Revisiting Self-Certifying Address Generation and Verification
نویسندگان
چکیده
In several networks there is need for the nodes to be able to generate their own address and verify the ones from others without relying on a global trusted authority. One popular technique to solve this problem is using self-certifying addresses, which allows hosts and domains to prove that they have the address they claim to have without relying on any global trusted authority. The notion of a self-certifying name is straightforward: the name of the object is the public-key (or, for convenience the hash of the public-key) that corresponds to that object. Self-certifying addresses are widely used and standardized. CGA (Cryptographically Generated Addresses) for IPv6 (Internet Protocol version 6), HIP (Host Identity Protocol) and AIP (Accountable Internet Protocol) can be given as well known examples. However, in this project, our main target is CGA for IPv6 as it can be used in practice without introducing additional networking layers. Self-certifying addresses lead to a number of attacks where an attacker can forge addresses. Unfortunately, the standards do not give concrete analysis of the security properties of the underlying cryptologic primitives. In this project, we analyze these security properties and formalize different attack models on CGA for IPv6 that can occur in practice. Moreover, a new alternative protocol to CGA is proposed under the name CGA++. This new protocol eliminates global time-memory trade-off attacks, makes it resistant against replay attacks by introducing authentication with the help of signatures inside the verification process and significantly increases the security when no hash extensions are used. In many ways, CGA++ can be used in practice for future development of IPv6.
منابع مشابه
Vigilante: End-to-End Containment of Internet Worms
Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work has proposed network-level techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. The authors propose Vigilante, a new end-to-end approach to contain worms automatically that...
متن کاملA An Abstract Model of Certificate Translation
A certificate is a mathematical object that establishes the validity of a logical formula and that is self-contained, self-explanatory, and can be checked independently and automatically. Certificates arise naturally in many areas of mathematics, and in many different forms. In particular, certificates are common in the context of program verification, where they are used for automatic checking...
متن کاملSecure Self-Certified COTS
With the advent and the rising popularity of networks, Internet, intranets and distributed systems, security is becoming one of the major concerns in IT research. An increasing number of approaches have been proposed to ensure the safety and security of programs. Among those approaches, certified code seems to be the most promising. Unfortunately, as of today, most of the research on certified ...
متن کاملCertified Self-Modifying Code
Self-modifying code (SMC), in this paper, broadly refers to any program that purposely loads, generates, or mutates code at runtime. It is widely used in many of the world’s critical software systems to support runtime code generation and optimization, dynamic loading and linking, OS kernel boot-loading, just-in-time compilation, binary translation, virtual machine monitor, or dynamic code encr...
متن کاملA Framework for the Automatic Formal Verification of Refinement from Cogent to C
Our language Cogent simplifies verification of systems software using a certifying compiler, which produces a proof that the generated C code is a refinement of the original Cogent program. Despite the fact that Cogent itself contains a number of refinement layers, the semantic gap between even the lowest level of Cogent semantics and the generated C code remains large. In this paper we close t...
متن کامل