One-Time Receiver Address in IPv6 for Protecting Unlinkability

Sakurai, Atsushi; Minohara, Takashi; Sato, Ryota; Mizutani, Kana

doi:10.1007/978-3-540-76929-3_22

Cited by 6 publications

(11 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…IPv6 addressing model specifically supports assigning multiple IP addresses to a single interface [46]. Thus researchers have gone beyond address hopping to assign each connection (or a set of closely related connections) a unique address [31][32][33][34][35] to enhance privacy. Our model also uses per-connection addresses, and a detailed comparison is given later in this subsection.…”

Section: Using Ipv6 Address Space To Enhance Security and Privacymentioning

confidence: 99%

“…First, mapping an address to a device or a connection and the related routing are difficult. Early work is stateful, the mapping needs to be recorded [31,33,34]. More recent work achieve stateless mapping by encrypting the host identity into the one-time pseudo-random address.…”

Section: Using Ipv6 Address Space To Enhance Security and Privacymentioning

confidence: 99%

“…There have been attempts to enhance the anti-scanning feature of the IP addresses, mainly by: 1) generating addresses that is semantically opaque and more random [22], 2) using temporal [23,24] or hopping [25][26][27][28][29][30] addresses with short lifetime, and further 3) using a unique address for each connection [31][32][33][34][35] or even packet [36,37].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Addressless: A new internet server model to prevent network scanning

et al. 2021

View full text Add to dashboard Cite

Eliminating unnecessary exposure is a principle of server security. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. The model is simple and does not require any modification to the client or the network. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost.

show abstract

Section: Using Ipv6 Address Space To Enhance Security and Privacymentioning

confidence: 99%

Section: Using Ipv6 Address Space To Enhance Security and Privacymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Addressless: A new internet server model to prevent network scanning

et al. 2021

View full text Add to dashboard Cite

show abstract

“…However, the mapping between the pseudonym and the IPv6 address is obtained by the attacker, the privacy of the user will be revealed. To solve this problem, Sakurai et al [18] propose to use a hash chain to generate a one-time receiving address, which has high security. Even if the hash address of the user is revealed, attackers still cannot know the true identity of the user.…”

Section: A Various Identity Anonymity Of Usersmentioning

confidence: 99%

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

et al. 2020

View full text Add to dashboard Cite

In an untrusted Internet environment, there is a large amount of user privacy information being vulnerable to various attacks, and it is an important security concern for users on how to protect their privacy, and to further provide the anonymity guarantee. Recently, most privacy-sensitive users prefer anonymous communication to protect their private information from eavesdropping by attackers. Each user has different privacy protection demands for anonymous communication. However, anonymous communication methods cannot meet the various anonymity needs of users. Hence, the user on-demand anonymous communication is proposed, which can dynamically adjust the anonymity level according to a user's anonymity needs. However, the defense capabilities against attacks are insufficient in the existing user on-demand anonymous communication. Some malicious users in the network employ anonymous communication to hide their identities and attack the Internet. Moreover, the existing user on-demand anonymous communication is weak against traffic classification attacks based on machine learning. Therefore, this paper investigates its progresses and defects in privacy protection and network security. User on-demand anonymous communication is mainly composed of the user side and the transmission side. We separately investigate privacy protection and network security of user on-demand anonymous communication from the user side and the transmission side. By surveying various identity anonymity of users on the user side and the hierarchical anonymous transmission on the transmission side, we find two kinds of serious attacks in user on-demand anonymous communication, i.e., abuse of anonymous communication and traffic classification attacks based on machine learning. To solve the above security issues, we suggest the balancing mechanism of anonymous communication and behavior tracking which is used to prevent anonymous abuse, and the secure defense mechanism which is used to resist traffic classification attacks. To inspire follow-up research, we identify some open problems and emphasize future trends concerning user on-demand anonymous communication. INDEX TERMS Privacy protection, network security, machine learning, traffic classification attacks, user on-demand anonymous communication.

show abstract

“…Sakurai et al [11] propose a mechanism that allows two nodes to communicate privately by switching through a list of previously negotiated IPv6 interface identifiers. The objective of their technique is to provide relationship anonymity against eavesdroppers.…”

Section: Related Workmentioning

confidence: 99%

IPv6 Prefix Alteration: An Opportunity to Improve Online Privacy

Herrmann¹,

Arndt²,

Federrath³

2012

Preprint

View full text Add to dashboard Cite

This paper is focused on privacy issues related to the prefix part of IPv6 addresses. Long-lived prefixes may introduce additional tracking opportunities for communication partners and third parties. We outline a number of prefix alteration schemes that may be deployed to maintain the unlinkability of users' activities. While none of the schemes will solve all privacy problems on the Internet on their own, we argue that the development of practical prefix alteration techniques constitutes a worthwile avenue to pursue: They would allow Internet Service Providers to increase the attainable privacy level well above the status quo in today's IPv4 networks.

show abstract

One-Time Receiver Address in IPv6 for Protecting Unlinkability

Cited by 6 publications

References 11 publications

Addressless: A new internet server model to prevent network scanning

Addressless: A new internet server model to prevent network scanning

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

IPv6 Prefix Alteration: An Opportunity to Improve Online Privacy

Contact Info

Product

Resources

About