Project: Comparing CGA security to SSAS security

Team: Prof. Dr. Christoph Meinel, Hosnieh Rafiee

Research institution: Hasso-Plattner-Institut Potsdam

Abstract: Recently security and privacy have become important issues in IPv6 networks. Nodes thus want to change their IP addresses frequently in order to prevent other nodes within the network from being able to track them. This helps nodes prevent privacy related attacks. The current security solution in IPv6 stateless autoconfiguration makes use of the Secure Neighbor Discovery Protocol (SeND) where the use of Cryptographically Generated Addresses (CGA) is a very important option in this protocol. It allows for proof of address ownership by finding a binding between the node’s public key and its IP address. The current problem with using CGA is that it is compute intensive when a sec value higher than 0 is used. This makes it difficult to secure nodes with the use of SeND, especially when resources are limited.

Because the security of CGA is dependent on one SHA function and the other key generation algorithms in play here mostly use RSA, we proposed the direct use of a public key in the IP address generation and we called this proposal a Simple Secure Addressing Scheme for IPv6 Autoconfiguration (SSAS). When this process is used the steps required for verification and generation of an IP address is decreased. Many security experts have asked the question as to whether or not this proposal can guarantee the same or more security than does CGA. Therefore, in order to prove the robustness of the security of SSAS and to improve the SSAS algorithm, we need the ability to crack RSA and the other Hash functions in order to find the best solution for their use in SSAS. To do this we will need the use of multicore CPUs which will allow us to run parallel, brute force attacks against these security algorithms. We would like to use Future soc Lab as a testing environment to prove our proposals.

Last modified 8 years ago Last modified on Apr 13, 2013 11:09:39 AM