论文信息 - Efficient security for IPv6 multihoming

Efficient security for IPv6 multihoming

In this note, we propose a security mechanism for protecting IPv6 networks from possible abuses caused by the malicious usage of a multihoming protocol. In the presented approach, each multihomed node is assigned multiple prefixes from its upstream providers, and it creates the interface identifier part of its addresses by incorporating a cryptographic one-way hash of the available prefix set. The result is that the addresses of each multihomed node form an unalterable set of intrinsically bound IPv6 addresses. This allows any node that is communicating with the multihomed node to securely verify that all the alternative addresses proposed through the multihoming protocol are associated to the address used for establishing the communication. The verification process is extremely efficient because it only involves hash operations.

Marcelo Bagnulo | Arturo Azcorra | Alberto García-Martínez

[1] Erik Nordmark. Strong Identity Multihoming using 128 bit Identifiers (SIM/CBID128) , 2003 .

[2] Mischa Schwartz,et al. ACM SIGCOMM computer communication review , 2001, CCRV.

[3] Pekka Nikander,et al. SEcure Neighbor Discovery (SEND) , 2005, RFC.

[4] Geoff Huston. Architectural Approaches to Multi-homing for IPv6 , 2005, RFC.

[5] Thomas Narten,et al. Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[6] Michael Roe,et al. Child-proof authentication for MIPv6 (CAM) , 2001, CCRV.

[7] Donald E. Eastlake,et al. Randomness Recommendations for Security , 1994, RFC.

[8] Erik Nordmark,et al. Threats Relating to IPv6 Multihoming Solutions , 2005, RFC.

[9] Stephen E. Deering,et al. IP Version 6 Addressing Architecture , 1995, RFC.

[10] Jon Postel,et al. Internet Protocol , 1981, RFC.

[11] Tuomas Aura,et al. Cryptographically Generated Addresses (CGA) , 2005, ISC.

[12] Pekka Nikander,et al. End-Host Mobility and Multi-Homing with Host Identity Protocol , 2004 .

[13] Stephen E. Deering,et al. Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[14] Marcelo Bagnulo,et al. Multihoming L3 Shim Approach , 2005 .

[15] Pekka Nikander,et al. Mobile IP Version 6 Route Optimization Security Design Background , 2005, RFC.