IPv6 Address Obfuscation by Intermediate Middlebox in Coordination with Connected Devices

Privacy is a major concern on the current Internet, but transport mechanisms like IPv4 and more specifically IPv6 do not offer the necessary protection to users. However, the IPv6 address size allows designing privacy mechanisms impossible in IPv4. Nevertheless existing solutions like Privacy Extensions [20] are not optimal, still only one address is in use for several communications over time. And it does not offer control of the network by the administrator (end devices use randomly generated addresses). Our IPv6 privacy proposal uses ephemeral addresses outside the trusted network but stable addresses inside the local network, allowing the control of the local network security by the administrator. Our solution is based on new opportunities of IPv6: a large address space and a new flow label field. In combination with Cryptographically Generated Addresses, we can provide protection against spoofing on the local network and enhanced privacy for Internet communication.

[1]  Janne Lindqvist,et al.  IPv6 is Bad for Your Privacy , 2007 .

[2]  Anil Rijsinghani,et al.  Computation of the Internet Checksum via Incremental Update , 1994, RFC.

[3]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[4]  W. Marsden I and J , 2012 .

[5]  Fred Baker,et al.  IPv6-to-IPv6 Network Prefix Translation , 2011, RFC.

[6]  Tony Hain,et al.  Architectural Implications of NAT , 2000, RFC.

[7]  Cullen Jennings,et al.  Network Address Translation (NAT) Behavioral Requirements for Unicast UDP , 2007, RFC.

[8]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[9]  Matt Thomas,et al.  Advanced Sockets Application Program Interface (API) for IPv6 , 2003, RFC.

[10]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[11]  Matt Holdrege,et al.  IP Network Address Translator (NAT) Terminology and Considerations , 1999, RFC.

[12]  Brian E. Carpenter,et al.  Rationale for Update to the IPv6 Flow Label Specification , 2011, RFC.

[13]  Saikat Guha,et al.  RFC 5382: NAT Behavioral Requirements for TCP , 2008 .

[14]  Saikat Guha,et al.  NAT Behavioral Requirements for TCP , 2009, RFC.

[15]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[16]  Brian E. Carpenter,et al.  Survey of Proposed Use Cases for the IPv6 Flow Label , 2011, RFC.

[17]  Stephen E. Deering,et al.  IP Version 6 Addressing Architecture , 1995, RFC.

[18]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[19]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[20]  Christoph Meinel,et al.  Stopping time condition for practical IPv6 Cryptographically Generated Addresses , 2012, The International Conference on Information Network 2012.

[21]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.