EUI-64 Considered Harmful

Rye, Erik C.; Martin, Jeremy; Beverly, Robert

Download

EUI-64.pdf (61.51Kb)

Download Record

Download to EndNote/RefMan (RIS)

Download to BibTex

Author

Rye, Erik C.

Martin, Jeremy

Beverly, Robert

Metadata

Show full item record

Abstract

This position paper considers the privacy and security implications of EUI-64-based IPv6 addresses. By encoding MAC addresses, EUI-64 addresses violate layers by exposing hardware identifiers in IPv6 addresses. The hypothetical threat of EUI-64 addresses is well-known, and the adoption of privacy extensions in operating systems (OSes) suggests this vulnerability has been mitigated. Instead, our work seeks to quantify the empirical existence of EUI-64 IPv6 addresses in today’s Internet. By analyzing: i) traceroutes; ii) DNS records; and iii) mobile phone behaviors, we find surprisingly significant use of EUI-64. We characterize the origins and behaviors of these EUI-64 IPv6 addresses, and advocate for changes in provider IPv6 addressing policies.

Rights

This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.

URI

https://hdl.handle.net/10945/65335

Collections

Faculty and Researchers' Publications