Abstract
Privacy is a major concern on the current Internet, but transport mechanisms like IPv4 and more specifically IPv6 do not offer the necessary protection to users. However, the IPv6 address size allows designing privacy mechanisms impossible in IPv4. Nevertheless existing solutions like Privacy Extensions [20] are not optimal, still only one address is in use for several communications over time. And it does not offer control of the network by the administrator (end devices use randomly generated addresses). Our IPv6 privacy proposal uses ephemeral addresses outside the trusted network but stable addresses inside the local network, allowing the control of the local network security by the administrator. Our solution is based on new opportunities of IPv6: a large address space and a new flow label field. In combination with Cryptographically Generated Addresses, we can provide protection against spoofing on the local network and enhanced privacy for Internet communication.
Chapter PDF
References
World IPv6 launch, http://www.worldipv6launch.org/ (Consulted the July 4, 2013)
Kuznetsov Alexey, N.: IPv6 flow labels in Linux-2.2, Tech. report, Institute for Nuclear Research, Moscow (April 1999)
Alsa’deh, A., Rafiee, H., Meinel, C.: Stopping time condition for practical. In: 2012 International Conference on IPv6 Cryptographically Generated Addresses,Information Networking (ICOIN), pp. 257–262 (February 2012)
Amante, S., Carpenter, B., Jiang, S.: Rationale for Update to the IPv6 Flow Label Specification, RFC 6436 (Informational) (November 2011)
Amante, S., Carpenter, B., Jiang, S., Rajahalme, J.: IPv6 Flow Label Specification, RFC 6437 (Proposed Standard) (November 2011)
Arkko, J., Kempf, J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND), RFC 3971 (Proposed Standard) (March 2005), Updated by RFCs 6494, 6495
Audet, F., Jennings, C.: Network Address Translation (NAT) Behavioral Requirements for Unicast UDP, RFC 4787 (Best Current Practice) (January 2007)
Aura, T.: Cryptographically Generated Addresses (CGA), RFC 3972 (Proposed Standard) (March 2005), Updated by RFCs 4581, 4982
Berthold, O., Federrath, H., Köpsell, S.: Web mixes: A system for anonymous and unobservable internet access. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 115–129. Springer, Heidelberg (2001)
Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1, 65–75 (1988)
Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)
Van de Velde, G., Popoviciu, C., Chown, T., Bonness, O., Hahn, C.: IPv6 Unicast Address Assignment Considerations, RFC 5375 (Informational) (December 2008)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13 th Usenix Security Symposium (2004)
Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic Host Configuration Protocol for IPv6 (DHCPv6), RFC 3315 (Proposed Standard) (July 2003), Updated by RFCs 4361, 5494, 6221, 6422
Guha, S., Biswas, K., Ford, B., Sivakumar, S., Srisuresh, P.: NAT Behavioral Requirements for TCP, RFC 5382 (Best Current Practice) (October 2008)
Hain, T.: Architectural Implications of NAT, RFC 2993 (Informational) (November 2000)
Hinden, R., Deering, S.: IP Version 6 Addressing Architecture, RFC 4291 (Draft Standard) (February 2006), Updated by RFCs 5952, 6052
Hu, Q., Carpenter, B.: Survey of Proposed Use Cases for the IPv6 Flow Label, RFC 6294 (Informational) (June 2011)
Lindqvist, J.: IPv6 is bad for your privacy, Defcon 15 (2007)
Narten, T., Draves, R., Krishnan, S.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6, RFC 4941 (Draft Standard) (September 2007)
Rijsinghani, A.: Computation of the Internet Checksum via Incremental Update, RFC 1624 (Informational) (May 1994)
Srisuresh, P., Holdrege, M.: IP Network Address Translator (NAT) Terminology and Considerations, RFC 2663 (Informational) (August 1999)
Stevens, W., Thomas, M., Nordmark, E., Jinmei, T.: Advanced Sockets Application Program Interface (API) for IPv6, RFC 3542 (Informational) (May 2003)
Wasserman, M., Baker, F.: IPv6-to-IPv6 Network Prefix Translation, RFC 6296 (Experimental) (June 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Fourcot, F., Toutain, L., Köpsell, S., Cuppens, F., Cuppens-Boulahia, N. (2013). IPv6 Address Obfuscation by Intermediate Middlebox in Coordination with Connected Devices. In: Bauschert, T. (eds) Advances in Communication Networking. EUNICE 2013. Lecture Notes in Computer Science, vol 8115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40552-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-40552-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40551-8
Online ISBN: 978-3-642-40552-5
eBook Packages: Computer ScienceComputer Science (R0)