IPv6 Cryptographically Generated Address:Analysis,Optimization and Protection  

作　　者：Amjed Sid Ahmed Rosilah Hassan Faizan Qamar Mazhar Malik 

机构地区：[1]Department of Computing and Information Technology,Global College of Engineering and Technology,Ruwi,112,Sultanate of Oman [2]Faculty of Information Science and Technology,Center for Cyber Security,Universiti Kebangsaan Malaysia,Bangi,43600,Malaysia [3]Faculty of Information Science and Technology,Universiti Kebangsaan Malaysia,43600,Bangi,Malaysia

出　　处：《Computers, Materials & Continua》2021年第7期247-265,共19页计算机、材料和连续体（英文）

基　　金：supported by Dana Impak Perdana fund,no.UKM DIP-2018-040 and Fundamental Research Grant Scheme fund no FRGS/1/2018/TK04/UKM/02/7 under Author R.Hassan.

摘　　要：In networking,one major difficulty that nodes suffer from is the need for their addresses to be generated and verified without relying on a third party or public authorized servers.To resolve this issue,the use of selfcertifying addresses have become a highly popular and standardized method,of which Cryptographically Generated Addresses(CGA)is a prime example.CGA was primarily designed to deter the theft of IPv6 addresses by binding the generated address to a public key to prove address ownership.Even though the CGA technique is highly effective,this method is still subject to several vulnerabilities with respect to security,in addition to certain limitations in its performance.In this study,the authors present an intensive systematic review of the literature to explore the technical specifications of CGA,its challenges,and existing proposals to enhance the protocol.Given that CGA generation is a time-consuming process,this limitation has hampered the application of CGA in mobile environments where nodes have limited energy and storage.Fulfilling Hash2 conditions in CGA is the heaviest and most timeconsuming part of SEND.To improve the performance of CGA,we replaced the Secure Hash Algorithm(SHA1)with the Message Digest(MD5)hash function.Furthermore,this study also analyzes the possible methods through which a CGA could be attacked.In conducting this analysis,Denial-of-Service(DoS)attacks were identified as the main method of attack toward the CGA verification process,which compromise and threaten the privacy of CGA.Therefore,we propose some modifications to the CGA standard verification algorithm to mitigate DoS attacks and to make CGA more security conscious.

关 键 词：IPV6 GCA SEND DoS attacks RSA SHA-1 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]