Enhanced cryptographically generated address (CGA) algorithms for mobile IPV6

Abstract

This thesis studied the Cryptographically Generated Address (CGA) algorithms in order to improve the security and performance of Mobile Internet Protocols (MIPv6) networks. At present, the biggest weakness in a MIPv6 network is the poor authentication of the Binding Update (BU) message. If a mobile node uses the CGA algorithms, then most of the attacks against a MIPv6 network can be prevented. However, using CGA algorithms is computationally costly. This thesis developed enhanced versions of the CGA algorithms. These Enhanced CGA algorithms provide a minimum computational security of O(280) and replace the use of the Rivest-Shamir-Adleman (RSA) signature scheme with the Merkle Signature Scheme (MSS). MSS is selected because its security relies on the collision resistance property of the hash function used and because it is resistant to differential side channel attacks. The thesis implemented the Enhanced CGA algorithms in C and evaluated their performance on a low-end node. It found that the Enhanced CGA Generation algorithm takes 89 ms (56% faster than the original CGA Generation algorithm at O(280)). An additional speedup of 37-40% can be obtained with the use of multithreading on a quadcore processor. Likewise, the Enhanced CGA Signature Generation algorithm is found to be 72% faster (182.5 ms) than the original CGA Signature Generation algorithm. However, the Enhanced CGA Verification algorithm and the Enhanced CGA Signature Verification algorithm are found to be slower than the original algorithms by 121% and 402% respectively. The net result of using the Enhanced CGA algorithms (instead of the original CGA algorithms) is a reduction in Layer 3 latency by 30.7 ms. This reduction is mainly because MSS key generation is 98.7% faster than RSA-3072 key generation. It is also important to note that using Enhanced CGA algorithms requires an additional 1,493 bytes to be transmitted and an additional 5,077 bytes of memory. Overall, the Enhanced CGA algorithms can be considered a significant improvement over the original CGA algorithms because they provide a higher minimal computational security of O(280) and reduce Layer 3 latency by approximately 30.7 ms.