference on Security of Information and Networks (SIN 2011), Sydney, Australia, November 14-19, pp. 243–246. ACM (2011)
Google Scholar

Download references

Author information

Authors and Affiliations

Hasso-Plattner-Institute at University of Potsdam, Potsdam, Germany
Ahmad AlSa’deh, Hosnieh Rafiee & Christoph Meinel

Authors

Ahmad AlSa’deh
View author publications
You can also search for this author in PubMed Google Scholar
Hosnieh Rafiee
View author publications
You can also search for this author in PubMed Google Scholar
Christoph Meinel
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

TELECOM SudParis, 9 rue Charles Fourier, 91011, Evry, CEDEX, France
Joaquin Garcia-Alfaro
TELECOM Bretagne, 2 rue de la Châtaigneraie, 35512, Cesson Sévigné, CEDEX, France
Frédéric Cuppens & Nora Cuppens-Boulahia &
Ryerson University, 245 Church Street, M5B 2K3, Toronto, ON, Canada
Ali Miri
Université Laval, 1065 avenue de la médecine, G1V 0A6, Quebec, Canada
Nadia Tawbi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

AlSa’deh, A., Rafiee, H., Meinel, C. (2013). IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds) Foundations and Practice of Security. FPS 2012. Lecture Notes in Computer Science, vol 7743. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37119-6_10

Download citation

DOI: https://doi.org/10.1007/978-3-642-37119-6_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37118-9
Online ISBN: 978-3-642-37119-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics