Abstract
Address proxying is a process by which one IP node acts as an endpoint intermediary for an IP address that actually belongs to another IP node. Address proxying serves many useful functions in IP networks. In IPv6, the Secure Neighbor Discovery Protocol (SEND) provides powerful tools for securing the mapping between the IP address and the link address which is the basis of local link address proxying; however, these tools don’t work for address proxies. In this paper, we present an extension to SEND for secure proxying. As an example of how secure address proxying can be used, we propose a minor extension of the Mobile IPv6 protocol to allow secure proxying by the home agent. We then present measurements comparing SEND with and without the address proxying extensions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arkko, J. (ed.), Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND), RFC 2971 (March 2005)
Aura, T.: Cryptographically Generated Addresses (CGA), RFC 3972 (March 2005)
Chaum, S., van Heyst, E.: Group Signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
Daley, G.: Securing Proxy Neighbour Discovery Problem Statement. Internet Draft (work in progress, 2004)
Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous Identification in Ad-Hoc Groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004)
Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6, RFC 3775 (June 2004)
Kempf, J., Gentry, C.: Secure IPv6 Address Proxying using Multi-Key Cryptographically Generated Addresses (MCGAs). Internet Draft (work in progress)
Montenegro, G., Castellucia, C.: Crypto-Based Identifiers (CBIDs): Concepts and Applications. ACM Transactions on Information and System Security 7(1), 97–127 (2004)
Narten, T., Nordmark, E., Simpson, W.: Neighbor Discovery for IP version 6 (IPv6), RFC 2461 (December 1998)
National Institute of Standards and Technology, Secure Hash Standard, Federal FIPS 180-181 (April 1993)
National Institute of Standards and Technology, Specification for the Advanced Encryption Standard (AES), FIPS 197 (November 2001)
Nikander, P., Arkko, J.: Delegation of Signalling Rights. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 203–214. Springer, Heidelberg (2004)
Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and Threats, RFC 3756 (May 2004)
O’Shea, G., Roe, M.: Child-proof Authentication for MIP6 (CAM). ACM SIGCOMM Computer Communication Review 31(2), 4–8 (2001)
Plummer, D.C.: Ethernet Address Resolution Protocol, RFC 826 (November 1982)
Rivest, R., Shamir, A., Tauman, Y.: How to Leak A Secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)
Thompson, S., Narten, T.: IPv6 Stateless Address Autoconfiguration, RFC 2462 (December 1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kempf, J., Wood, J., Ramzan, Z., Gentry, C. (2006). IP Address Authorization for Secure Address Proxying Using Multi-key CGAs and Ring Signatures. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_14
Download citation
DOI: https://doi.org/10.1007/11908739_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47699-3
Online ISBN: 978-3-540-47700-6
eBook Packages: Computer ScienceComputer Science (R0)