Abstract
Cryptographically generated addresses (CGA) are IPv6 addresses some address bits are generated by hashing the address owner’s public key. The address owner uses the corresponding private key to assert address ownership and to sign messages sent from the address without a PKI or other security infrastructure. This paper describes a generic CGA format that can be used in multiple applications. Our focus is on removing weaknesses of earlier proposals and on the ease of implementation. A major contribution of this paper is a hash extension technique that increases the effective hash length beyond the 64-bit limit of earlier proposals.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aura, T.: Mobile IPv6 security. In: Proc. Security Protocols, 10th International Workshop, Cambridge, UK, April 2002. Springer, Heidelberg (2002)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.: The KeyNote trust-management system version 2. RFC 2704, IETF Network Working Group (September 1999)
Castelluccia, C., Montenegro, G.: IPv6 opportunistic encryption. Technical Report 4568, INRIA (October 2002)
Eastlake, D.: Domain name system security extensions. RFC 2535, IETF Network Working Group (March 1999)
Ellison, C., Franz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylönen, T.: SPKI certificate theory. RFC 2693, IETF Network Working Group (September 1999)
Hinden, R.M., Deering, S.E.: IP version 6 addressing architecture. RFC 2373, IETF Network Working Group (July 1998)
Housley, R., Ford, W., Polk, T., Solo, D.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC 3280, IETF Network Working Group (April 2002)
Johnson, D.B., Perkins, C., Arkko, J.: Mobility support in IPv6. Internet-Draft draft-ietf-mobileip-ipv6-24.txt, IETF Mobile IP Working Group, Work in progress (June 2003)
Karn, P., Simpson, W.A.: Photuris: session-key management protocol. RFC 2522, IETF Network Working Group (March 1999)
Mazierès, D., Kaminsky, M., Kaashoek, M.F., Witchel, E.: Separating key management from file system security. Operating Systems Review 34(5), 124–139 (1999)
Montenegro, G., Castelluccia, C.: Statistically unique and cryptographically verifiable identifiers and addresses. In: Proc. ISOC Symposium on Network and Distributed System Security (NDSS 2002), San Diego (February 2002)
Moskowitz, R.: Host identity payload and protocol. Internet-Draft draft-ietf-moskowitz-hip-05.txt (October 2001) (work in progress)
Narten, T., Draves, R.: Privacy extensions for stateless address autoconfiguration in IPv6. RFC 3041, IETF Network Working Group (January 2001)
Narten, T., Nordmark, E., Simpson, W.A.: Neighbor discovery for IP version 6 (IPv6). RFC 2461, IETF Network Working Group (December 1998)
Nikander, P.: A scaleable architecture for IPv6 address ownership. Internet-draft (March 2001) (work in Progress)
Nikander, P., Ylitalo, J., Wall, J.: Integrating security, mobility, and multi-homing in a HIP way. In: Proc. Network and Distributed Systems Security Symposium (NDSS 2003), San Diego, CA, USA, pp. 87–99 (February 2003)
Okazaki, S., Desai, A., Gentry, C., Kempf, J., Silverberg, A., Yin, Y.L.: Securing MIPv6 binding updates using address based keys (ABKs). Internet-Draft draft-okazaki-mobileip-abk-01.txt (October 2002) (work in progress)
O’Shea, G., Roe, M.: Child-proof authentication for MIPv6 (CAM). ACM Computer Communications Review 31(2) (April 2001)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)
Thomson, S., Narten, T.: IPv6 stateless address autoconfiguration. RFC 2462, IETF Network Working Group (December 1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aura, T. (2003). Cryptographically Generated Addresses (CGA). In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_3
Download citation
DOI: https://doi.org/10.1007/10958513_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive