2 research outputs found
A First Look At NAT64 Deployment In-The-Wild
IPv6 is a fundamentally different Internet Protocol than IPv4, and IPv6-only
networks cannot, by default, communicate with the IPv4 Internet. This lack of
interoperability necessitates complex mechanisms for incremental deployment and
bridging networks so that non-dual-stack systems can interact with the whole
Internet. NAT64 is one such bridging mechanism by which a network allows
IPv6-only clients to connect to the entire Internet, leveraging DNS to identify
IPv4-only networks, inject IPv6 response addresses pointing to an internal
gateway, and seamlessly translate connections. To date, our understanding of
NAT64 deployments is limited; what little information exists is largely
qualitative, taken from mailing lists and informal discussions.
In this work, we present a first look at the active measurement of NAT64
deployment on the Internet focused on deployment prevalence, configuration, and
security. We seek to measure NAT64 via two distinct large-scale measurements:
1) open resolvers on the Internet, and 2) client measurements from RIPE Atlas.
For both datasets, we broadly find that despite substantial anecdotal reports
of NAT64 deployment, measurable deployments are exceedingly sparse. While our
measurements do not preclude the large-scale deployment of NAT64, they do point
to substantial challenges in measuring deployments with our existing best-known
methods. Finally, we also identify problems in NAT64 deployments, with gateways
not following the RFC specification and also posing potential security risks
EKE Meets Tight Security in the Universally Composable Framework
(Asymmetric) Password-based Authenticated Key Exchange ((a)PAKE) protocols allow two parties establish a session key with a pre-shared low-entropy password. In this paper, we show how Encrypted Key Exchange (EKE) compiler [Bellovin and Merritt, S&P 1992] meets tight security in the Universally Composable (UC) framework. We propose a strong 2DH variant of EKE, denoted by 2DH-EKE, and prove its tight security in the UC framework based on the CDH assumption. The efficiency of 2DH-EKE is comparable to the original EKE, with only bits growth in communication ( the security parameter), and two (resp., one) extra exponentiation in computation for client (resp., server).
We also develop an asymmetric PAKE scheme 2DH-aEKE from 2DH-EKE. The security reduction loss of 2DH-aEKE is , the total number of client-server pairs. With a meta-reduction, we formally prove that such a factor is inevitable in aPAKE. Namely, our 2DH-aEKE meets the optimal security loss. As a byproduct, we further apply our technique to PAKE protocols like SPAKE2 and PPK in the relaxed UC framework, resulting in their 2DH variants with tight security from the CDH assumption