Project sucvP

--UNDER-CONSTRUCTION--

sucvP's sourceforge homepage

It is here!

Overview of sucvP

The Statistically Unique and Cryptographically Verifiable Protocol (SUCVp) is used by two IPv6 Peers that used SUCV addresses (a.k.a. Cryptographically Generated Address, CGA) to bootstrap an IPsec Security Association (SA).

The obtained SA can be either transport mode or tunnel mode, depending on the traffic that need to be secured. This protocol has been found particularly useful for securing various types of IP traffic between previously unknown nodes when a PKI is not available. The protocol can establish both transport mode and tunnel mode SA. sucvP can be used together with IPsec transport mode to secure:

IPv6 Neighbor Discovery Protocol
Mobile IPv6 Binding Update mechanism
Whatever peer-to-peer communication

and with tunnel mode to secure:

IPv6 Opportunistic Encryption

An IPv6 node generate its SUCV Identifier SUCV_ID by taking the 128 leftmost bits of its Public Key PK and its SUCV Address SUCV_Addr by concatenating its 64 bits long IPv6 Network Prefix NP with the 64 leftmost bits of the secure hash of PK. To limit the validity of a given SUCVID, we also use NP as an input parameter to the hash function:

SUCV_ID = h_128( PK | NP )
SUCV_Addr = NP | h_64( PK | NP )

The protocol allows the two Peers to perform an ephemeral Diffie-Hellman key exchange. Several flavors of it have been implemented:

Initiator proves ownership of its CGA and the SA could provide data origin authentication and anti-replay protection to the Initiator
Responder also proves owhership of its CGA and the SA could provide data origin authentication, anti-replay protection and confidentiality to both Peers.
Initiator delay the disclosure of its SUCV Address to the Initiator until Responder has proved that it owns its SUCV Address, thus preventing an active attacker to learn its identity (i.e. its Public Key). The obtained SA provides Active Identity Protection to the Initiator.

Several implementations of sucvP have been develloped:

sucvP v0.1 (Linux) is a BETA version that implements:
- Diffie-Hellman key exchange
- SUCV address ownership proof and proof verification
sucvP v0.2 (FreeBSD) is a BETA version that implements:
- All of the above