cryptographically generated ipv6 addresses cga
play

Cryptographically Generated IPv6 Addresses (CGA) Basic idea: - PowerPoint PPT Presentation

Jul 23, 2023 •471 likes •541 views

Cryptographically Generated IPv6 Addresses (CGA) Basic idea: Interface Id = hash (Public Key) The public key is used to authenticate messages sent from the CGA address. Proof of address ownership without security infrastructure. Prior

  1. Cryptographically Generated IPv6 Addresses (CGA) ß Basic idea: Interface Id = hash (Public Key) The public key is used to authenticate messages sent from the CGA address. Ë Proof of address ownership without security infrastructure. ß Prior work: draft-roe-mobileip-updateauth, draft-montenegro-sucv, draft-nikander-ipng-pbk-addresses, draft-moskowitz-hip ß Covered by IPR 56th IETF, San Francisco draft-aura-cga-00 1

  2. Problems ß 64 bit limit for hash length Ë eventual failure because of Moore’s law Ë pre-computation attacks (2^64 memory) ß Detailed formats and algorithms missing ß Drafts incompatible with each other and with standard authentication protocols 56th IETF, San Francisco draft-aura-cga-00 2

  3. draft-aura-cga-00 ß Fully specified address formats and address- generation and verification algorithms ß The 64-bit limit effectively removed: ß security parameter (Sec) Ë cost of generating an address multiplied by 2 12*Sec Ë cost of attacks increased from ~2 62 to 2 59+12*Sec Ë cost of authentication remains constant ß CGA address indicated by g=1, u=1 (not essential but allows mixing of authenticated and unauthenticated nodes) 56th IETF, San Francisco draft-aura-cga-00 3

  4. CGA Address Format Hash1 = h (Public Key, Modifier, Routing Prefix, Collision Count) 59 hash Security bits ug=11 Parameter (Sec) 64 bits 3 bits Routing Prefix Interface Id 56th IETF, San Francisco draft-aura-cga-00 4

  5. CGA Address Format Hash1 = h (Public Key, Modifier, Routing Prefix, Collision Count) 59 hash Security bits ug=11 Parameter (Sec) 64 bits 3 bits Routing Prefix Interface Id Hash2 = h (Public Key, Modifier) New requirement: Modifier must be chosen so that Hash2 begins with 12*Sec zero bits. 56th IETF, San Francisco draft-aura-cga-00 5

  6. Two CGA Parameter Formats 1. Certificate format: ß Public key and parameters stored in a self-signed X.509 certificate _ Easy to use in certificate-based authentication protocols ß New certificate extension contains the parameters: Modifier, Routing Prefix, Collision Count 2. Optimized (short) format: Concatenation of the public key and parameters ß ß Public key + 29 bytes ß Verifier needs: signed message (e.g. NA), source IP address, and parameters in either format 56th IETF, San Francisco draft-aura-cga-00 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting

Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting

Introduction CGA for IPv6 CGA++ Analysis and Optimization of Cryptographically Generated Addresses (CGA) Revisiting Self-Certifying Address Generation and Verification Joppe Bos, Onur Ozen and Jean-Pierre Hubaux Ecole Polytechnique F

2.28k views • 44 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI

Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI

Observations of IPv6 Addresses David Malone <David.Malone@nuim.ie> Hamilton Institute, NUI Maynooth, Ireland. 28 April 2008 1 IPv6 Chat IPv6 talks mention NAT, CIDR and 2 128 addrs. NAT means you get more addresses. CIDR means

429 views • 23 slides
RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables

RPC / Network FSes 1 last time names and addresses IPv4, IPV6 addresses, routers tables DNS: hierarchical database POSIX socket API socket bind/listen/accept getaddrinfo 2 FTP protocol (simplifjed) 230 User logged in

1.67k views • 125 slides
Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp

Analyzing IPv6 address assignment practices Ramakrishna Padmanabhan, John Rula, Philipp Richter, Stephen Strowes, Alberto Dainotti Goal: Understand the stability of IPv6 addresses How long do devices retain their IPv6 addresses?

437 views • 20 slides
UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li , Dave Levin, and Neil Spring University of Maryland, College Park, MD { ramapad,zhihaoli,dml,nspring } @cs.umd.edu As the IPv6 Internet grows, alias

328 views • 12 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe

Entropy/IP: Uncovering Structure in IPv6 Addresses ACM IMC 2016, Santa Monica, USA Pawe Foremski, David Plonka, Arthur Berger 1 Whats Entropy/IP? A system that automatically learns structures in Internet addresses known to be active

802 views • 50 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6

IPv6 Ephemeral Addresses <draft-kitamura-ipv6-ephemeral-address-00.txt> Harmless IPv6 Address State Extension ( Uncertain State) <draft-kitamura-ipv6-uncertain-address-state-00.txt> Hiroshi KITAMURA NEC Corporation

544 views • 33 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.2121 / Fall-2006 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit hexadecimal integers separated with colons E.g.

471 views • 20 slides
Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain

Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain

IN2140: Introduction to Operating Systems and Data Communication Addressing in the TCP/IP model Layer 3 Addressing: IPv6 addresses CIDR: Classless InterDomain Routing Idea local decision for subdividing host share into network portion

181 views • 14 slides
Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG)

IETF 66th - AUTOCONF WG Montreal, July 2006 Automatic configuration of IPv6 addresses for MANET with multiple gateways (AMG) draft-ruffino-manet-autoconf-multigw-03 Simone Ruffino, Patrick Stupar

527 views • 14 slides
IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses

IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses

IPv6 IP Version 6 to the Rescue Effort started by the IETF in 1994 Much larger addresses (128 bits) Many sundry improvements Became an IETF standard in 1998 Nothing much happened for a decade Hampered by deployment issues,

504 views • 39 slides
At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are

At which IPv6 stage are you? Scared The address is too long! All my IP addresses are traceable! Angry It's a conspiriacy there is no IPv4 shortage! As long as I get an IPv4 address I don't care! Nobody is using it anyway! Confused

863 views • 48 slides
8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array

8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array

CSE 312, Winter 2011, W.L.Ruzzo 8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 insertion sort Array A[1]..A[n] Sorted for i = 1..n-1 { T = A[i] j j = i-1 compare i Unsorted while j >= 0 && T <

285 views • 17 slides
CS 101: Computer Programming and Utilization About These Slides Based on Chapter 14, 15 of

CS 101: Computer Programming and Utilization About These Slides Based on Chapter 14, 15 of

CS 101: Computer Programming and Utilization About These Slides Based on Chapter 14, 15 of the book An Introduction to Programming Through C++ by Abhiram Ranade (Tata McGraw Hill, 2014) Original slides by Abhiram Ranade First

891 views • 73 slides
Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce

Scalable preference disaggregation: A multiple criteria sorting approach based on the MapReduce framework Jiapeng Liu November 22, 2018 School of Management Xian Jiaotong University P.R. China 1 Introduction Multiple criteria sorting

622 views • 39 slides
CENG3420 Lab 1-3: Quick Sort Haoyu YANG Department of Computer Science and Engineering The

CENG3420 Lab 1-3: Quick Sort Haoyu YANG Department of Computer Science and Engineering The

CENG3420 Lab 1-3: Quick Sort Haoyu YANG Department of Computer Science and Engineering The Chinese University of Hong Kong hyyang@cse.cuhk.edu.hk Spring 2018 1 / 9 Last Time Array Definition .data a: .word 1 2 3 4 5} a is the address of

654 views • 9 slides
Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1

Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1

Format-String Vulnerability Instructor: Fengwei Zhang SUSTech CS 315 Computer Security 1 Outline Format String Access optional arguments How printf() works Format string attack How to exploit the vulnerability

617 views • 36 slides
Project 1: Bootloader COS 318 Fall 2014 Project 1 Schedule Design Review Tuesday, Sep 23

Project 1: Bootloader COS 318 Fall 2014 Project 1 Schedule Design Review Tuesday, Sep 23

Project 1: Bootloader COS 318 Fall 2014 Project 1 Schedule Design Review Tuesday, Sep 23 10-min time slots from 9:30am-2:20pm Due date: Sunday, 9/28, 11:59pm General Suggestions Read assembly_example.s in start code pkg

431 views • 19 slides
Outline Exploiting other vulnerabilities Return address protections CSci 5271 Introduction to

Outline Exploiting other vulnerabilities Return address protections CSci 5271 Introduction to

Outline Exploiting other vulnerabilities Return address protections CSci 5271 Introduction to Computer Security Announcements intermission Day 5: Low-level defenses and BCECHO demo counterattacks ASLR and counterattacks Stephen McCamant

528 views • 10 slides
ADDRESSING MODES AND PIPELINING Mahdi Nazm Bojnordi Assistant Professor School of Computing

ADDRESSING MODES AND PIPELINING Mahdi Nazm Bojnordi Assistant Professor School of Computing

ADDRESSING MODES AND PIPELINING Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 6810: Computer Architecture Overview Announcement Tonight: Homework 1 release (due on Sept. 4 th ) n Verify your

614 views • 22 slides

More recommend