CS-CGA : compact and more secure CGA

Abstract

— Cryptographically Generated Address (CGA) is one of the most novel security features introduced in IPv6 suite. CGA is designed to prevent addresses theft without relying on trust authority or additional security infrastructures. However, CGA is relatively computationally intensive, and bandwidth consuming. Besides, it has some security limitations. This paper defines a Compact and more Secure CGA (CS-CGA) version. We adopt Elliptic Curve Cryptograph (ECC) keys in CGA instead of standardized RSA keys in order to minimize the size of CGA parameters and reduce CGA generation time. To enhance the security of CGA against the global time-memory trade-off attack, the subnet prefix is included in Hash2 calculations of CGA generation algorithm. For the signature and the key calculations, SHA-256 is used instead of SHA-1, which is known to have security flaws.