[ipv6hackers] Pros and Cons of Address Randomization
markzzzsmith at yahoo.com.au
Sun Dec 2 00:01:12 CET 2012
----- Original Message -----
> From: Jim Small <jim.small at cdw.com>
> To: "IPv6 Hackers Mailing List (ipv6hackers at lists.si6networks.com)" <ipv6hackers at lists.si6networks.com>
> Sent: Sunday, 2 December 2012 6:32 AM
> Subject: [ipv6hackers] Pros and Cons of Address Randomization
> I would like to develop a list of talking points around the merits of IPv6
> address randomization. Here is what I have done to prepare:
> Watched a recent talk by Fernando:
> Read RFC 5157:
> Read Fernando and Tim's Revised Internet Draft:
> Note: This is absolutely fantastic and should be mandatory reading for any
> network or security engineer. The pros/cons of address randomization are by no
> means meant to take away from this publication.
> Followed the conversations on the IETF WG and other places such as LinkedIn.
> Are there other sources I should study?
> * To some degree this appears like security through obscurity - I read the
> defense in depth part but I'm still having a hard time getting past this
Obscurity is quite a reasonable security mechanism. Zebras having stripes is a security through obscurity mechanism, so that they blend into the background, as is military camouflage.
The main issue with obscurity is that if it is the only security mechanism you have, then once it is breached you're quite vulnerable, and need to have other security mechanisms to rely on. That's why Zebras can also run and kick, and why the military also supply their solders with guns. People who place an excessive amount of value in obscurity (e.g. IPv4 NAPT), are likely to not put appropriate effort into having other security mechanisms in place if their obscurity is breached. The people who are concerned (horrified perhaps?) by IPv6's end-to-end addressing are likely to be the ones who've placed too much security value in their IPv4 NAPT based obscurity. They probably don't realise that they themselves may breach their obscurity principle when they connect without any concern or consideration their labtop or smartphone to untrusted wireless networks like 3G/4G or public/hotel wifi.
The mantra "there's no security in obscurity" is actually derived from Kerckhoff's principle, which was specifically talking about crypto systems, not information or network security in general. If obscurity wasn't a useful security mechanism, natural selection would have killed it off 10 000s of years ago in nature. Since it has been robust enough in nature to survive, it's quite reasonable to use in computer networking.
More information about the Ipv6hackers