Analysis and Optimization of Cryptographically Generated Addresses

  • Joppe W. Bos
  • Onur Özen
  • Jean-Pierre Hubaux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5735)


The need for nodes to be able to generate their own address and verify those from others, without relying on a global trusted authority, is a well-known problem in networking. One popular technique for solving this problem is to use self-certifying addresses that are widely used and standardized; a prime example is cryptographically generated addresses (CGA). We re-investigate the attack models that can occur in practice and analyze the security of CGA-like schemes. As a result, an alternative protocol to CGA, called CGA++, is presented. This protocol eliminates several attacks applicable to CGA and increases the overall security. In many ways, CGA++ offers a nice alternative to CGA and can be used notably for future developments of the Internet Protocol version 6.


Mobile Node Hash Function IPv6 Address Cryptographic Hash Function Hash Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aura, T.: Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 29–43. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Arkko, J., Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND). RFC 3971, IETF (March 2005),
  4. 4.
    Nordmark, E., Bagnulo, M.: Multihoming L3 Shim Approach (July 2005),
  5. 5.
    Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. RFC 3775, IETF (June 2004),
  6. 6.
    O’Shea, G., Roe, M.: Child-proof Authentication for MIPv6 (CAM). Computer Communication Review 31(2), 4–8 (2001)CrossRefGoogle Scholar
  7. 7.
    Nikander, P.: A Scalable Architecture for IPv6 Address Ownership, Internet Draft (2001)Google Scholar
  8. 8.
    Montenegro, G., Castelluccia, C.: Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses. In: NDSS, The Internet Society (2002)Google Scholar
  9. 9.
    Aura, T.: Cryptographically Generated Addresses (CGA). RFC 3972, IETF (March 2005),
  10. 10.
    Hinden, R., Deering, S.: Internet Protocol Version 6 Addressing Architecture. RFC 4291, IETF (February 2006),
  11. 11.
    Hinden, R., Deering, S., Nordmark, E.: IPv6 Global Unicast Address Format. RFC 3587, IETF (August 2003),
  12. 12.
    National Institute of Standards and Technology: Secure hash standard. FIPS 180-1, NIST (April 1995)Google Scholar
  13. 13.
    Bagnulo, M., Arkko, J.: Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs). RFC 4982, IETF (July 2007),
  14. 14.
    OpenSSL: The Open Source Toolkit for SSL/TLS (2008),
  15. 15.
    Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT Benchmarking of Cryptographic Systems, (accessed January 7, 2009)
  16. 16.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 42–111 (February 1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Joppe W. Bos
    • 1
  • Onur Özen
    • 1
  • Jean-Pierre Hubaux
    • 2
  1. 1.EPFL IC IIF LACALLausanneSwitzerland
  2. 2.EPFL IC ISC LCA1LausanneSwitzerland

Personalised recommendations