Privacy Extensions for Stateless Address Autoconfiguration in IPv6

Nodes use IPv6 stateless address autoconfiguration to generate addresses without the necessity of a Dynamic Host Configuration Protocol (DHCP) server. Addresses are formed by combining network prefixes with an interface identifier. On interfaces that contain embedded IEEE Identifiers, the interface identifier is typically derived from it. On other interface types, the interface identifier is generated through other means, for example, via random number generation. This document describes an extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodes to generate global-scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier. Changing the interface identifier (and the global-scope addresses generated from it) over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node.

[1]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[2]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[3]  Thomas Narten,et al.  IPv6 Stateless Address Autoconfiguration , 1996, RFC.

[4]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[5]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[6]  Suresh Krishnan,et al.  Reserved IPv6 Interface Identifiers , 2009, RFC.

[7]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[8]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[9]  Donald E. Eastlake,et al.  Randomness Recommendations for Security , 1994, RFC.

[10]  Keith Moore,et al.  Privacy Considerations for the Use of Hardware Serial Numbers in End-to-End Network Protocols , 1999 .

[11]  Ralph E. Droms,et al.  Dynamic Host Configuration Protocol , 1993, RFC.

[12]  Lixia Zhang,et al.  Separating Identifiers and Locators in Addresses: An Analysis of the GSE Proposal for IPv6 , 1999 .

[13]  Paul F. Syverson,et al.  Proxies for anonymous routing , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[14]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[15]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[16]  Donald E. Eastlake,et al.  Randomness Requirements for Security , 2005, RFC.

[17]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[18]  Robert M. Hinden,et al.  Unique Local IPv6 Unicast Addresses , 2005, RFC.

[19]  Yakov Rekhter,et al.  Dynamic Updates in the Domain Name System (DNS UPDATE) , 1997, RFC.

[20]  Erik Nordmark,et al.  Ipv6 Socket Api for Source Address Selection , 2007 .