Nico Lick (Frankfurt UAS)

Title:

IPv6 Privacy Extensions for the GNRC Network Stack

Biography:

Nico is a Bachelor graduate in Computer Science at Frankfurt University of Applied Sciences. Regularly learning about internet infrastructure and protocols over the past years, his Bachelor thesis focused on privacy in IPv6 device addressing. He is now studying machine learning as a Master student at TU Darmstadt.

Abstract:

In IPv6 networks, a device joining a network commonly forms its final IPv6 address by itself using Stateless Address Autoconfiguration (SLAAC), a prevalent, standardized mechanism. With SLAAC, a device generates the last part of its IPv6 address, the interface identifier, by itself. This mechanism historically consisted of using the device’s MAC/link-layer address as the value for the interface identifier. A MAC address constitutes a globally unique identifier persistent to the device. Including it in the IPv6 address exposes this identifier on the network level, essentially making a device trackable through its IPv6 address within and across networks.

To mitigate the privacy threats imposed by this, standardized privacy methods were published by the IETF, namely “temporary addresses” and “stable privacy addresses”, that employ random interface identifiers in the IPv6 addresses. Despite being widely adopted in major operating systems and the IETF officially recommending stable privacy addresses by default since 2017, adoption in IoT operating systems is low.

Previous research found that IoT devices are the most common to not employ a privacy mechanism in IPv6 networks. Even when an internet service provider employs periodically changing IP addresses as a privacy measure, merely because of a single re-identifiable device in the network, a customer can be tracked over time.

This talk will cover the motivation for these privacy mechanisms and their implementation in GNRC, RIOT’s own network stack.