Abstract
Cryptographically Generated Addresses (CGAs) have been designed to solve the so-called IPv6 Address Ownership problem. The current IETF CGA proposal relies on RSA signature. Generating an RSA signature is quite expensive and might be prohibitive for small devices with limited capacities. For example, a 1024-RSA signature requires approximately 1536 modular multiplications.
In this paper, we propose a new CGA scheme whose verification requires fewer than 10 modular multiplications. We achieve this performance gain by (1) selecting an efficient signature scheme, namely the small prime variation of the Feige-Fiat-Shamir scheme and (2) tuning the cryptographic parameters of this signature scheme to the security strength of the CGA (i.e. the size of the hash function used to generate it).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
G. Montenegro and C. Castelluccia, “Statistically Unique and Cryptographically Verifiable (SUCV) Identifiers and Addresses”, in NDSS'02, February 2002.
G. O'Shea and M. Roe, “Child-Proof Authentication for MIPv6 (CAM)”, ACM Computer Communications Review, April 2001.
T. Aura, “Cryptographically Generated Addresses (CGA)”, in 6th Information Security Conference (ISC'03), Bristol, UK, October 2003.
C. Castelluccia and G. Montenegro, “Protecting AODVng Against Impersonation Attacks”, ACM Mobile Computing and Communications Review, July 2002a.
C. Castelluccia and G. Montenegro, “Dynamic and Secure Group Membership in Adhoc and Peer-to-Peer Networks”, ACM Mobile Computing and Communications Review, July 2002b.
R. Bobba, L. Eschenauer, V. Gligor and W. Arbaugh, “Bootstrapping Security Associations for Routing in Mobile Ad-hoc Networks”, May 2002.
S. Capkun, J.P. Hubaux and L. Buttyan, “Mobility Helps Security in Ad Hoc Networks”, in Proceedings of MobiHOC 2003, Annapolis, p. 11, June 2003
A. Micali and A. Shamir, “An Improvement on the Fiat-Shamir Identification and Signature Scheme”, in CRYPTO '88, 1988, pp. 244–247.
P. Nikander, An Address Ownership Problem in IPv6, IETF, Draft-nikander-ipng-address-ownership-00.txt, February 2001.
J. Arkko, T. Aura, J. Kempf, V. Mntyl, P. Nikander and M. Roe, “Securing IPv6 Neighbor and Router Discovery”, in Wireless Security Workshop (WiSe2002), Atlanta, GA, September 2002.
D. Johnson, C. Perkins and J. Arkko, Mobile IP for IPv6, IETF, draft-ietf-mobileip-ipv6-24.txt, June 2003, (work in progress).
T. Narten and R. Draves, Privacy Extensions for Stateless Address Autoconfiguration in IPv6, IETF, RFC3041, January 2001.
A. Fiat and A. Shamir, “How to Prove Yourself: Practical Solutions to Identification and Signature Problems”, in Advances in Cryptology: Proc. Crypto'86, Springer, pp. 186–194, 1986.
U. Feige, A. Fiat and A. Shamir, “Zero Knowledge Proofs of Identity”, Journal of Cryptology, 1988.
D. Pointcheval and J. Stern, “Security Proofs for Signature Schemes”, Lecture Notes in Computer Science, Vol. 1070, p. 387 +, 1996.
A.J. Menezes, P.C. Van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
C. Wong and S. Lam, “Digital Signatures for Flows and Multicasts”, IEEE/ACM Transactions on Networking, ACM Press, Vol. 7, 1999.
G. Poupard and J. Stern, “On the Fly Signatures Based on Factoring”, in ACM Conference on Computer and Communications Security, pp. 37–45, 1999. “OpenSSL projet, http://www.openssl.org/,”.
K. Barr and K. Asanovic, “Energy Aware Lossless Data Compression”, in Proceedings of MobiSys 2003, San Francisco, May 2003.
NIST, http://www.itl.nist.gov/fipspubs/fip180-1.htm, NIST, FIPS PUB 180-1: Secure Hash Standard, April 1995.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Castelluccia, C. Cryptographically Generated Addresses for Constrained Devices*. Wireless Personal Communications 29, 221–232 (2004). https://doi.org/10.1023/B:WIRE.0000047065.81535.84
Issue Date:
DOI: https://doi.org/10.1023/B:WIRE.0000047065.81535.84