IPv6 Cryptographically Generated Address: Analysis, Optimization and Protection

Amjed Ahmed; Rosilah Hassan; Faizan Qamar; Mazhar Malik

doi:10.32604/cmc.2021.014233

Table of Content

Open Access

ARTICLE

IPv6 Cryptographically Generated Address: Analysis, Optimization and Protection

Amjed Sid Ahmed^1,*, Rosilah Hassan², Faizan Qamar³, Mazhar Malik¹
1 Department of Computing and Information Technology, Global College of Engineering and Technology, Ruwi, 112, Sultanate of Oman
2 Faculty of Information Science and Technology, Center for Cyber Security, Universiti Kebangsaan Malaysia, Bangi, 43600, Malaysia
3 Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, 43600, Bangi, Malaysia
* Corresponding Author: Amjed Sid Ahmed. Email:

Computers, Materials & Continua 2021, 68(1), 247-265. https://doi.org/10.32604/cmc.2021.014233

Received 08 September 2020; Accepted 24 November 2020; Issue published 22 March 2021

Abstract

In networking, one major difficulty that nodes suffer from is the need for their addresses to be generated and verified without relying on a third party or public authorized servers. To resolve this issue, the use of self-certifying addresses have become a highly popular and standardized method, of which Cryptographically Generated Addresses (CGA) is a prime example. CGA was primarily designed to deter the theft of IPv6 addresses by binding the generated address to a public key to prove address ownership. Even though the CGA technique is highly effective, this method is still subject to several vulnerabilities with respect to security, in addition to certain limitations in its performance. In this study, the authors present an intensive systematic review of the literature to explore the technical specifications of CGA, its challenges, and existing proposals to enhance the protocol. Given that CGA generation is a time-consuming process, this limitation has hampered the application of CGA in mobile environments where nodes have limited energy and storage. Fulfilling Hash2 conditions in CGA is the heaviest and most time-consuming part of SEND. To improve the performance of CGA, we replaced the Secure Hash Algorithm (SHA1) with the Message Digest (MD5) hash function. Furthermore, this study also analyzes the possible methods through which a CGA could be attacked. In conducting this analysis, Denial-of-Service (DoS) attacks were identified as the main method of attack toward the CGA verification process, which compromise and threaten the privacy of CGA. Therefore, we propose some modifications to the CGA standard verification algorithm to mitigate DoS attacks and to make CGA more security conscious.

Keywords

IPv6; GCA; SEND; DoS attacks; RSA; SHA-1

Cite This Article

A. Sid Ahmed, R. Hassan, F. Qamar and M. Malik, "Ipv6 cryptographically generated address: analysis, optimization and protection," Computers, Materials & Continua, vol. 68, no.1, pp. 247–265, 2021.

This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.