Privacy Extensions for Stateless Address Autoconfiguration in IPv6

Nodes use IPv6 stateless address autoconfiguration to generate addresses without the necessity of a Dynamic Host Configuration Protocol (DHCP) server. Addresses are formed by combining network prefixes with an interface identifier. On interfaces that contain embedded IEEE Identifiers, the interface identifier is typically derived from it. On other interface types, the interface identifier is generated through other means, for example, via random number generation. This document describes an extension to IPv6 stateless address autoconfiguration for interfaces whose interface identifier is derived from an IEEE identifier. Use of the extension causes nodes to generate global-scope addresses from interface identifiers that change over time, even in cases where the interface contains an embedded IEEE identifier. Changing the interface identifier (and the global-scope addresses generated from it) over time makes it more difficult for eavesdroppers and other information collectors to identify when different addresses used in different transactions actually correspond to the same node.

[1]  Thomas Narten,et al.  Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[2]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[3]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[4]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[5]  Thomas Narten,et al.  IPv6 Stateless Address Autoconfiguration , 1996, RFC.

[6]  Ralph Droms,et al.  Dynamic host configuration protocol for IPv6 , 2003 .

[7]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[8]  Keith Moore,et al.  Privacy Considerations for the Use of Hardware Serial Numbers in End-to-End Network Protocols , 1999 .

[9]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[10]  Paul F. Syverson,et al.  Proxies for anonymous routing , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[11]  Lixia Zhang,et al.  Separating Identifiers and Locators in Addresses: An Analysis of the GSE Proposal for IPv6 , 1999 .

[12]  David M. Kristol,et al.  HTTP State Management Mechanism , 2000, RFC.

[13]  Donald E. Eastlake,et al.  Randomness Recommendations for Security , 1994, RFC.

[14]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[15]  David B. Johnson,et al.  Reserved IPv6 Subnet Anycast Addresses , 1999, RFC.

[16]  Yakov Rekhter,et al.  Dynamic Updates in the Domain Name System (DNS UPDATE) , 1997, RFC.