Generation of IPv6 addresses based on one-to-many reversible mapping using AES

The proliferation of enterprise wireless network raises the security concern in any organization despite the unarguable benefits it brings about. At the same time, the initiative to migrate from IPv4 (Internet Protocol version four) to IPv6 (Internet Protocol version six) is gaining momentum across the globe to resolve the IP address depletion problem as well as reaping the benefit of it. This research proposes a new scheme to manage IPv6 addresses in an enterprise wireless local area network (WLAN) which may be incorporated into DHCPv6 (Dynamic Host Configuration Protocol for IPv6) software. In this scheme each user is assigned a dynamic IPv6 address that is generated cryptographically. Each time a user tries to access the network, different IPv6 address will be given which is generated using CFB (Cipher Feedback) mode of AES (Advanced Encryption Standard) algorithm, whereby there is a one-to-many reversible mapping between user and IPv6 addresses. In this way, it is possible for the network administrator to identify users in real time from their IPv6 address although a user’s IP address regularly changed. Dynamically changing IP address will impede an external network adversary’s effort to track user’s online behavior, thus enhancing privacy.

[1]  Jonathan Wood,et al.  IP Address Authorization for Secure Address Proxying Using Multi-key CGAs and Ring Signatures , 2006, IWSEC.

[2]  Thomas Narten,et al.  Privacy Extensions for Stateless Address Autoconfiguration in IPv6 , 2001, RFC.

[3]  H. K. Bizaki,et al.  On the vulnerability of Simplified AES Algorithm Against Linear Cryptanalysis , 2007 .

[4]  Masakatsu Nishigaki,et al.  Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings , 2011, IWSEC.

[5]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[6]  Mohammad Umar Siddiqi,et al.  IPv6 Multi Generated Address for Enterprise Wireless Local Area Network , 2008 .

[7]  John Amoss,et al.  Handbook of IPv4 to IPv6 Transition: Methodologies for Institutional and Corporate Networks , 2007 .

[8]  P. Metzger,et al.  Network Working Group , 2000 .

[9]  Jari Arkko Applying Cryptographically Generated Addresses and Credit-Based Authorization to Mobile IPv6 , 2006 .

[10]  Edward F. Schaefer,et al.  A SIMPLIFIED AES ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES , 2003, Cryptologia.

[11]  M. U. Siddiqi,et al.  Generation of cryptographic one-to-many mapping IPv6 address using S-AES , 2010, Proceeding of the 3rd International Conference on Information and Communication Technology for the Moslem World (ICT4M) 2010.

[12]  Marcelo Bagnulo,et al.  Support for Multiple Hash Algorithms in Cryptographically Generated Addresses (CGAs) , 2007, RFC.

[13]  Michael Roe,et al.  Child-proof authentication for MIPv6 (CAM) , 2001, CCRV.