cryptographically generated ipv6 addresses cga
play

Cryptographically Generated IPv6 Addresses (CGA) Basic idea: - PowerPoint PPT Presentation

Jul 23, 2023 •471 likes •541 views

Cryptographically Generated IPv6 Addresses (CGA) Basic idea: Interface Id = hash (Public Key) The public key is used to authenticate messages sent from the CGA address. Proof of address ownership without security infrastructure. Prior

  1. Cryptographically Generated IPv6 Addresses (CGA) ß Basic idea: Interface Id = hash (Public Key) The public key is used to authenticate messages sent from the CGA address. Ë Proof of address ownership without security infrastructure. ß Prior work: draft-roe-mobileip-updateauth, draft-montenegro-sucv, draft-nikander-ipng-pbk-addresses, draft-moskowitz-hip ß Covered by IPR 56th IETF, San Francisco draft-aura-cga-00 1

  2. Problems ß 64 bit limit for hash length Ë eventual failure because of Moore’s law Ë pre-computation attacks (2^64 memory) ß Detailed formats and algorithms missing ß Drafts incompatible with each other and with standard authentication protocols 56th IETF, San Francisco draft-aura-cga-00 2

  3. draft-aura-cga-00 ß Fully specified address formats and address- generation and verification algorithms ß The 64-bit limit effectively removed: ß security parameter (Sec) Ë cost of generating an address multiplied by 2 12*Sec Ë cost of attacks increased from ~2 62 to 2 59+12*Sec Ë cost of authentication remains constant ß CGA address indicated by g=1, u=1 (not essential but allows mixing of authenticated and unauthenticated nodes) 56th IETF, San Francisco draft-aura-cga-00 3

  4. CGA Address Format Hash1 = h (Public Key, Modifier, Routing Prefix, Collision Count) 59 hash Security bits ug=11 Parameter (Sec) 64 bits 3 bits Routing Prefix Interface Id 56th IETF, San Francisco draft-aura-cga-00 4

  5. CGA Address Format Hash1 = h (Public Key, Modifier, Routing Prefix, Collision Count) 59 hash Security bits ug=11 Parameter (Sec) 64 bits 3 bits Routing Prefix Interface Id Hash2 = h (Public Key, Modifier) New requirement: Modifier must be chosen so that Hash2 begins with 12*Sec zero bits. 56th IETF, San Francisco draft-aura-cga-00 5

  6. Two CGA Parameter Formats 1. Certificate format: ß Public key and parameters stored in a self-signed X.509 certificate _ Easy to use in certificate-based authentication protocols ß New certificate extension contains the parameters: Modifier, Routing Prefix, Collision Count 2. Optimized (short) format: Concatenation of the public key and parameters ß ß Public key + 29 bytes ß Verifier needs: signed message (e.g. NA), source IP address, and parameters in either format 56th IETF, San Francisco draft-aura-cga-00 6

Recommend

Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting

Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting

Introduction CGA for IPv6 CGA++ Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting Self-Certifying Address Generation and Verification Joppe Bos, Onur Ozen and Jean-Pierre Hubaux Ecole Polytechnique F

2.28k views • 44 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI

Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI

Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI Maynooth, Ireland. 28 April 2008 1 IPv6 Chat IPv6 talks mention NAT, CIDR and 2 128 addrs. NAT means you get more addresses. CIDR means

429 views • 23 slides
RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables DNS: hierarchical database POSIX socket API socket bind/listen/accept getaddrinfo 2 FTP protocol (simplifjed) 230 User logged in

1.67k views • 125 slides
Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp Richter, Stephen Strowes, Alberto Dainotti Goal: Understand the stability of IPv6 addresses How long do devices retain their IPv6 addresses?

437 views • 20 slides
UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li , Dave Levin, and Neil Spring University of Maryland, College Park, MD { ramapad,zhihaoli,dml,nspring } @cs.umd.edu As the IPv6 Internet grows, alias

328 views • 12 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe Foremski, David Plonka, Arthur Berger 1 Whats Entropy/IP? A system that automatically learns structures in Internet addresses known to be active

802 views • 50 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6 Address State Extension ( Uncertain State) <draft-kitamura-ipv6-uncertain-address-state-00.txt> Hiroshi KITAMURA NEC Corporation

544 views • 33 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit hexadecimal integers separated with colons E.g.

471 views • 20 slides
Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain

Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain

IN2140: Introduction to Operating Systems and Data Communication Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain Routing Idea local decision for subdividing host share into network portion

181 views • 14 slides
Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

IETF 66th - AUTOCONF WG Montreal, July 2006 Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG) draft-ruffino-manet-autoconf-multigw-03 Simone Ruffino, Patrick Stupar

527 views • 14 slides
IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses

IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses

IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses (128 bits) Many sundry improvements Became an IETF standard in 1998 Nothing much happened for a decade Hampered by deployment issues,

504 views • 39 slides
At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are traceable! Angry It's a conspiriacy there is no IPv4 shortage! As long as I get an IPv4 address I don't care! Nobody is using it anyway! Confused

863 views • 48 slides
RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address

RouterLab LabCourse SoSe 2016 Worksheet 3: Access Networks with DHCP and IPv6 Stateless Address Auto Configuration Prof. Anja Feldmann, Philipp S. Tiesel, Thorben Krger, Apoorv Shukla IPv6 Scoped Address Architecture IPv6 addresses have

679 views • 19 slides
IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan, Inc. / KAME Project Keiichi SHIMA <keiichi@iij.ad.jp> Contents Why do we use IPv6? IPv6 Addresses Link-layer address resolution

1.55k views • 116 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
IPv6 on Linux servers Dan Pri(s 16 August 2013 Why

IPv6 on Linux servers Dan Pri(s 16 August 2013 Why

IPv6 on Linux servers Dan Pri(s 16 August 2013 Why IPv6? 7 Billion people 4 Billion IPv4 addresses (2 32 )

607 views • 42 slides
Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA <keiichi@iijlab.net> IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides

More recommend