[ipv6hackers] IPv6 Privacy Extension
JUllrich at sba-research.org
Tue Dec 1 15:29:07 CET 2015
At this year's RAID conference, I presented an attack on the IPv6 Privacy Extension. While this attack appears ``infeasible´´ to a practitioner's point of view, it is still worth taking a look for various reasons. First, it highlights misconceptions in standardization which should not be repeated. Second, IPv6 is intended to be a protocol of the future, and time plays as usual for the attacker. The longer we wait, the better for adversaries. Finally, it should motivate revision of respective standards and implementations.
I included the abstract below; you can find the full paper at https://www.sba-research.org/research/publications/
Abstract: The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i. e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension's capability for protection by analyzing its algorithm for temporary address generation in detail. We develop an attack that is based on two insights and shows that the notion of protection is false: First, randomization is scarce and future identifiers can be predicted once the algorithm's internal state is known. Second, a victim's temporary addresses form a side channel and allow an adversary to synchronize to this internal state. Finally, we highlight mitigation strategies, and recommend a revision of the extension's specification.
More information about the Ipv6hackers