IPv6 CGA

Posted: July 25, 2012 in technical
Tags: , , ,

Better later than never 🙂

I really liked this session:

http://www.brighttalk.com/webcast/288/49937

and the guy (Joe Klein) also has a nice blog:

http://scientifichooligan.me/

http://tools.ietf.org/html/draft-arkko-send-cga-00

From Cisco:

Cryptographically Generated Addresses in SeND

Cryptographically generated addresses (CGAs) are IPv6 addresses generated from the cryptographic hash of a public key and auxiliary parameters. This provides a method for securely associating a cryptographic public key with an IPv6 address in the SeND protocol.

The node generating a CGA address must first obtain a Rivest, Shamir, and Adelman (RSA) key pair (SeND uses an RSA public/private key pair). The node then computes the interface identifier part (which is the rightmost 64 bits) and appends the result to the prefix to form the CGA address.

CGA address generation is a one-time event. A valid CGA cannot be spoofed and the CGA parameters received associated to it is reused because the message must be signed with the private key that matches the public key used for CGA generation, which only the address owner will have.

A user cannot replay the complete SeND message (including the CGA address, CGA parameters, and CGA signature) because the signature has only a limited lifetime.

Advertisements
Comments
  1. […] some time ago I started a quick look into the IPv6 security, more precisely the SeND feature. Unfortunately, things happened and I didn’t have time to continue the […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s