Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (28): 4-6.

• 博士论坛 • Previous Articles     Next Articles

Kind of CGA based on MAC address

SHI Min-yu,TANG Shu-ke   

  1. Huazhong University of Science and Technology,Wuhan 430074,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-10-01 Published:2007-10-01
  • Contact: SHI Min-yu

基于MAC的CGA技术研究

史旻昱,唐述科   

  1. 华中科技大学,武汉 430074
  • 通讯作者: 史旻昱

Abstract: Neighbor Discovery Protocol is an important part of IPv6 protocol, which corresponds to a combination of ARP protocol, ICMP router discovery and ICMP redirect function in IPv4.CGA(Cryptographically Generated Addresses) can defend the attack of address resolution by spoofing IP,but ignore the attack of address resolution by spoofing MAC.MCGA which is a kind of CGA based on MAC address has been proposed,and can denfend the attack of address resolution by spoofing MAC.The generation and verification of MCGA are described,and the simulation using MCGA to denfend the attack of address resolution by spoofing MAC.The simulation using MCGA to denfend the attack of address resolution by spoofing MAC shows that MCGA method is fully effective.

Key words: IPv6, neighbor discovery, MCGA

摘要: 邻居发现协议(Neighbor Discovery Protocol)是IPv6协议的一个重要组成部分,它取代了IPv4中的ARP协议、ICMP路由发现和ICMP重定向功能。加密产生地址技术(Cryptographically Generated Addresses,CGA)可以有效解决邻居发现协议的伪造IP地址攻击,但是它忽略了伪造MAC地址攻击。在CGA的基础上提出基于MAC地址的CGA技术(MCGA),并详细阐述了MCGA地址的产生与验证过程,最后还对MCGA地址验证进行了防御实验。实验表明,该技术可以解决CGA技术无法解决的伪造MAC地址攻击。

关键词: IPv6, 邻居发现, 基于MAC的加密生成地址