International Conference on Research in Security Standardisation

Security Standardisation Research pp 185-199 | Cite as

Generating Unlinkable IPv6 Addresses

  • Mwawi Nyirenda Kayuni
  • Mohammed Shafiul Alam Khan
  • Wanpeng Li
  • Chris J. Mitchell
  • Po-Wah Yau
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)

Abstract

A number of approaches to the automatic generation of IPv6 addresses have been proposed with the goal of preserving the privacy of IPv6 hosts. However, existing schemes for address autoconfiguration do not adequately consider the full context in which they might be implemented, in particular the impact of low quality random number generation. This can have a fundamental impact on the privacy property of unlinkability, one of the design goals of a number of IPv6 address autoconfiguration schemes. In this paper, the potential shortcomings of previously proposed approaches to address autoconfiguration are analysed in detail, focussing on what happens when the assumption of strong randomness does not hold. Practical improvements are introduced, designed to address the identified issues by making the random generation requirements more explicit, and by incorporating measures into the schemes designed to ensure adequate randomness is used.

References

  1. 1.
    Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 4941, Internet Engineering Task Force (2007)Google Scholar
  2. 2.
    Hinden, R., Deering, S.: IP version 6 addressing architecture. RFC 4291, Internet Engineering Task Force (2006)Google Scholar
  3. 3.
    Thomson, S., Narten, T., Jinmei, T.: IPv6 stateless address autoconfiguration. RFC 4862, Internet Engineering Task Force (2007)Google Scholar
  4. 4.
    Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic host configuration protocol for IPv6 (DHCPv6). RFC 3315, Internet Engineering Task Force (2003)Google Scholar
  5. 5.
    Gont, F.: A method for generating semantically opaque interface identifiers with IPv6 Stateless address autoconfiguration (SLAAC). Internet Engineering Task Force, Internet draft-ietf-6man-stable-privacy-addresses-17 (2014)Google Scholar
  6. 6.
    Cooper, A., Gont, F., Thaler, D.: Privacy considerations for IPv6 address generation mechanisms. Internet Engineering Task Force, Internet draft-ietf-6man-ipv6-address-generation-privacy-01 (2014)Google Scholar
  7. 7.
    Rivest, R.L.: The MD5 message-digest algorithm. RFC 1321, Internet Engineering Task Force (1992)Google Scholar
  8. 8.
    Broersma, R.: IPv6 everywhere: living with a fully IPv6-enabled environment. Presentation at the Australian IPv6 Summit 2010, Melbourne, Australia (2010)Google Scholar
  9. 9.
    International Organization for Standardization Genève, Switzerland: ISO/IEC 10118–3, Information technology – Security techniques – Hash-functions – Part 3: Dedicated hash-functions. 3rd edn. (2004)Google Scholar
  10. 10.
    Rafiee, H., Meinel, C.: Privacy and security in IPv6 networks: challenges and possible solutions. In: Elci, A., Gaur, M.S., Orgun, M.A., Makarevich, O.B. (eds.) The 6th International Conference on Security of Information and Networks, SIN 2013, 26–28 November 2013, Aksaray, Turkey, pp. 218–224. ACM (2013)Google Scholar
  11. 11.
    AlSa’deh, A., Rafiee, H., Meinel, C.: IPv6 stateless address autoconfiguration: balancing between security, privacy and usability. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 149–161. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Rafiee, H., Meinel, C.: SSAS: a simple secure addressing scheme for IPv6 autoconfiguration. In: Castella-Roca, J., Domingo-Ferrer, J., Garcia-Alfaro, J., Ghorbani, A.A., Jensen, C.D., Manjon, J.A., Onut, I.V., Stakhanova, N., Torra, V., Zhang, J. (eds.) Eleventh Annual International Conference on Privacy, Security and Trust, PST 2013, 10–12 July 2013, Tarragona, Catalonia, Spain, pp. 275–282. IEEE (2013)Google Scholar
  13. 13.
    Aura, T.: Cryptographically generated addresses (CGA). RFC 3972, Internet Engineering Task Force (2005)Google Scholar
  14. 14.
    Eastlake, D., Schiller, J., Crocker, S.: Randomness requirements for security. RFC 4086, Internet Engineering Task Force (2005)Google Scholar
  15. 15.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, Whit is right. Cryptology ePrint Archive: Report 2012/62 (2012)Google Scholar
  16. 16.
    Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and Skim: cloning EMV cards with the pre-play attack (2012). arXiv:1209.2531 [cs.CY]
  17. 17.
    Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption-only configurations. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20–23 May 2007, Oakland, California, USA, pp. 335–349. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  18. 18.
    Fahl, S., Harbach, M., Muders, T., Smith, M., Baumgärtner, L., Freisleben, B.: Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In: Yu, T., Danezis, G., Gligor, V.D., (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 50–61. ACM (2012)Google Scholar
  19. 19.
    Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM Conference on Computer and Communications Security, CCS 2012, 16–18 October 2012, Raleigh, NC, USA, pp. 38–49. ACM (2012)Google Scholar
  20. 20.
    International Organization for Standardization Genève, Switzerland: ISO/IEC 18031:2011, Information technology – Security techniques – Encryption algorithms – Random bit generation. 2nd edn. (2011)Google Scholar
  21. 21.
    Gallery, E.: An overview of trusted computing technology. In: Mitchell, C.J. (ed.) Trusted Computing, pp. 29–114. IEE Press, London (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Mwawi Nyirenda Kayuni
    • 1
  • Mohammed Shafiul Alam Khan
    • 1
  • Wanpeng Li
    • 1
  • Chris J. Mitchell
    • 1
  • Po-Wah Yau
    • 1
  1. 1.Information Security Group, Royal Holloway, University of LondonEghamUK

Personalised recommendations