EUI-64 Considered Harmful
Loading...
Authors
Rye, Erik C.
Martin, Jeremy
Beverly, Robert
Subjects
Advisors
Date of Issue
Date
Publisher
ArXiv
Language
Abstract
This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The hypothetical threat of EUI-64 addresses is well-known, and the adoption of privacy extensions in operating systems (OSes) suggests this vulnerability has been mitigated. Instead, our work seeks to quantify the empirical existence of EUI-64 IPv6 addresses in today’s Internet. By analyzing: i) traceroutes; ii) DNS records; and iii) mobile phone behaviors, we find surprisingly significant use of EUI-64. We characterize the origins and behaviors of these EUI-64 IPv6 addresses, and advocate for changes in provider IPv6 addressing policies.
Type
Preprint
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
3 p.
Citation
Rye, Erik C., Jeremy Martin, and Robert Beverly. "EUI-64 Considered Harmful." arXiv preprint arXiv:1902.08968 (2019).
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.