Crypto-based identifiers (CBIDs)

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Crypto-based identifiers (CBIDs): Concepts and applications

Full text

Pdf (263 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 7 , Issue 1 (February 2004) table of contents

Pages: 97 - 127

Year of Publication: 2004

ISSN:1094-9224

Authors

Gabriel Montenegro	Sun Labs, Europe, France
Claude Castelluccia	INRIA Rhône-Alpes, France

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 19, Downloads (12 Months): 130, Citation Count: 4

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/984334.984338 What is a DOI?

ABSTRACT

This paper addresses the identifier ownership problem. It does so by using characteristics of Statistical Uniqueness and Cryptographic Verifiability (SUCV) of certain entities which this document calls SUCV Identifiers and Addresses, or, alternatively, Crypto-based Identifiers. Their characteristics allow them to severely limit certain classes of denial-of-service attacks and hijacking attacks. SUCV addresses are particularly applicable to solve the address ownership problem that hinders mechanisms like Binding Updates in Mobile IPv6.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Aiello, W., Bellovin, S. M., Blaze M., Canetti, R., Ioannidis, J., Keromytis, A. D., and Reingold, O. 2002. Just Fast Keying (JFK). IETF, draft-ietf-ipsec-jfk-04.txt, work in progress.
	2	Jari Arkko , Tuomas Aura , James Kempf , Vesa-Matti Mäntylä , Pekka Nikander , Michael Roe, Securing IPv6 neighbor and router discovery, Proceedings of the 3rd ACM workshop on Wireless security, p.77-86, September 28-28, 2002, Atlanta, GA, USA [doi>10.1145/570681.570690]
	3	Aura, T. 2004. Cryptographically Generated Addresses (CGA). IETF, draft-ietf-send-cga-05.txt, work in progress.
	4	Tuomas Aura , Pekka Nikander , Jussipekka Leiwo, DOS-Resistant Authentication with Client Puzzles, Revised Papers from the 8th International Workshop on Security Protocols, p.170-177, April 03-05, 2000
	5	Bailly, D. 2002. Cbjx: Crypto-based jxta (an internship report) 6, 3 (July 2004), 108--109.
	6	Bassi, A., Beck, M., Laganier, J., and Paollini, G. 2003. Towards an ipv6-based security framework for distributed storage resources. In CMS 2003 Seventh IFIP TC-6 TC-11 Conference on Communications and Multimedia Security.
	7	Bellare, M., Canetti, R., and Krawczyk, H. 1996. Message authentication using hash functions---the HMAC construction. RSA CryptoBytes 2, 1.
	8	Blaze, M., Feigenbaum, J., Ioannidis, J., and Keromytis, A. 1999. The KeyNote Trust-Management System Version 2. IETF, RFC2704.
	9	Castelluccia, C. and Dupont, F. 2001. A Simple Privacy Extension for Mobile IPv6. IETF, draft-castelluccia-mobileip-privacy-00.txt, work in progress.
	10	Castelluccia, C. and Montenegro, G. 2002a. Ipv6 Opportunistic Encryption. INRIA Technical Report Number 4568.
	11	Claude Castelluccia , Gabriel Montenegro, Protecting AODV against impersonation attacks, ACM SIGMOBILE Mobile Computing and Communications Review, v.6 n.3, July 2002 [doi>10.1145/581291.581313]
	12	Claude Castelluccia , Gabriel Montenegro, Securing Group Management in IPv6 with Cryptographically Generated Addresses, Proceedings of the Eighth IEEE International Symposium on Computers and Communications, p.588, June 30-July 03, 2003
	13	JXTA. Crypto-id jxta (http://crypto-id.jxta.org/).
	14	Deering, S. and Hinden, R. 1998. Internet Protocol, Version 6 (IPv6) Specification. IETF, RFC2460.
	15	Ellison, C. et al. 1999. SPKI Certificate Theory. IETF, RFC 2693.
	16	Haller, S. and Metz, C. 1996. A One-Time Password System. IETF, RFC 1938.
	17	Hinden, B. and Deering, S. 2003. IP Version6 Addressing Architecture. IETF, RFC3513.
	18	Johnson, D., Perkins, C., and Arkko, J. 2003. Mobile IP for IPv6. IETF, draft-ietf-mobileip-ipv6-24 (RFC XXX).
	19	JXTA. Project JXTA. Available at www.jxta.org.
	20	Kaufman, C. 2004. Internet Key Exchange (IKEv2) Protocol. IETF, draft-ietf-ipsec-ikev2-12.txt, work in progress.
	21	Kivinen, T. and Kojo, M. 2003. More Modular Exponential (MODP) Diffie-Hellman Groups for Internet Key Exchange (IKE). IETF, RFC3526. http://www.join.uni-muenster.de/drafts/draft-nikander-mobileip-v6-ro-sec-00.
	22	Krawczyk, H., Bellare, M., and Canetti, R. 1997. HMAC: Keyed- Hashing for Message Authentication. IETF, RFC2104.
	23	Lenstra, A. and Verheul, E. 1999. Selecting Cryptographic Key Sizes. Available at http://citeseer.nj.nec.com/lenstra99selecting.html.
	24	Madson, C. and Glenn, R. 1998. The Use of HMAC-SHA-1-96 Within ESP and AH. IETF, RFC2404.
	25	Mankin, A., Patil, B., Harkins, D., Nordmark, E., Nikander, P., Roberts, P., and Narten, T. 2001. Threat Models Introduced by Mobile IPv6 and Requirements for Security in Mobile IPv6. IETF, draft-ietf-mobileip-mipv6-scrty-reqts-02.txt, work in progress.
	26	Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
	27	Modadugu, N., Boneh, D., and Kim, M. 2000. Generating RSA keys on a handheld using an untrusted server. In RSA Data Security Conference and Expo, 2000.
	28	Montenegro, G., Laganier, J., and Castelluccia, C. 2003. Cryptographically Generated Addresses (CGA). IETF, draft-montenegro-send-cga-rr-01, work in progress.
	29	Moskowitz, B. 2001. HIP Implementation. IETF, draft-moskowitz-hip-impl-01.txt, work in progress.
	30	Moskowitz, B. 2003. HIP Architecture. IETF, draft-ietf-moskowitz-hip-arch-05.txt, work in progress.
	31	Moskowitz, R., Nikander, P., Jokela, P., and Henderson, T. 2004. Host Identity Protocol. IETF, draft-moskowitz-hip-09.txt.
	32	Narten, T. and Draves, R. 2001. Privacy Extensions for Stateless Address Autoconfiguration in IPv6. IETF, RFC3041.
	33	Nikander, P. 2001. An Address Ownership Problem in IPv6. IETF, draft-nikander-ipng-address-ownership-00.txt, work in progress.
	34	Nikander, P., Arkko, J., Aura, T., and Montenegro, G. 2003a. Mobile ip version 6 (mipv6) route optimization security design. In IEEE Vehicular Technology Conference.
	35	Nikander, P., Arkko, J., Aura, T., Montenegro, G., and Nordmark, E. 2003b. Mobile IP version 6 (MIPv6) Route Optimization Security Design. IETF, draft-nikander-mobileip-v6-ro-sec-02.txt, work in progress.
	36	Nikander, P. and Perkins, C. 2002. Binding Authentication Key Establishment Protocol for Mobile IPv6 (BAKE). IETF, draft-perkins-bake-02.txt, work in progress.
	37	NIST 1995. NIST, FIPS PUB 180-1: Secure Hash Standard. NIST. Available at http://www.itl.nist.gov/fipspubs/fip180-1.htm.
	38	Orman, H. 1998. The OAKLEY Key Determination Protocol. IETF, RFC2412.
	39	Orman, H. and Hoffman, P. 2004. Determining Strengths For Public Keys Used For Exchanging Symmetric Keys. IETF, draft-orman-public-key-lengths-08.txt, work in progress.
	40	Greg O'Shea , Michael Roe, Child-proof authentication for MIPv6 (CAM), ACM SIGCOMM Computer Communication Review, v.31 n.2, April 2001 [doi>10.1145/505666.505668]
	41	Perkins, C., Belding-Royer, E., and Das, S. 2002. Ad Hoc On Demand Distance Vector (AODV) Routing for IP version 6. IETF, draft-perkins-aodv6-02.txt, work in progress.
	42	Perkins, C., Belding-Royer, E., and Das, S. 2003. Ad Hoc On Demand Distance Vector (AODV) Routing. IETF, RFC 3461.
	43	Perrig, A. and Song, D. 1999. Hash visualization: a new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99). 131--138.
	44	Frank Stajano , Ross J. Anderson, The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks, Proceedings of the 7th International Workshop on Security Protocols, p.172-194, April 19-21, 1999
	45	Paul C. van Oorschot , Michael J. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of the 2nd ACM Conference on Computer and communications security, p.210-218, November 1994, Fairfax, Virginia, United States [doi>10.1145/191177.191231]

CITED BY 4

	Johann van der Merwe , Dawoud Dawoud , Stephen McDonald, Fully self-organized peer-to-peer key management for mobile ad hoc networks, Proceedings of the 4th ACM workshop on Wireless security, September 02-02, 2005, Cologne, Germany
	Vivek Pathak , Liviu Iftode, Byzantine fault tolerant public key authentication in peer-to-peer systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.4, p.579-596, 15 March 2006
	Claude Castelluccia , Nitesh Saxena , Jeong Hyun Yi, Robust self-keying mobile ad hoc networks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.4, p.1169-1182, March, 2007
	Min-Shiang Hwang , Cheng-Chi Lee , Song-Kong Chong, An improved address ownership in mobile IPv6, Computer Communications, v.31 n.14, p.3250-3252, September, 2008

INDEX TERMS

Primary Classification:
C. Computer Systems Organization
C.2 COMPUTER-COMMUNICATION NETWORKS
C.2.0 General
Subjects: Security and protection (e.g., firewalls)

General Terms:
Security, Verification

Keywords:
Security, address ownership, authorization, group management, mobile IPv6, opportunistic encryption

REVIEW

"Radu State : Reviewer"

This paper proposes a framework based on cryptographic identifiers, allowing a system to prove and verify the ownership of an entity. Such an entity can be, for instance, a network address. The proposed framework addresses identification and autho more...

Collaborative Colleagues:

Gabriel Montenegro: colleagues

Claude Castelluccia: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player