Title :
What DHCPv6 says about you
Author :
Groat, Stephen ; Dunlop, Matthew ; Marchany, Randy ; Tront, Joseph
Author_Institution :
Virginia Polytech. Inst. & State Univ., Blacksburg, VA, USA
Abstract :
As protection against the current privacy weaknesses of StateLess Address Auto Configuration (SLAAC) in the Internet Protocol version 6 (IPv6), network administrators may choose to deploy the new Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Similar to the Dynamic Host Configuration Protocol (DHCP) for Internet Protocol version 4 (IPv4), DHCPv6 uses a clientserver model to manage addresses for networks, providing stateful address assignment. While DHCPv6 can be configured to assign randomly distributed addresses to clients, the DHCP Unique Identifier (DUID) was designed to remain static to clients as they move between different subnets and networks. Since the DUID is globally unique, attackers can geotemporally track clients by sniffing DHCPv6 messages on the local network or by using protocol-valid messages that request systems´ DUIDs. Additionally, attackers can remotely monitor users and networks using DHCPv6 relays to issue and forward DHCPv6 messages and track clients. The privacy implications of DHCPv6 must be addressed before large-scale IPv6 deployment.
Keywords :
IP networks; client-server systems; computer network security; data privacy; protocols; DHCP unique identifier; DHCPv6; Internet protocol version 4; Internet protocol version 6; client server model; dynamic host configuration protocol for IPv6; network administrators; privacy implications; protocol valid messages; stateless address auto configuration; Correlation; Local area networks; Monitoring; Privacy; Protocols; Relays; Servers;
Conference_Titel :
Internet Security (WorldCIS), 2011 World Congress on
Conference_Location :
London
Print_ISBN :
978-1-4244-8879-7
Electronic_ISBN :
978-0-9564263-7-6
