Content uploaded by Reshmi T.R
Author content
All content in this area was uploaded by Reshmi T.R on Oct 11, 2017
Content may be subject to copyright.
J. Lloret Mauri et al. (Eds.): SSCC 2014, CCIS 467, pp. 263–271, 2014.
© Springer-Verlag Berlin Heidelberg 2014
Internal Hardware States Based Privacy Extension
of IPv6 Addresses
T.R. Reshmi, Shiney Matilda Manoharan, and Krishnan Murugan
Ramanujan Computing Centre,
Anna University, Chennai, India, 600025
{reshmi.engg,shineysunil6}@gmail.com, murugan@annauniv.edu
Abstract. The Internet Protocol Version 6 (IPv6) usage is booming up in recent
years due to the address scarcity of existing protocol. This protocol faces
various security threats and is under research for few decades. Although IPsec
is mandated for security over IPv6 end-to-end communication, it does not
support link local communication. Link local security issues are considered to
be important during autoconfiguration. The existing mechanism SeND used to
provide security during autoconfiguration faces issues related to algorithmic
complexity, router functionality implications, key generation etc. The paper
proposes a privacy extension method for link local address generation by using
the internal hardware states of the system, thus overcoming the existing issues.
The prototype is implemented in a real time system and compared with SeND.
The proposed method has proven to outperform the existing methods in terms
of algorithmic strength and thereby reduce the complexity and time delay
during implementation.
Keywords: Autoconfiguration, IPv6, SeND, Privacy extension, Link local
address.
1 Introduction
IPv6 provides a mechanism where hosts and routers can find each other automatically;
this is the feature of IPv6 which replaces ARP protocol in IPv4. Thus through this
feature each machine can automatically identify and determine their default routers.
Hosts are allowed to communicate with nodes both internally and externally nodes in
this mechanism named Neighbor Discovery (ND). This functionality is achieved
through the Neighbor Discovery Protocol. Neighbor Discovery Protocol (NDP) allows
nodes in a network to perform the following functionalities [2].
a) Determine the link layer address of the neighboring nodes that are known to
be attached to the same link.
b) Identify neighboring routers through which packets can be forwarded on its
behalf.
c) Constantly track the reachability of neighbors
d) Identify alternate routers when there is a failure in the router path.
264 T.R. Reshmi, S.M. Manoharan, and K. Murugan
The neighbor discovery is protected through some basic protective features offered
by NDP. The NDP being a link local protocol, must have its hop limit set to 255, its
source address should be either unspecified or link-local. The routers do not forward
these link local addresses. Therefore the messages of NDP cannot be injected into the
infrastructure of the network beyond the directly connected second layer access
networks. This protective shield does not completely protect IPv6 local networks thus
posing serious security threats. IPv6 neighbor discovery is prone to spoofing, Denial-
of-Service (DoS), replay, redirect, and rogue router attacks [3].
The threats mentioned above should be eradicated for the normal functioning
of Neighbor Discover. The solutions to these threats are offered by the Secure
Neighbor Discover Protocol (SeND) [4] .The SeND protocol uses digital signature,
cryptographically generated addresses (CGAs), and X.509 certification mechanism to
enable its enhanced protective feature. The SeND protocol ensures integrity of
messages, prevents thefts of IPv6 address and replay attacks. It also provides a feature
where the router’s authority can be verified ensuring safe communication. Although
SeND is a technique with promising features that would protect NDP and make IPv6
a safe protocol, its implementation and deployment is not an easy task. Thus SeND
does not fulfill the mature implementation needs that are expected by various network
device manufacturers and operating system developers. The SeND is computationally
intensive and consumes more bandwidth [5]. This paper discusses the implementation
and deployment challenges of SeND and also provides some directions and proposals
for facilitating the enhancement of security using the internal hardware states of
machines during the autoconfiguration process.
2 Background
In stateless address autoconfiguration mechanism [1], the hosts can enable to
determine their own addresses. Router advertisements that contain subnet prefixes
associated with a link along with the unique identifier (known as the interface
identifier) generated through the information available at the host locally are used to
generate the address. Nodes attached to a same link can communicate using their
self-generated link local addresses. The stateless mechanism unlike the stateful
approach does not require configuration of a host’s address manually. The addresses
are automatically generated by the hosts themselves in the stateless mechanism
eliminating the need of additional servers. This mechanism has strong benefits over
the usage of DHCP and is known as one of the major advancements over IPv4
There are two approaches through which stateless address autoconfiguration of
nodes can be performed. The first being the MAC based address generation, where
the EUI-64 based interface identifier (ID) is generated using a node’s MAC address.
This mechanism is described as hardware address based address generation. The
address generation is as follows. The 48 bit MAC address of a host is split into two
halves of 24bit .One of the 24 bits block is named as OUI (Organizationally Unique
Identifier) and the other is known to be network interface card specific. There exists a
16-bit value (0xFFFE) reserved by IEEE for this MAC based address generation
Internal Hardware States Based Privacy Extension of IPv6 Addresses 265
which is inserted between the OUI and the network interface specific blocks. The
Fig.1 below depicts the format of IPv6 address generated using the EUI-64 mode of
generation
Fig. 1. IPv6 Address Format with Interface ID and EUI-64
As per the IPv6 addressing standards, there exists a left most 7th bit which
determines if the address are locally or globally administered .This bit is named as the
Universal/Local bit. If the bit value is set to 1 then it configured as the locally
administered address else in case of bit value 0 then they are termed as globally
unique address
Fig. 2. Generation of EUI-64 Based IPv6 Address
The second approach used for stateless address autoconfiguration mechanism is a
security enhanced approach, wherein the IPv6 address generation is protected by
various measures e.g. involving binding of a public key signature to the address. This
mechanism of address generation is a major offering of the Secure Neighbor
Discovery protocol and is known as the cryptographically generated address (CGA)
approach. The CGA’s[6] addresses that involve hashing techniques over
predetermined data structures known as CGA parameters to produce secure addresses
for the host .This address generated is purely associated with the public key which is
in Distinguished Encoding Rules (DER) encoded format. The interface identifier is
generated by hashing the public key and CGA parameters, the receiver can verify the
integrity of the sender by re-computing the hash with the available key and CGA
266 T.R. Reshmi, S.M. Manoharan, and K. Murugan
option, thus enabling authentication of address without the need of an external third
party intervention.
The generation of CGA’s involves determining the public key of the owner
address, selecting the appropriate security-level (Sec) value and generation of a
random 128 bit modifier at its first step. These are then subjected to SHA-1 hashing.
This process is then looped continuously with various values assigned to the modifier
until 16 × security parameter leftmost-bits of hash2 equals zero. Once this condition is
satisfied the loop terminates. This final modifier value is used along with the various
other CGA parameters as the input to the hash 1(shown in Fig 3).
The leftmost 64 bits is extracted from the resultant of hash 1 and is assigned as the
Interface ID. The security parameter value is then inserted into the interface ID’s left
most three bits. The u bit (universal/ local bit) value is set to 1 to indicate the
universal scope of the address or to 0 to indicate local scope of the address. The g bit
is known the individual/group bit. Performing duplicate address detection at the end
of this process assures that there is no collision of address over the network. The Fig.3
gives an overview of the CGA generation process and describes diagrammatically the
steps involved in the unique address generation
The cost of generating a new CGA depends exponentially on the security
parameter Sec, which can have values from 0 to 7. Though CGA based mode of
stateless address autoconfiguration enhances the security level of the process, it is
also subjected to various risks and issues that pose a threat to the usage of SeND
protocol.
Fig. 3. CGA generation
Internal Hardware States Based Privacy Extension of IPv6 Addresses 267
3 Proposed Work
The paper presents a novel privacy extension of IPv6 addresses using internal
hardware states of the machines. The HArdware Volatile Entropy Gathering and
Expansion (HAVEGE) algorithm used for empirically strong random number
generation is the inspiration for the extended algorithmic design of the proposed
work. The various issues related to the existing SeND as per references [5], [7-10]
that has motivated for the new proposal has been discussed below.
3.1 Issues Related to SeND
1. Security Issues: An attacker to facilitate address stealing will have to compute the
cryptographic hash value (hash1) collision when an address is generated through
the CGA mechanism. This computing is infeasible thus posing a strong shield
against address stealing. Thus the CGA mechanism is used widely to prevent
stealing/theft of another node’s address However, CGA can’t provide a promising
assurance on a node's identity, and cannot guarantee/prove that the address is the
original address of the associated node. Since there are no certifications over the
CGA's, attackers can always generate a new valid addresses from their own
public keys and impersonate other nodes.
2. Technical Issues: Majority of the operating systems support implementation of
NDP whereas SeND has always lacked support from them. Although some major
vendors and manufactures like Juniper, Cisco provides support for SeND in their
routers at various levels, no major operating system is known to provide a
considerably good level of support. Current implementations of SeND in various
OS distribution like Debian Linux are still proofs of concept, there have been no
production ready softwares that enable implementation of SeND for achieving
ND security.
3. Complexity Issues: The average CGA address generation time depends on the
security parameter used in the CGA data structure. However, it’s impossible to
tell exactly how much time CGA generation will take when Sec isn’t zero; it
could vary significantly. Theoretically, the computational complexity of hash2
consumption increases by 216 for each security parameter value. For higher
values of security parameters the address generation process involves highly
intense computations. This directly implies to higher cost of address generation
when there is a need of high security parameter. Almost all network devices
manufactures look for highly secure mechanism and in CGA this expectation is
met by increasing Security parameter values as per need, but owing to the higher
cost of address generation deprives the usage of CGA’s in various sectors. This
challenge drives the need for a more feasible and implementable security solution
for the autoconfiguration process.
3.2 Privacy Extensions Using Hardware Volatile Entropy Gathering and
Expansion
A random number generator is empirically strong if a random number sequence
generated as its output cannot be judged or guessed from a uniformly distributed
independent sequence of numbers. The heuristic approach named HAVEGE
268 T.R. Reshmi, S.M. Manoharan, and K. Murugan
(HArdware Volatile Entropy Gathering and Expansion), that enables generation of
random numbers that are empirically strong [12].
There are numerous global states of a microprocessor that are purely invisible
through instruction sets like caches, buffers etc. Any external event like an operating
system interrupt affects these internal states of a processor directly inducing
modifications to their existing status. These events introduce a considerably large
amount of change / modifications in bits of the internal states. This feature is used as
the basis for the HAVEGE algorithm. This algorithm holds good for almost all
systems, since every personal or general purpose computers are built upon processors
that ensure high performance ratios. This high performance is achieved by using
microprocessors that possesses complex hardware mechanisms.Several hundreds of
thousands of bits are derived randomly from these internal states that are subjected to
change every time an external event occurs in the system. These randomly collected
bits are empirically strong. The entropy/ uncertainty that have been induced due to
these internal states are calculated in the HAVEG algorithm using the system’s
hardware clock cycle [13].
The HAVEGE Algorithm is the extension to the HAVEG. It is an algorithm that
was constructed to state an approach where the entropy gathering mechanism of
HAVEG is combined along with random number generation to ensure generation of
unpredictable random numbers. The HAVEGE generator is known to comprise of
data that are usually thousands of volatile internal states, as discussed above. These
are the micro-architectural internal states that are prone to changes due to any external
event. Even the user who performs the random number generation possesses no idea
of the changes in the internal hardware states. This feature makes the random number
generated through this algorithm strong empirically, where in the generator cannot be
set to a state where the same sequences of bits are generated again.
The volatile internal states present in the HAVEGE generator are listed below,
DATA TLB: The translation look-aside buffer is a table consisting of information of
the pages in the memory that is accessed by the processor. As per the HAVEGE
algorithm each entry of a page in the TLB possesses 129 states. The HAVEGE
algorithm is constructed with a loop that accesses 128 pages of memory.
Level 1 Data Cache: The Level 1 cache also known as the primary cache is a memory
along with the processor core possessing information of the latest information
acceded by a processor. In the HAVEGE Generator, the cache lines of the level 1 data
cache are assured to be in one of the possible seven states. This data is usually
mapped in the WALK table between any one of the possible 32 byte block available.
The L1 cache is in one of the 7512 possible states. The processor might additionally
possess L2, L3 cache which are not used in HAVEGE generator.
Level 1 Instruction Cache: The Level 1 instruction cache consists of 256 sets in which
from HAVEGE perspective each possesses 7 possible states. The HAVEGE
algorithm is made of a loop body that performs self-modifying walks over the level 1
instruction cache.
The HAVEGE Algorithm is used to generate random numbers that replace the
CGA during the IPv6 address generation. The link local addresses using the new
privacy extension method generates 64-bit random address using the internal states of
L1 caches and Data TLB. The extraction of internal states and bit randomness is
Internal Hardware States Based Privacy Extension of IPv6 Addresses 269
completely unknown to the system users which ensure the security and integrity of
address generation. The generation of highly random addresses is the sole purpose of
integrating HAVEGE with SeND.
4 Performance Analyses
The proposed prototype is implemented in Linux kernel version 2.6.34 and the
currently implemented IPv6 privacy extensions are modified .The modified kernel per
[11] uses different system control parameters which can be read and written by user
based on the requirements and thereby controlling the operation of IPv6 privacy
extensions. The internal states based privacy extension method and existing SeND are
implemented and compared in the same environment. The tests are conducted over 50
times and each time the generated addresses are recorded to calculate the performance
metrics listed below.
1) Address generation delay: The time taken for address generation in real time
scenario has been calculated using a timer function. The time includes the key
generation, key verification and address generation delay. The time denoted the
runtime of the algorithms.
2) Algorithmic complexity: Algorithmic complexity estimates the complexity in
processing the algorithmic steps. It determines the hastiness and resource
utilization of the algorithmic steps. Complexity is defined as a numerical
function T (n) - time versus the input size n.
3) Entropy level: The entropy level depicts the measure of randomness of the
algorithm generated addresses. The security level of the algorithm is determined
by the entropy. The more random the address generation the stronger will be the
algorithm. The formula for the entropy calculation is as given in equation 1.
∑
(1)
5 Result Analyses
The results obtained from the experiments and quantitative analysis is compared for
the algorithms. The results derived from the performance analysis are given in Table 1.
Metric EUI-64 Address
Cryptographically
Generated Address (sec
= 1)
HAVEGE based
generated IPv6
address
Address Generation
delay(in microseconds) 1 89003 1
Algorithmic
Complexity log(n) + (n log(n) )
2s (O (n) + O(log n))
+ O(n log n)
log(n) + n log n
Entropy Level
(Entropy Derived in
terms of Security )
0.31 0.52 0.91
270 T.R. Reshmi, S.M. Manoharan, and K. Murugan
The results obtained, clearly distinguishes the various level of security provided in
each mechanism.
Address generation delay: The time consumed in generating the interface ID through
the CGA based address generation results in considerably very high even for smaller
security parameter. The HAVEGE based address generation and MAC based stateless
address autoconfiguration takes very minimal and negligible amount of time. The
runtime of these algorithms are very less compared to CGA. The HAVEGE based
autoconfiguration provides high level security but takes minimal address generation
time.
Algorithmic Complexity: Comparing the algorithmic complexity for the various
address generation mechanisms, it can be concluded that the complexity level of CGA
based address generation is very high. The complexity of CGA varies with the Sec
value. The complexity of HAVEGE based address generation is even less compared
when compared to the Sec-0 level of CGA.
Entropy Level: The entropy level of the address autoconfigured through the MAC
based method is very low (very low randomness), thus impacting security. The CGA
on the other hand possesses a considerably good entropy level ensuring security, but,
the mechanism using HAVEGE algorithm which ensures unpredictable random
number generation offers higher degree of randomness ensuring greater security levels.
Thus HAVEGE with minimal computational complexity, negligible time delay
along with higher security levels will be a reliable approach for autoconfiguration of
IPv6 addresses.
6 Conclusion
The IPv6 suite provides a feature where each device can automatically generate its own
addresses. This feature is achieved securely through CGA’s which is a commendable
feature of the SeND protocol. The CGA provides various protective mechanisms where
the sender’s integrity is promised without relying on any external their party. However,
the CGA’s proves to be complex in computations that result in higher cost of address
generation. Thus various systems and manufactures refrain from using CGA’s to secure
their neighbor discovery. The robust mechanism using the hardware states for
generating addresses has been proposed in this paper. The HAVEGE based address
possesses high rate of randomness with minimized computations thus ensuring highly
secure stateless address autoconfiguration process. The test results conclude that the
proposed mechanism outperforms SeND. The RSA key used in SeND is again used in
the proposed mechanism. The efficient key distribution mechanism can be a future work
for the secured autoconfiguration schemes.
References
1. Thomson, S., Narten, T., Jinmei, T.: IPv6 Stateless Address Autoconfiguration. RFC 4862,
Internet Engineering Task Force (September 2007)
Internal Hardware States Based Privacy Extension of IPv6 Addresses 271
2. Narten, T., Nordmark, E., Simpson, W., Soliman, H.: Neighbor Discovery for IPversion 6
(IPv6). RFC 4861, Internet Engineering Task Force (September 2007)
3. Nikander, P., Kempf, J., Nordmark, E.: IPv6 Neighbor Discovery (ND) Trust Models and
Threats. RFC 3756 (Informational), Internet Engineering Task Force (May 2004)
4. Arkko, J.: Kempf, Ed., J., Zill, B., Nikander, P.: SEcure Neighbor Discovery (SEND).RFC
3971, Internet Engineering Task Force (March 2005)
5. Supriyanto, Hasbullah, I.H., Murugesan, R.K., Ramadass, S.: Survey of Internet Protocol
Version 6 Link Local Communication Security Vulnerability and Mitigation Methods.
IETE Technical Review 30 (2013)
6. Aura, T.: Cryptographically Generated Addresses (CGA). RFC 4982, Internet Engineering
Task Force (July 2007)
7. AlSa’deh, A., Meinel, C.: Secure Neighbor Discovery: Review, Challenges, Perspectives,
and Recommendations. IEEE Security & Privacy Magazine 10(4), 26–34 (2012)
8. Groat, S., Dunlop, M., Marchany, R., Tront, J.: The privacy implications of stateless IPv6
addressing. In: Proceedings of the Sixth Annual Workshop on Cyber Security and
Information Intelligence Research, CSIIRW 2010, pp. 52:1–52:4. ACM, New York (2010)
9. Gelogo, Y.E., Caytiles, R.D., Park, B.: Threats and Security Analysis for Enhanced Secure
Neighbor Discovery Protocol (SEND) of IPv6 NDP Security. International Journal of
Control and Automation 4(4), 179–184 (2011)
10. Caicedo, C.E., Joshi, J.B.D., Tuladhar, S.R.: IPv6 Security Challenges. Computer 42(2),
36–42 (2009)
11. http://www.linux.org/ (accessed on January 2014)
12. Seznec, A., Sendrier, N.: HAVEGE: a user-level software heuristic for generating
empirically strong random numbers. ACM Transaction on Modeling and Computer
Simulations (TOMACS) 13(4) (October 2003)
13. Seznec, A., Sendrier, N.: HArdware Volatile Entropy Gathering and Expansion:
generating unpredictable random numbers at user level, INRIA Research Report, RR-4592
(October 2002)
