IPv6 Stateless Address Autoconfiguration: Balancing Between Security, Privacy and Usability

Ahmad Alsa'deh, Hosnieh Rafiee and Christoph Meinel (University of Potsdam, Germany)

Included in the IPv6 suite is a method for devices to automatically configure their own addresses in a secure manner. This technique is called Cryptographically Generated Addresses (CGAs). CGA provides the ownership proof necessary for an IPv6 address without relying on any trust authority. However, the CGA computation is very high, especially for a high security level defined by the security parameter (Sec). Therefore, the high cost of ad-dress generation may keep hosts that use a high Sec value from frequently changing their addresses. Consequently, the result is that hosts using CGAs are still susceptible to privacy related attacks. This paper proposes some modifica-tions to the standard CGA in order to make it more usable and configurable security approach while protecting the users' privacy. We make CGA more privacy-conscious by changing the addresses over time to protect users from being tracked. We propose to reduce the CGA granularity of the security level from 16 to 8. We believe that the granularity 8 is more reasonable for most applica-tions and scenarios. We implement and evaluate these extensions to the stand-ard CGA.

FPS 2012 Program