A Taxonomy and Comparative Analysis of IPv4 Identifier Selection Correctness, Security, and Performance

TL;DR

This paper provides a comprehensive taxonomy and comparative analysis of IPv4 Identifier selection methods, evaluating their correctness, security, and performance over 25 years to inform best practices and identify shortcomings.

Contribution

It introduces a taxonomy of IPID selection methods, analyzes their security and correctness mathematically, and empirically evaluates their performance across different implementations.

Findings

Certain IPID methods are more secure but less performant.

Many OS implementations have notable shortcomings in IPID selection.

Systematic evaluation reveals gaps in current security practices.

Abstract

The battle for a more secure Internet is waged on many fronts, including the most basic of networking protocols. Our focus is the IPv4 Identifier (IPID), an IPv4 header field as old as the Internet with an equally long history as an exploited side channel for scanning network properties, inferring off-path connections, and poisoning DNS caches. This article taxonomizes the 25-year history of IPID-based exploits and the corresponding changes to IPID selection methods. By mathematically analyzing these methods' correctness and security and empirically evaluating their performance, we reveal recommendations for best practice as well as shortcomings of current operating system implementations, emphasizing the value of systematic evaluations in network security.