Analysis and Optimization of Cryptographically Generated Addresses
نویسندگان
چکیده
The need for nodes to be able to generate their own address and verify those from others, without relying on a global trusted authority, is a well-known problem in networking. One popular technique for solving this problem is to use self-certifying addresses that are widely used and standardized; a prime example is cryptographically generated addresses (CGA). We re-investigate the attack models that can occur in practice and analyze the security of CGA-like schemes. As a result, an alternative protocol to CGA, called CGA++, is presented. This protocol eliminates several attacks applicable to CGA and increases the overall security. In many ways, CGA++ offers a nice alternative to CGA and can be used notably for future developments of the Internet Protocol version 6.
منابع مشابه
Security Extensions to MMARP Through Cryptographically Generated Addresses
The MMARP protocol provides multicast routing in hybrid environments in which an ad hoc network is connected to the Internet. As many other routing protocols it was initially designed without taking into account security concerns. In this paper we propose some extensions to protect the protocol against spoofing and forging attacks. Our solution, based on cryptographically generated addresses an...
متن کاملNetwork Working Group 7.1. Verification That a Particular Hba Address Corresponds to a given Cga Parameter Data Structure .......11 7.2. Verification That a Particular Hba Address Belongs to the Hba Set Associated with a given Cga Parameter Data
This memo describes a mechanism to provide a secure binding between the multiple addresses with different prefixes available to a host within a multihomed site. This mechanism employs either Cryptographically Generated Addresses (CGAs) or a new variant of the same theme that uses the same format in the addresses. The main idea in the new variant is that information about the multiple prefixes i...
متن کاملRfc 5535 Hba
This memo describes a mechanism to provide a secure binding between the multiple addresses with different prefixes available to a host within a multihomed site. This mechanism employs either Cryptographically Generated Addresses (CGAs) or a new variant of the same theme that uses the same format in the addresses. The main idea in the new variant is that information about the multiple prefixes i...
متن کاملAuthoCast - a mobility-compliant protocol framework for multicast sender authentication
Mobility is considered a key technology of the next generation Internet and has been standardized within the IETF. Rapidly emerging multimedia group applications such as IPTV, massive mutliplayer games (MMORPGs) and video conferencing increase the demand for mobile group communication, but a standard design of mobile multicast is still awaited. The open problem poses significant operational and...
متن کاملCryptographically Generated Addresses (CGAs): A survey and an analysis of performance for use in mobile environment
CGAs are cryptographically generated IPv6 addresses and are one of the most novel features introduced in IPv6. They have the promising potential of being the basis of authentication mechanisms for Mobile IPv6 because they do not require hosts to share information or security infrastructure. A mobile environment however has several resource constraints that must be considered before any mechanis...
متن کامل