Requirements for unobservability of privacy extension in IPv6, Radio Vetenskap och Kommunikation (RVK2002)

Published 14 Jun 2002 by Alberto Escudero Pascual

bulletDownload: rvk02-escuderoa-paper.pdf

Wireless@KTH, RVK02 Organizer

Stateless address autoconfiguration defines the mechanism for a IPv6 node to generate an address without the need of an external DHCP server based on the interface identifier. The stateless approach is used when a site is not particularly concerned with the exact addresses hosts use.

To insure that all configured addresses are likely to be unique on given link, nodes run a 'duplicate address detection' algorithm on addresses before assigning them to an interface. The Duplicate Address Detection ( DAD ) algorithm is performed on all addresses, independent of whether they are obtained via stateless or stateful autoconfiguration.

In the case of an Ethernet the Interface Identifier is based on the EUI-64 identifier derived from the interface's built-in 48-bit IEEE 802 address (MAC address) and hence, the IP v6 address generated via Stateless Autoconfiguration contains the same interface identifier regardless of the location the mobile node is attached to the Internet.

Even when higher communication layers encrypt their payloads (for example with ESP), there is not an easy mechanism to hide the addresses in packet headers and they appear in clear, this fact makes very easy for an eavesdropper to track mobile nodes by analyzing the prefixes related with a certain interface identifier.

Narten and Draves developed a privacy extension for Stateless Address Configuration based on the idea of generating random interface identifiers periodically (RFC3041). But, in real network environments the IEEE802 addresses are not random in the pure sense, some OUIs are more common than others. This is because the number of interfaces sold by a manufacturer can be a very large number or even a very small number. The main consecuence of the lack of randomness in IEEE802 addresses is that the use of the privacy extension for stateless address autoconfiguration is easy observable.

A better privacy protection can be achieved if the random interface identifier can not be distinguished from a common one i.e. an eavesdropper can not determine if certain node is using or not the stateless address configuration privacy extension.

The paper will study the requirements to generate a so called random interface identifier that can not be distinguised from a common one and will try to quantify its observability.

Keyword(s): Privacy, IPv6, Unique Identifiers