The paper “Privacy is Not an Option: Attacking the IPv6 Privacy Extension” by Johanna Ullrich, Edgar Weippl (both SBA Research) has been accepted for publication in the 18th International Symposium on Research in Attacks, Intrusions and Defenses.
RAID 2015 takes place from November, 2nd – 4th, 2015 in Kyoto, Japan. RAID is ranked as A conference in CORE.
Abstract: The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i. e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension’s capability for protection by analyzing its algorithm for temporary address generation in detail. We develop an attack that is based on two insights and shows that the notion of protection is false: First, randomization is scarce and future identifiers can be predicted once the algorithm’s internal state is known. Second, a victim’s temporary addresses form a side channel and allow an adversary to synchronize to this internal state. Finally, we highlight mitigation strategies, and recommend a revision of the extension’s specification.
Conference Website: http://www.raid2015.org/