IPv6 Cryptographically Generated Address: Analysis and Optimization

Abstract

Cryptographically generated address (CGA) is a prime inherent element of SEND protocol introduced in IPv6.CGA works without relying on any trusted third party authority or Public Key Infrastructure (PKI).CGA find their application in proving address ownership and prevent spoofing or theft of IPv6 addresses by binding senders public key with the generated address. Though CGA is a promising technique and offers substantial amount of security, it does possess some limitations and performance bottlenecks. CGA is computationally intensive determined by the security parameter 'sec' and bandwidth gobbling due to use of RSA keys. For a higher value of 'sec', there is no guarantee on termination of brute force search for modifier. This paper evaluates the performance and discusses possible techniques that can be used in optimizing the use of IPv6 CGA. The techniques discussed are the possible modifications to the standard RFC 3972.These include reducing the granularity factor of sec from 16 to 8, replacing RSA with ECC and ECSDSA, using SHA-256 hash function instead of SHA-1 and including subnet prefix in the calculation of CGA. The paper also compares the modified CGA with standard CGA and advocates the reasons for incorporating these changes so that enhanced hybrid version of CGA can be obtained.