Erik Rye
ABSTRACT
IPv6's large address space allows ample freedom for choosing and assigning addresses. To improve client privacy and resist IP-based tracking, standardized techniques leverage this large address space, including privacy extensions and provider prefix rotation. Ephemeral and dynamic IPv6 addresses confound not only tracking and traffic correlation attempts, but also traditional network measurements, logging, and defense mechanisms. We show that the intended anti-tracking capability of these widely deployed mechanisms is unwittingly subverted by edge routers using legacy IPv6 addressing schemes that embed unique identifiers.
We develop measurement techniques that exploit these legacy devices to make tracking such moving IPv6 clients feasible by combining intelligent search space reduction with modern high-speed active probing. Via an Internet-wide measurement campaign, we discover more than 9M affected edge routers and approximately 13k/48 prefixes employing prefix rotation in hundreds of ASes worldwide. We mount a six-week campaign to characterize the size and dynamics of these deployed IPv6 rotation pools, and demonstrate via a case study the ability to remotely track client address movements over time. We responsibly disclosed our findings to equipment manufacturers, at least one of which subsequently changed their default addressing logic.
- IEEE Standard for Local and Metropolitan Area Networks: Overview and Architecture. IEEE Std 802-2014 (Revision to IEEE Std 802-2001), pages 1--74, 2014.Google Scholar
- AVM, 2020. https://en.avm.de/.Google Scholar
- BH Telecom, 2020. https://www.bhtelecom.ba/.Google Scholar
- Entel Bolivia, 2020. https://www.entel.bo/.Google Scholar
- IEEE OUI database, 2020. http://standards-oui.ieee.org/oui.txt.Google Scholar
- Starcat Cable Network, 2020. http://www.starcat.co.jp.e.lh.hp.transer.com/.Google Scholar
- Robert Beverly. Yarrp'ing the Internet: Randomized High-Speed Active Topology Discovery. In Proceedings of ACM Internet Measurement Conference (IMC), November 2016.Google Scholar
- Robert Beverly, Ramakrishnan Durairajan, David Plonka, and Justin P. Rohrer. In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery. In Proceedings of ACM Internet Measurement Conference (IMC), November 2018.Google ScholarDigital Library
- CAIDA. The CAIDA UCSD IPv6 Routed /48 Topology Dataset, 2019. https://www.caida.org/data/active/ipv6_routed_48_topology_dataset.xml.Google Scholar
- A. Conta, S. Deering, and M. Gupta (Ed.). Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification. RFC 4443 (Internet Standard), March 2006. Updated by RFC 4884.Google Scholar
- A. Cooper, F. Gont, and D. Thaler. Security and Privacy Considerations for IPv6 Address Generation Mechanisms. RFC 7721 (Informational), March 2016.Google Scholar
- Zakir Durumeric, Eric Wustrow, and J Alex Halderman. Zmap: Fast internet-wide scanning and its security applications. In 22nd USENIX Security Symposium (USENIX Security 13), pages 605--620, 2013.Google Scholar
- Oliver Gasser, Quirin Scheitle, Pawel Foremski, Qasim Lone, Maciej Korczyński, Stephen D. Strowes, Luuk Hendriks, and Georg Carle. Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists. In Proceedings of ACM Internet Measurement Conference (IMC), 2018.Google ScholarDigital Library
- AVM GmbH. EUI-64 Vulnerability Disclosure.Google Scholar
- F. Gont and T. Chown. Network Reconnaissance in IPv6 Networks. RFC 7707 (Informational), March 2016.Google Scholar
- IAB and IESG. Recommendations on IPv6 Address Allocations to Sites. RFC 3177 (Informational), September 2001.Google Scholar
- Frank Li and David Freeman. Towards A User-Level Understanding of IPv6 Behavior. In Proceedings of ACM Internet Measurement Conference (IMC), October 2020.Google Scholar
- N. Moore. Optimistic Duplicate Address Detection (DAD) for IPv6. RFC 4429, April 2006.Google Scholar
- T. Mrugalski, M. Siodelski, B. Volz, A. Yourtchenko, M. Richardson, S. Jiang, T. Lemon, and T. Winters. Dynamic Host Configuration Protocol for IPv6 (DHCPv6). RFC 8415 (Proposed Standard), November 2018.Google Scholar
- T. Narten, R. Draves, and S. Krishnan. Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 4941 (Draft Standard), September 2007.Google Scholar
- T. Narten, G. Huston, and L. Roberts. IPv6 Address Assignment to End Sites. RFC 6177 (Best Current Practice), March 2011.Google Scholar
- RIPE NCC. RIPE Atlas, 2021. https://atlas.ripe.net/.Google Scholar
- Erik Nygren. At 21Tbps, Reaching New Levels of IPv6 Traffic, 2020. https://blogs.akamai.com/2020/02/at-21-tbps-reaching-new-levels-of-ipv6-traffic.html.Google Scholar
- Ramakrishna Padmanabhan, John P Rula, Philipp Richter, Stephen D Strowes, and Alberto Dainotti. DynamIPs: Analyzing Address Assignment Practices in IPv4 and IPv6. In Proceedings of the 16th International Conference on emerging Networking EXperiments and Technologies, pages 55--70, 2020.Google ScholarDigital Library
- David Plonka and Arthur Berger. Temporal and Spatial Classification of Active IPv6 Addresses. In Proceedings of ACM Internet Measurement Conference (IMC), 2015.Google ScholarDigital Library
- Routeviews. University of Oregon Route Views Project, 2020. http://www.routeviews.org/routeviews/.Google Scholar
- Erik C Rye and Robert Beverly. Discovering the IPv6 Network Periphery. In International Conference on Passive and Active Network Measurement, pages 3--18. Springer, 2020.Google ScholarCross Ref
- S. Thomson, T. Narten, and T. Jinmei. IPv6 Stateless Address Autoconfiguration. RFC 4862, September 2007.Google Scholar
- Kirstin E Thordarson. Analysis of EUI-64-Based Addressing and Associated Vulnerabilities. Master's thesis, Monterey, CA; Naval Postgraduate School, 2020.Google Scholar
- tumi8. ZMapv6: Internet Scanner with IPv6 Capabilities, 2021. https://github.com/tumi8/zmap.Google Scholar
Index Terms
- Follow the scent: defeating IPv6 prefix rotation privacy
Recommendations
Green Computing in WAN Through Intensified Teredo IPv6 Tunneling to Route Multifarious Symmetric NAT
IPv4---IPv6 transition rolls out numerous challenges to the world of Internet as the Internet is drifting from IPv4 to IPv6. IETF recommends few transition techniques which includes Dual stack, translation and tunneling. By means of tunneling the IPv6 ...
Research note: Design and implementation scheme for deploying IPv4 over IPv6 tunnel
IPv4 to IPv6 transition is an inevitable process when deploying IPv6 networks within the present IPv4 Internet. The two protocols are expected to coexist for a number of years during the transition period. A number of transition techniques exist to ...
Comments