基于ZUC加密的IPv6地址动态编码算法及应用方案

刘永清; 曹玖新

doi:10.11959/j.issn.2096-3750.2024.00405

您当前的位置：

首页 >

文章列表页 >

基于ZUC加密的IPv6地址动态编码算法及应用方案

理论与技术 | 更新时间：2025-03-13

- 基于ZUC加密的IPv6地址动态编码算法及应用方案
- ZUC-based IPv6 dynamic addressing algorithm and application scheme
- 物联网学报 2024年8卷第3期页码：137-145
- 作者机构：
  
  1.东南大学网络空间安全学院，江苏南京 211102
  2.国家计算机网络应急技术处理协调中心江苏分中心，江苏南京 210019
- 作者简介：
  
  [ "刘永清（1979‒ ），男，东南大学网络空间安全学院博士生，国家计算机网络应急技术处理协调中心江苏分中心高级工程师，主要研究方向为下一代互联网、网络空间测绘。" ]
  [ "曹玖新（1967‒ ），男，博士，东南大学网络空间安全学院教授，博士生导师，主要研究方向为社会计算、计算机网络、复杂网络。" ]
- 基金信息：
- DOI：10.11959/j.issn.2096-3750.2024.00405
  中图分类号：
- 收稿日期：2024-01-02，
  
  修回日期：2024-06-18，
  
  纸质出版日期：2024-09-10
- 稿件说明：
移动端阅览
刘永清,曹玖新.基于ZUC加密的IPv6地址动态编码算法及应用方案[J].物联网学报,2024,08(03):137-145.

LIU Yongqing,CAO Jiuxin.ZUC-based IPv6 dynamic addressing algorithm and application scheme[J].Chinese Journal on Internet of Things,2024,08(03):137-145.
刘永清,曹玖新.基于ZUC加密的IPv6地址动态编码算法及应用方案[J].物联网学报,2024,08(03):137-145. DOI： 10.11959/j.issn.2096-3750.2024.00405.

LIU Yongqing,CAO Jiuxin.ZUC-based IPv6 dynamic addressing algorithm and application scheme[J].Chinese Journal on Internet of Things,2024,08(03):137-145. DOI： 10.11959/j.issn.2096-3750.2024.00405.

摘要

IPv6地址空间巨大，IPv6单播地址可分为网络前缀和接口标识两部分，网络前缀由运营商（ISP

Internet service provider）分配，接口标识可以手工配置、随机生成或者通过EUI-64格式生成。手工配置或通过EUI-64格式生成的静态IPv6地址存在个人隐私泄露的网络安全风险；随机生成的IPv6地址不满足基于IP地址的网络访问控制需求。因此，提出了一种基于祖冲之（ZUC

ZU Chongzhi）加密的IPv6地址动态编码（ZBDA

ZUC-based dynamic addressing）算法，将网络终端的MAC地址通过ZUC算法加密生成动态的IPv6地址，在接收端解密即可获得终端的MAC地址，以此验证终端的访问权限。ZBDA算法既解决了不当的IPv6地址编址带来的个人隐私泄露问题，又满足了基于IP地址的网络访问控制需求，且该算法的IPv6地址编码和地址验证速度快，具有实际应用价值。

Abstract

IPv6 address space is very large. IPv6 unicast address is divided into two parts: network prefix and interface identifier. The network prefix is assigned by Internet service provider (ISP)

and the interface identifier can be determined by manual configuration

random generation and the EUI-64 format. The IPv6 addresses determined by manual configured and statically generation in EUI-64 format bring a risk of personal privacy leakage. However

randomly generated IPv6 addresses sometimes do not meet the network access control requirements based on IP addresses. Therefore

a ZUC-based dynamic addressing (ZBDA) algorithm was proposed. The MAC address of a network host was encrypted using the ZUC stream cipher algorithm to generate a dynamic IPv6 address

which could be decrypted at the receiving server to obtain the MAC address of host

and it can be verified the host's access permissions from decrypted MAC address. The ZBDA algorithm not only solves the problem of personal privacy leakage caused by improper IPv6 addressing

but also meets the network access requirements based on IP address control. Moreover

IPv6 address generation speed and verification speed are fast. Therefore

the algorithm has the value of practical application.

关键词

Keywords

references

中共中央办公厅，国务院办公厅 . 推进互联网协议第六版（IPv6）规模部署行动计划 [EB ] . 2017 .

General Office of the Communist Party of China Central Committee , General Office of the State Council . Action plan for promoting the scale deployment of internet protocol version 6 (IPv6) [EB ] . 2017 .

中央网信办，国家发改委，工信部 . 关于加快推进互联网协议第六版（IPv6）规模部署和应用工作的通知 [EB ] . 2021 .

Office of the Central Cyberspace Affairs Commission , National Development and Reform Commission , Ministry of industry and information Technology of the People’s Republic of China . Notice on accelerating the scale deployment and application of internet protocol version 6 (IPv6) [EB ] . 2021 .

中国信息通信研究院 . 国家IPv6发展监测平台 [EB ] . 2024 .

China Academy of Information and Communications Technology . China IPv6 development monitoring platform [EB ] . 2024 .

Google . IPv6 adoption statistics [EB ] . 2024 .

IETF . RFC 8200: Internet protocol, version 6 (IPv6) specification [S ] . 2017 .

杭州华三通信技术有限公司 . IPv6技术 [M ] . 北京 : 清华大学出版社 , 2010 : 12 - 16 .

H 3 C. IPv 6 technology [M ] . Beijing : Tsinghua University Press , 2010 : 12 - 16 .

IETF . RFC 7136: Significance of IPv6 interface identifiers [S ] . 2014 .

IETF . RFC 4291: IP version 6 addressing architecture [S ] . 2006 .

PLONKA D , BERGER A . Temporal and spatial classification of active IPv6 addresses [C ] // Proceedings of the 2015 Internet Measurement Conference . New York : ACM Press , 2015 : 509 - 522 .

Organizationally unique identifier [EB ] . 2024 .

ZOHAIB A , HOUMANSADR A . Automated detection of IPv6 privacy leakage in home networks [J ] . Free and Open Communications on the Internet (FOCI) , 2023 ( 1 ): 30 - 34 .

SAIDI S J , GASSER O , SMARAGDAKIS G . One bad apple can spoil your IPv6 privacy [J ] . ACM SIGCOMM Computer Communication Review , 2022 , 52 ( 2 ): 10 - 19 .

DUNLOP M , GROAT S , MARCHANY R , et al . IPv6: Now you see me, now you don’t [C ] // Proceedings of the Tenth International Conference on Networks (ICN) . Wilmington : IARIA Press , 2011 : 18 - 23 .

GROAT S , DUNLOP M , MARCHANY R , et al . The privacy implications of stateless IPv6 addressing [C ] // Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research . New York : ACM , 2010 : 1 - 4 .

ULLRICH J , KIESEBERG P , KROMBHOLZ K , et al . On reconnaissance with IPv6: a pattern-based scanning approach [C ] // Proceedings of the 2015 10th International Conference on Availability, Reliability and Security . Piscataway : IEEE Press , 2015 : 186 - 192 .

HOANG N P , NIAKI A A , GILL P , et al . Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting [J ] . arXiv preprint arXiv:2102. 08332 , 2021 ( 4 ): 1 - 21 .

张千里 , 姜彩萍 , 王继龙 , 等 . IPv6地址结构标准化研究综述 [J ] . 计算机学报 , 2019 , 42 ( 6 ): 1384 - 1405 .

ZHANG Q L , JIANG C P , WANG J L , et al . A survey on IPv6 address structure standardization researches [J ] . Chinese Journal of Computers , 2019 , 42 ( 6 ): 1384 - 1405 .

NARTEN T, DRAVES R, KRI SHNAN S , Privacy extensions for stateless address autoconfiguration in IPv6 [S ] , RFC 4941, IETF, 2007 : 1-23, https://www.rfc-editor.org/rfc/pdfrfc/rfc4941.txt.pdf https://www.rfc-editor.org/rfc/pdfrfc/rfc4941.txt.pdf .

GONT F . A method for generating semantically opaque interface identifiers with IPv6 stateless address autoconfiguration ( SLAAC ) [S ] . RFC 7217, IETF, 2014 : 1-20, https://www.rfc-editor.org/rfc/pdfrfc/rfc7217.txt.pdf https://www.rfc-editor.org/rfc/pdfrfc/rfc7217.txt.pdf .

ODERO S , DARGAHI T , TAKRURI H . Privacy enhanced interface identifiers in IPv6 [C ] // Proceedings of the 2020 12th International Symposium on Communication Systems, Networks and Digital Signal Processing (CSNDSP) . Piscataway : IEEE Press , 2020 : 1 - 6 .

MIĆOVIĆ M , RADENKOVIĆ U , VULETIĆ P . Network layer privacy protection using format-preserving encryption [J ] . Electronics , 2023 , 12 ( 23 ): 4800 .

霍炜，郭启全，马原 . 商用密码应用与安全性评估 [M ] . 北京 : 电子工业出版社 , 2020 : 29 - 40 .

HUO W , GUO Q Q , MA Y . Commercial cryptography application and security evaluation [M ] . Beijing : Publishing House of Electronics Industry , 2020 : 29 - 40 .

中华人民共和国国家质量监督检查检疫总局，中国国家标准化管理委员会 . 信息安全技术祖冲之序列密码算法第1部分：算法描述 GB/T 33133.1-2016 [S ] . 2017 : 1 - 12 .

General Administration of Quality Supervision , Inspection and Quarantine of the People’s Republic of China , Standardization Administration of China . Information security technology-ZUC stream cipher algorithm-Part 1: Algorithm description , GB/T 33133.1-2016 [S ] . 2017 : 1 - 12 .

IETF . RFC 4861: Neighbor discovery for IP version 6 (IPv6) [S ] . 2007 .

李子臣 . 商用密码算法原理与C语言实现 [M ] . 北京 : 电子工业出版社 , 2020 : 8 - 27 .

LI Z C . Commercial cryptography algorithm theory and C language implementation [M ] . Beijing : Publishing House of Electronics Industry , 2020 : 8 - 27 .

FOREMSKI P , PLONKA D , BERGER A . Entropy/IP: uncovering structure in IPv6 addresses [C ] // Proceedings of the Proceedings of the 2016 Internet Measurement Conference . New York : ACM , 2016 : 167 - 181 .

IETF . RFC 4862: THOMSON S, NARTEN T, JINMEI T. IPv6 stateless address autoconfiguration [S ] . 2007 .

IETF . RFC 8415: Dynamic host configuration protocol for IPv6 (DHCPv6) [S ] . 2018 .

UTTARO J , HAAS J , TEXIER M , et al . BGP Flow-spec redirect to IP action draft-ietf-idr-flowspec-redirect-ip-01.txt [J ] . IDR Working Group , Internet-Draft, Intended Status: Standards Track, 2014 : 1 - 8 .

LITKOWSKI S , SIMPSON A , PATEL K , HAAS J . Applying BGP flowspec rules on a specific interface set draft-ietf-idr-flowspec-interfaceset-00.txt [J ] . IDR Working Group , Internet-Draft, Intended Status: Standards Track, 2015 : 1 - 8 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

物联网命名和寻址技术研究