Cryptographically Generated Addresses (CGA)

Aura, Tuomas

doi:10.1007/10958513_3

Cited by 179 publications

(175 citation statements)

References 13 publications

Supporting

Mentioning

174

Contrasting

Order By: Relevance

“…Although 46 bits of entropy may be enough to provide privacy in such cases, 59 or more bits of entropy would be needed if addresses are used to provide security against attacks such as spoofing, as CGAs [RFC3972] and HBAs [RFC5535] do, since attacks are not limited by ICMP rate limiting but by the processing power of the attacker. See those RFCs for more discussion.…”

Section: Amount Of Entropy Needed In Global Addressesmentioning

confidence: 99%

Privacy Considerations for IPv6 Adaptation-Layer Mechanisms

Thaler¹

2017

View full text Add to dashboard Cite

show abstract

Section: Amount Of Entropy Needed In Global Addressesmentioning

confidence: 99%

Privacy Considerations for IPv6 Adaptation-Layer Mechanisms

Thaler¹

2017

View full text Add to dashboard Cite

show abstract

“…o CGA: The Cryptographically Generated Address format [RFC3972] is heavily based on a /64 interface identifier. [RFC3972] has defined a detailed algorithm showing how to generate a 64-bit interface identifier from a public key and a 64-bit subnet prefix.…”

Section: Interaction With Ipv6 Specificationsmentioning

confidence: 99%

“…[RFC3972] has defined a detailed algorithm showing how to generate a 64-bit interface identifier from a public key and a 64-bit subnet prefix. Changing the /64 boundary would certainly invalidate the current CGA definition.…”

Section: Interaction With Ipv6 Specificationsmentioning

confidence: 99%

Analysis of the 64-bit Boundary in IPv6 Addressing

Carpenter¹,

Chown²,

Gont³

et al. 2015

View full text Add to dashboard Cite

“…In [2], T. Aura proposed how that one could use a public key to generate the interface identifier (ID) portion for the IPv6 address. He calls these addresses Cryptographically Generated Addresses (CGAs).…”

Section: Related Workmentioning

confidence: 99%

IPv6 Host Address Usage Survey

Hu¹,

Brownlee²

2014

IJFCC

View full text Add to dashboard Cite

Abstract-It is tempting to assume that for IPv6, with its 64-bit Interface IDs (IIDs), some existing address scanning attacks have become infeasible. RFC 5157 suggests how Interface IDs could be allocated so as to minimize a site's vulnerability to address scans, essentially by using IIDs consisting of a pseudorandom sequence of 1s and 0s. In this paper, we investigate how network administrators are actually allocating their Interface IDs. We have developed and carried out a survey of various IPv6 addresses from 50 countries. We find that few network administrators are using RFC 5157's allocation methods; instead we find that most network administrators are using one of five simple allocation schemes which tend to leave zero bits in large sections of their Interface IDs. We observe that such schemes can leave networks vulnerable to address scanning.

show abstract

Cryptographically Generated Addresses (CGA)

Cited by 179 publications

References 13 publications

Privacy Considerations for IPv6 Adaptation-Layer Mechanisms

Privacy Considerations for IPv6 Adaptation-Layer Mechanisms

Analysis of the 64-bit Boundary in IPv6 Addressing

IPv6 Host Address Usage Survey

Contact Info

Product

Resources

About