Ephemeral IPv6 server addresses (part 2)

Part 1 of this series described a mechanism similar to time-based one-time passwords (TOTP) that allows a client to communicate with a server on a constantly changing IPv6 address. TOTP are commonly used in two-factor authentication schemes, where a user logging in to a service has to provide a password and a code generated by a hardware token or an app on a smartphone. Since the code is time-based it can be created even if the token or phone isn't connected to a network: the device only needs a reasonably accurate idea of the current time.

For the present purpose, however, the device will almost certainly be connected: the point of generating the ever-changing IPv6 address is to connect to the hidden server. If we're unable to connect to an IPv6 address there's little point in having it.

This leads to a second stupid idea: the server can generate its temporary IPv6 address by combining a secret with a random string and then it can publish the string. The random string, like the time, doesn't need to be kept secret, so it can be made available to anybody on a static IP address. Only clients that know the server's secret can use the random string to work out the server's current ephemeral IPv6 address. A slight tweak to the previous script should do it:

   #!/bin/sh

   # display the current random-based IPv6 address

   uuid=`wget -q -O - http://ipv6.example.com:8080/uuid.txt`

   secret="Zarniwoop"
   prefix="2001:db8:1:2:3:4"

   suffix1="cafe"
   suffix2="babe"
   for salt in "Zarquon" "Frankie" "Benjy"
   do
      message="${secret}${uuid}${salt}"
      sum=`echo "$message" | md5sum`

      # reserve a /124 for static addresses
      somesum=`echo "$sum" | cut -c1-7`
      if [ "$somesum" != "0000000" ]
      then
         suffix1=`echo "$sum" | cut -c1-4`
         suffix2=`echo "$sum" | cut -c5-8`
         break
      fi
   done
   echo "${prefix}:${suffix1}:${suffix2}"

The above client script should be combined with a similar server script which runs as a cron job. Note that the server script puts the current random string into a file that it serves on a static IP address.

With a suitable CGI script any web server can redirect visitors to the hidden server. frippery.org uses this to implement another mirror that's only available via an ephemeral IPv6 address.

Some notes:

• I should probably have mentioned this earlier: all of these scripts have been developed to run on Linux. Similar techniques should work on other platforms but you'll need to sort out the details for yourself.

• The scripts on this page are selecting addresses from the same range of 4 billion addresses as the previous ones. There's a small chance that both scripts will select the same address at the same time but the system will cope with that. I considered giving each script its own subset of the range but there didn't seem much point: it would just reduce the number of addresses an attacker needed to search.

• The example scripts provided here should be treated as a proof-of-concept. They certainly aren't robust enough or secure enough to be used in production.

• Many details are hardcoded in the scripts:
  • the range of randomly allocated IP addresses
  • the range of static IP addresses
  • the time between address changes
  • the secret, the salts and the fallback IP address

  Some of these could usefully be encoded in DNS entries for the server. For example, the AAAA DNS entry for mirror.frippery.org returns 2a00:1098:0:86:1000:33:0:607c. Unless you get very lucky that isn't really its IP address. Instead the value encodes the prefix of the server's address range (60 hex is 96 decimal) and the prefix of the static address range (7c hex is 124 decimal).

For more continue to Part 3.