Title :
CS-CGA: Compact and more Secure CGA
Author :
AlSa´deh, Ahmad ; Cheng, Feng ; Meinel, Christoph
Author_Institution :
Hasso-Plattner-Inst., Univ. of Potsdam, Potsdam, Germany
Abstract :
Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However, CGA is relatively computationally intensive, and bandwidth consuming. Besides, it has some security limitations. This paper defines a Compact and more Secure CGA (CS-CGA) version. We adopt Elliptic Curve Cryptograph (ECC) keys in CGA instead of standardized RSA keys in order to minimize the size of CGA parameters and reduce CGA generation time. To enhance the security of CGA against the global time-memory trade-off attack, the subnet prefix is included in Hash2 calculations of CGA generation algorithm. For the signature and the key calculations, SHA-256 is used instead of SHA-1, which is known to have security flaws.
Keywords :
IP networks; computer network security; public key cryptography; CGA generation algorithm; CS-CGA; Hash2 calculations; IPv6 suite; RSA keys; SHA-1; SHA-256; address theft prevention; cryptographically generated address; elliptic curve cryptography keys; global time-memory trade-off attack; subnet prefix; Delay; Elliptic curve cryptography; Privacy; Cryptographically Generated Addresses (CGAs); IPv6 addressing; IPv6 security; Neighbor Discovery Protocol (NDP); SEcure Neighbor Discovery Protocol (SEND);
Conference_Titel :
Networks (ICON), 2011 17th IEEE International Conference on
Conference_Location :
Singapore
Print_ISBN :
978-1-4577-1824-3
DOI :
10.1109/ICON.2011.6168492
