Securing Group Management in IPv6 with Cryptographically Generated Addresses
draft-irtf-gsec-sgmv6-01
Document | Type |
Expired Internet-Draft
(gsec RG)
Expired & archived
|
|
---|---|---|---|
Authors | Claude Castelluccia , Claude Castelluccia | ||
Last updated | 2002-07-05 | ||
RFC stream | Internet Research Task Force (IRTF) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | IRTF state | (None) | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Currently, group membership management in IP Multicast and Anycast can be abused in order to launch denial-of-service (DoS) attacks. The root of the problem is that routers cannot determine if a given host is authorized to join a group (sometimes referred to as the 'Proof-of-Membership Problem' [ECUMN00]). We propose a solution for IPv6 based on Group Cryptographically Generated Addresses (G-CGA). These addresses have characteristics of statistical uniqueness and cryptographic verifiability that lend themselves to severely limiting certain classes of DoS attacks. Our scheme is fully distributed and does not require any trusted third party or pre-established security association between the routers and the hosts. This is not only a huge gain in terms of scalability, reliability and overhead, but also in terms of privacy.
Authors
Claude Castelluccia
Claude Castelluccia
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)