Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI
  • de

Hosnieh Rafiee

Privacy and Security Issues in IPv6 Networks

Privacy is a very important element in every one’s everyday life and it is more complicated than before because of the use of many new techniques for storing data or sharing data among many people, at the same time, over the Internet. Much of this data is confidential in nature, and the users may just want to share it with a select few, but in today’s environment they are leaving themselves open to privacy attacks which would result in a wider dissemination of their data than they would like.

All communications carried out today on the Internet are done using IP addresses. So an IP address is analogous to a user’s identity on the Internet. This is why attackers have devised different approaches for use in obtaining these IP addresses, this will enable them to initiate their attacks against a user’s privacy and security. Doing this gives the attacker the ability to obtain more information about this node in order to pursue further attacks, such as tracking them via their IP addresses across the networks. Then, after correlating the users’ activities with their IP addresses in order to enable him to obtain critical Information about the owner of this IP address, the attacker will misuse this data for criminal purposes.

The current mechanism used to prevent node tracking, and as a result to protect a user’s privacy in the network layer, is to frequently change the node’s IP address and in particular its Interface ID (IID). But the standard RFC that promotes the use of this solution has some deficiencies in its own right. It promotes the use of IIDs generated based on MAC addresses, so again the user’s privacy is under question by concurrent use of unchangeable IP addresses and temporary addresses. Our contribution to mitigate these issues is to offer a new algorithm, which not only maintains the lifetime for an IP address, but also provides a user with a method for randomized IID generation. The methods that are used to maintain a user’s privacy cannot be used for protecting a user’s security in a local link. To protect a user’s security, one can use Secure Neighbor Discovery (SeND). However, in practice, SeND is not deployed because an important option in SeND, Cryptographically Generated Addresses (CGA), is compute intensive. Another contribution is to introduce some mechanisms to improve the performance of CGA. Finally, we introduced a simple and secure mechanism for IID generation that integrates privacy and security. Using this approach will allow for a faster IID generation time so it will be easier for the node to change its IP address and only keep it for a short period of time.

Unfortunately, temporary node IP addresses created new problems for the authentication of this node to other services when the identification is solely based on an IP address. If the node uses any security mechanism, then the human intervention necessary to accomplish this might compromise this process. We also address this problem by introducing our new algorithms that use CGA or our proposed a Simple Secure Addressing Scheme for IPv6 Autoconfiguration (SSAS) as a means of authenticating the nodes during DNS queries, such as zone transfer, resolver to client authentication and Dynamic DNS update (DDNS) authentication. The other problem with the use of temporary node addresses is that it can lead to an increase in spam when the Electronic Mail (Email) is sent using many Internet Protocol version 6 (IPv6) temporary addresses that exist in each of the subnets ( ). To address spam problems in IPv6 networks, we categorized the current approaches and then classified them based on their applicability for use in IPv6 networks. Finally we offered our solution for Domain Name System blacklists and whitelists (DNSxLs) anti-spam approaches.