Cryptographically Generated Addresses (CGA)

Aura, Tuomas

doi:10.17487/rfc3972

Cited by 280 publications

(147 citation statements)

References 6 publications

Supporting

Mentioning

146

Contrasting

Unclassified

Order By: Relevance

“…Similarly to the last presented approach, Cryptographically Generated Addresses (CGA) [60,61,62] do not aim at providing a security policy for security gateways. However, in contrast to BTNS, they increase the protection against active attackers by simplifying certification and making it applicable for each end-device to automatically configure and verify security policies.…”

Section: Cryptographically Generated Addressesmentioning

confidence: 99%

A survey on automatic configuration of virtual private networks

Rossberg

Schaefer

2011

Computer Networks

View full text Add to dashboard Cite

Virtual private networks (VPN) offer a secure data exchange over public networks. Despite being cheaper than leased lines, growing sizes and dynamic behavior of VPN nodes, e.g., for mobility or reasons of denial-of-service-attacks, make a manual configuration of large, dynamic VPN expensive.Consequently, a number of different VPN auto-configuration approaches have been invented and partially deployed over the last decade. This article identifies a comprehensive set of objectives to be fulfilled by IP-based VPN auto-configuration, explains and groups mechanisms, and analyzes their strengths and weaknesses with regards to the objectives. Finally, it identifies potential future directions of autonomous VPN deployment.

show abstract

Section: Cryptographically Generated Addressesmentioning

confidence: 99%

A survey on automatic configuration of virtual private networks

Rossberg

Schaefer

2011

Computer Networks

View full text Add to dashboard Cite

show abstract

“…The first option proposed by [36] to solve this issue is to use Cryptographically Generated Addresses (CGAs) [6]. This method relies on the use of a signature to prove that all signed addresses have been generated by the same entity.…”

Section: Securing Locator Setsmentioning

confidence: 99%

“…For a given public/private key pair, the private key is used to sign the locator set, while the public key is hashed so as to generate the 64 low order bits of the ULID. The length of the hash is artificially extended (see [6]) so that the actual hash length is not 64 bits, but instead 59 + 16 ⁄ sec bits (where sec is a tunable parameter). Consequently, the security is dependent on an attacker not being able to find a hash collision with a self-generated public key.…”

Section: Securing Locator Setsmentioning

confidence: 99%

Implementation and evaluation of the Shim6 protocol in the Linux kernel

Barré

Ronan

Bonaventure

2011

Computer Communications

View full text Add to dashboard Cite

a b s t r a c tIn the changing landscape of the todays Internet, several solutions are under investigation to allow efficient, flexible and scalable multihoming. One of the proposals is shim6, a host-based multihoming solution based on the use of multiple IPv6 addresses on each host. In this work, we first describe the main features of this protocol, then we explain our implementation of shim6, along with the associated security mechanisms in the Linux kernel and, finally, we evaluate its performance. In particular, we analyse the performance impact of the security mechanisms used by shim6 and the impact of shim6 on the performance of end-host systems, especially heavily loaded servers. We conclude by discussing the remaining open issues for a widespread deployment of host-based multihoming techniques such as shim6.

show abstract

“…Mechanisms based on cryptography and addresses generated cryptographically have been proposed to avoid identity theft [15,16], but these solutions suffer from the high computational cost of performing asymmetric key operations, cost that can be intolerable in scenarios such as a server with a large number of requests per second. So the adoption of an alternative mechanism that guarantees the link between a set of locators with an identity without incurring in large computational costs is proposed.…”

Section: Security Features Of the Protocolmentioning

confidence: 99%

“…Because all these reasons we consider that in the short term, HIP is an inferior solution than the one presented in this paper. In order to overcome the limitations presented by the HIP solution concerning the support for referral and callback applications, it is possible to adopt a middle-ground scheme where the identifiers are also valid locators and they carry a hash of a public key in the lower 64 bits, as in Cryptographic Generated Addresses [16]. Such approach would provide a similar support than the presented approach with respect to applications, but it would still impose the workload required by public key cryptography.…”

Section: Related Workmentioning

confidence: 99%

An incremental approach to IPv6 multihoming

Bagnulo

García-Martínez

Azcorra

et al. 2006

Computer Communications

View full text Add to dashboard Cite

The availability of two or more connectivity providers (configuration known as multihoming) allows improvements in failure tolerance and enables traffic engineering capabilities. Current IPv4 multihoming solutions suffer from scalability limitations. In this article we present a solution that allow IPv6 networks to benefit from multihoming, taking advantage from the fact that each provider delegates its own set of addresses. The proposed solution consists in multiple mechanisms that provide different benefits to the multihomed site. More precisely, the solution includes a mechanism for the provision of ingress filtering compatibility, a mechanism for establishing new communications after an outage, a set of tools for traffic engineering and a protocol for preserving established communications through outages. In addition we propose a roadmap for the incremental deployment of the set of mechanisms included in the solution based on the trade-off between deployment effort required by each mechanism and the benefits obtained by the involved party. q

show abstract

Cryptographically Generated Addresses (CGA)

Cited by 280 publications

References 6 publications

A survey on automatic configuration of virtual private networks

A survey on automatic configuration of virtual private networks

Implementation and evaluation of the Shim6 protocol in the Linux kernel

An incremental approach to IPv6 multihoming

Contact Info

Product

Resources

About