Exploiting IPv6 Flow Label

Explore the security implications of the IPv6 flow label field in this 15-minute IEEE conference talk. Delve into a detailed analysis of how remote servers can exploit the flow label generation logic in Windows 10, Linux, and Android devices to assign unique identifiers and track user activity across networks and browsers. Learn about the reverse-engineering process of Windows and Linux kernel flow label generation code, and discover practical techniques for extracting encryption keys used in these algorithms. Examine both active and passive attack variants, their effectiveness across different network configurations, and the potential impact on user privacy. Gain insights into IPv6 protocol design, address exhaustion issues, and the challenges of maintaining anonymity in modern network environments.

Intro
IPv4 Address Exhaustion
IPv6 - History and Adoption
IPv6 Address Size
IPv6 Temporary Addresses
IPv6 - Flow Classification and the Flow Label
Windows - Flow Label Generation Algorithm (TCP & UDP) • The algorithm is based on hashing the destination address, source address, destination port and the source port
Linux/Android - Flow Label Generation Algorithm (stateless protocols)
Attack Concept - Summary
Active Attacker - Windows (1) UDP Case
Active Attacker - Windows (3)
Attacker Models
Conclusions