Privacy is Not an Option: Attacking the IPv6 Privacy Extension

The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i.e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension's capability for protection by analyzing its algorithm for temporary address generation in detail. We develop an attack that is based on two insights and shows that the notion of protection is false: First, randomization is scarce and future identifiers can be predicted once the algorithm's internal state is known. Second, a victim's temporary addresses form a side channel and allow an adversary to synchronize to this internal state. Finally, we highlight mitigation strategies, and recommend a revision of the extension's specification.

[1]  Susan Landau,et al.  Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations , 2013, IEEE Security & Privacy.

[2]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[3]  Lily Chen,et al.  Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms , 2011, RFC.

[4]  Christoph Meinel,et al.  Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[5]  Marc Stevens,et al.  Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate , 2009, CRYPTO.

[6]  Fernando Gont A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC) , 2014, RFC.

[7]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[8]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[9]  Christoph Meinel,et al.  IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability , 2012, FPS.

[10]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2007, RFC.

[11]  Joseph G. Tront,et al.  IPv6: Nowhere to Run, Nowhere to Hide , 2011, 2011 44th Hawaii International Conference on System Sciences.

[12]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[13]  Edgar R. Weippl,et al.  IPv6 Security: Attacks and Countermeasures in a Nutshell , 2014, WOOT.

[14]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[15]  Joseph G. Tront,et al.  IPv6: Now You See Me, Now You Don't , 2011, ICON 2011.

[16]  Paul C. van Oorschot,et al.  Back to the Future: Revisiting IPv6 Privacy Extensions , 2011, login Usenix Mag..

[17]  Susan Landau,et al.  Highlights from Making Sense of Snowden, Part II: What's Significant in the NSA Revelations , 2014, IEEE Security & Privacy.