Stopping time condition for practical IPv6 Cryptographically Generated Addresses

Cryptographically Generated Addresses (CGA) are employed as an authentication mechanism in IPv6 network to realize the proof of address ownership without relying on any trust authority. The security parameter (Sec) indicates the security level of the CGA address. For Sec value greater than zero, the...

Full description

Saved in:
Bibliographic Details
Main Authors: Alsa'deh, A., Rafiee, H., Meinel, C.
Format: Conference Proceeding
Language:English
Subjects:
Central Processing Unit
CGA performance
Data structures
Generators
IPv6 security
Mobile communication
Public key
SEcure Neighbor Discovery
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cryptographically Generated Addresses (CGA) are employed as an authentication mechanism in IPv6 network to realize the proof of address ownership without relying on any trust authority. The security parameter (Sec) indicates the security level of the CGA address. For Sec value greater than zero, there is no guarantee to stop the brute-force search after certain time. The address generator tries different values of Modifier until (16×Sec)-leftmost-bit of the second hash (Hash2) computes to zero. This paper proposes some modifications to the standard CGA "RFC 3972" in order to limit the time that CGA generation may takes. The modified CGA generation algorithm takes the upper bound of CGA running time as an input and the Sec value is determined as an output of the brute-force computations. The modified CGA keeps track of the best founded Hash2 value during the running time. The paper also proposes to reduce the granularity of the security level from "16" to "8", to increase the chance to have better Sec value within the time limit. We called the modified CGA as Time-Based CGA (TB-CGA). The implementation and evaluation of TB-CGA are done in this paper.
ISSN:1550-445X
2332-5658
DOI:10.1109/ICOIN.2012.6164388