Securing Group Management in IPv6 with Cryptographically Generated Addresses

Claude Castelluccia 1 Gabriel Montenegro 2
1 PLANETE - Protocols and applications for the Internet
Inria Grenoble - Rhône-Alpes, CRISAM - Inria Sophia Antipolis - Méditerranée
Abstract : Currently, group membership management in IP Multicast and Anycast can be abused in order to launch denial-of-service (DoS) attacks. The root of the problem is that routers cannot determine if a given host is authorized to join a group (sometimes referred to as the Proof-of-Membership Problem ). We propose a solution for IPv6 based on Group Cryptographically Generated Addresses (G-CGA). These addresses have characteristics of statistical uniqueness and cryptographic verifiability that lend themselves to severely limiting certain classes of DoS attacks. Our scheme is fully distributed and does not require any trusted third party or pre-established security association between the routers and the hosts. This is not only a huge gain in terms of scalability, reliability and overhead, but also in terms of privacy.
Document type :
Reports
Complete list of metadatas

https://hal.inria.fr/inria-00072065
Contributor : Rapport de Recherche Inria <>
Submitted on : Tuesday, May 23, 2006 - 7:40:56 PM
Last modification on : Wednesday, April 11, 2018 - 1:55:53 AM
Long-term archiving on : Sunday, April 4, 2010 - 10:51:24 PM

Identifiers

  • HAL Id : inria-00072065, version 1

Collections

Citation

Claude Castelluccia, Gabriel Montenegro. Securing Group Management in IPv6 with Cryptographically Generated Addresses. [Research Report] RR-4523, INRIA. 2002. ⟨inria-00072065⟩

Share

Metrics

Record views

157

Files downloads

246