Securing tunnel endpoints for IPv6 transition in enterprise networks

Taib, Abidah Mat; Budiarto, Rahmat

doi:10.1109/cssr.2010.5773699

Cited by 6 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To provide an eventual transition to IPv6 only infrastructure and to currently coexist with IPv4 infrastructure, various transition mechanisms are proposed by IETF. Tunnel and dual stack are the most common technologies used while IPv6 translation (Taib et al, 2007;Taib and Budiarto, 2010).…”

Section: Transition Technologymentioning

confidence: 99%

Analysis of IPv6 through Implementation of Transition Technologies and Security Attacks

Alzaid

Issac

2016

International Journal of Business Data Communications and Networking

View full text Add to dashboard Cite

IPv6 provides more address space, improved address design, and greater security than IPv4. Different transition mechanisms can be used to migrate from IPv4 to IPv6 which includes dual stack networks, tunnels and translation technologies. Within all of this, network security is an essential element and therefore requires special attention. This paper analyses two transition technologies which are dual stack and tunnel. Both technologies are implemented using Cisco Packet Tracer and GNS3. This work will also analyse the security issues of IPv6 to outline the most common vulnerabilities and security issues during the transition. Finally, the authors will design and implement the dual stack, automatic and manual tunnelling transition mechanisms using Riverbed Modeler simulation tool to analyse the performance and compare with the native IPv4 and IPv6 networks.

show abstract

Section: Transition Technologymentioning

confidence: 99%

Analysis of IPv6 through Implementation of Transition Technologies and Security Attacks

Alzaid

Issac

2016

International Journal of Business Data Communications and Networking

View full text Add to dashboard Cite

show abstract

“…When IPv6 packet is encapsulated in IPv4 payload then there is no means for administrators to know about IPv6 traffic that has tunneled into their networks (Sabnis and Tech, 2013). Unfortunately tunneling introduces security threats in which intruders may spoof the address of the packet origin and potentially inject the packet at the tunnel endpoint (Taib and Budiarto, 2010). Spoofing in IPv6 over IPv4 tunnel still represents a serious problem today, one of the solutions that been proposed is to use IPsec with ingress filtering.…”

Section: Introductionmentioning

confidence: 99%

Enhanced Encapsulated Security Payload a New Mechanism to Secure Internet Protocol Version 6 Over Internet Protocol Version 4

Hassan

Ahmed

Othman

et al. 2014

Journal of Computer Science

View full text Add to dashboard Cite

A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec's protocol Encapsulated Security Payload (ESP). ESP's padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.

show abstract

Comparative studies of IPv6 tunnel security

Zhang

Wang

et al. 2017

2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD)

View full text Add to dashboard Cite

Securing tunnel endpoints for IPv6 transition in enterprise networks

Cited by 6 publications

References 14 publications

Analysis of IPv6 through Implementation of Transition Technologies and Security Attacks

Analysis of IPv6 through Implementation of Transition Technologies and Security Attacks

Enhanced Encapsulated Security Payload a New Mechanism to Secure Internet Protocol Version 6 Over Internet Protocol Version 4

Comparative studies of IPv6 tunnel security

Contact Info

Product

Resources

About