The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i.e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension’s capability for protection by analyzing its algorithm for temporary address generation in detail. We develop an attack that is based on two insights and shows that the notion of protection is false: First, randomization is scarce and future identifiers can be predicted once the algorithm’s internal state is known. Second, a victim’s temporary addresses form a side channel and allow an adversary to synchronize to this internal state. Finally, we highlight mitigation strategies, and recommend a revision of the extension’s specification.
CITATION STYLE
Ullrich, J., & Weippl, E. (2015). Privacy is not an option: Attacking the IPv6 privacy extension. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9404, pp. 448–468). Springer Verlag. https://doi.org/10.1007/978-3-319-26362-5_21
Mendeley helps you to discover research relevant for your work.