On the security of the Mobile IP protocol family

The Internet Engineering Task Force (IETF) has worked on\ud network layer mobility for more than 10 years and a number\ud of RFCs are available by now. Although the IETF mobility\ud protocols are not present in the Internet infrastructure as of\ud today, deployment seems to be imminent since a number\ud of organizations, including 3GPP, 3GPP2 and Wimax, have\ud realized the need to incorporate these protocols into their architectures.\ud Deployment scenarios reach from mobility support\ud within the network of a single provider to mobility support\ud between different providers and technologies. Current Wimax\ud specifications, for example, already support Mobile IPv4,\ud Proxy Mobile IPv4 and Mobile IPv6. Future specifications will\ud also support Proxy Mobile IPv6. Upcoming specifications in\ud the 3GPP Evolved Packet Core (EPC) will include the use of\ud Mobile IPv4, Dual Stack MIPv6 and Proxy Mobile IPv6 for\ud interworking between 3GPP and non 3GPP networks.\ud This paper provides an overview on the state-of-the-art\ud in IETF mobility protocols as they are being considered by\ud standardization organizations outside the IETF and focusing\ud on security aspects

Description and Experience of the Clinical Testbeds

This deliverable describes the up-to-date technical environment at three clinical testbed demonstrator sites of the 6WINIT Project, including the adapted clinical applications, project components and network transition technologies in use at these sites after 18 months of the Project. It also provides an interim description of early experiences with deployment and usage of these applications, components and technologies, and their clinical service impact

ALEX: Improving SIP Support in Systems with Multiple Network Addresses

The successful and increasingly adopted session initiation protocol (SIP) does not adequately support hosts with multiple network addresses, such as dual-stack (IPv4-IPv6) or IPv6 multi-homed devices. This paper presents the Address List Extension (ALEX) to SIP that adds effective support to systems with multiple addresses, such as dual-stack hosts or multi-homed IPv6 hosts. ALEX enables IPv6 transport to be used for SIP messages, as well as for communication sessions between SIP user agents (UAs), whenever possible and without compromising compatibility with ALEX-unaware UAs and SIP servers

Case Study - IPv6 based building automation solution integration into an IPv4 Network Service Provider infrastructure

The case study presents a case study describing an Internet Protocol (IP) version 6 (v6) introduction to an IPv4 Internet Service Provider (ISP) network infrastructure. The case study driver is an ISP willing to introduce a new “killer” service related to Internet of Things (IoT) style building automation. The provider and cooperation of third party companies specialized in building automation will provide the service. The ISP has to deliver the network access layer and to accommodate the building automation solution traffic throughout its network infrastructure. The third party companies are system integrators and building automation solution vendors. IPv6 is suitable for such solutions due to the following reasons. The operator can’t accommodate large number of IPv4 embedded devices in its current network due to the lack of address space and the fact that many of those will need clear 2 way IP communication channel. The Authors propose a strategy for IPv6 introduction into operator infrastructure based on the current network architecture present service portfolio and several transition mechanisms. The strategy has been applied in laboratory with setup close enough to the current operator’s network. The criterion for a successful experiment is full two-way IPv6 application layer connectivity between the IPv6 server and the IPv6 Internet of Things (IoT) cloud

Temporal and Spatial Classification of Active IPv6 Addresses

There is striking volume of World-Wide Web activity on IPv6 today. In early 2015, one large Content Distribution Network handles 50 billion IPv6 requests per day from hundreds of millions of IPv6 client addresses; billions of unique client addresses are observed per month. Address counts, however, obscure the number of hosts with IPv6 connectivity to the global Internet. There are numerous address assignment and subnetting options in use; privacy addresses and dynamic subnet pools significantly inflate the number of active IPv6 addresses. As the IPv6 address space is vast, it is infeasible to comprehensively probe every possible unicast IPv6 address. Thus, to survey the characteristics of IPv6 addressing, we perform a year-long passive measurement study, analyzing the IPv6 addresses gleaned from activity logs for all clients accessing a global CDN. The goal of our work is to develop flexible classification and measurement methods for IPv6, motivated by the fact that its addresses are not merely more numerous; they are different in kind. We introduce the notion of classifying addresses and prefixes in two ways: (1) temporally, according to their instances of activity to discern which addresses can be considered stable; (2) spatially, according to the density or sparsity of aggregates in which active addresses reside. We present measurement and classification results numerically and visually that: provide details on IPv6 address use and structure in global operation across the past year; establish the efficacy of our classification methods; and demonstrate that such classification can clarify dimensions of the Internet that otherwise appear quite blurred by current IPv6 addressing practices

Performance Analysis of IPv6 Transition Mechanisms over MPLS

 Exhaustion of current version of Internet Protocol version 4 (IPv4) addresses initiated development of next-generation Internet Protocol version 6 (IPv6). IPv6 is acknowledged to provide more address space, better address design, and greater security; however, IPv6 and IPv4 are not fully compatible. For the two protocols to coexist, various IPv6 transition mechanisms have been developed. This research will analyze a series of IPv6 transition mechanisms over the Multiprotocol Label Switching (MPLS) backbone using a simulation tool (OPNET) and will evaluate and compare their performances. The analysis will include comparing the end-to-end delay, jitter, and throughput performance metrics using tunneling mechanisms, specifically Manual Tunnel, Generic Routing Encapsulation (GRE) Tunnel, Automatic IPv4-Compatible Tunnel, and 6to4 Tunnel between Customer Edge (CE)-to-CE routers and between Provider Edge (PE)-to-PE routers. The results are then compared against 6PE, Native IPv6, and Dual Stack, all using the MPLS backbone. The traffic generated for this comparison are database access, email, File Transfer, File Print, Telnet, Video Conferencing over IP, Voice over IP, Web Browsing, and Remote Login. A statistical analysis is performed to compare the performance metrics of these mechanisms to evaluate any statistically-significant differences among them. The main objective of this research is to rank the aforementioned IPv6 transition mechanism and identify the superior mechanism(s) that offer lowest delay, lowest jitter, and highest throughput

Mechanisms for AAA and QoS Interaction

Proceedings of Third IEEE Workshop on Applications and Services in Wireless Networks, ASWN 2003. Bern, Switzerland, July 2-4, 2003.The interaction between Authentication, Authorization and Accounting (AAA) systems and the Quality of Service (QoS) infrastructure is to become a must in the near future. This interaction will allow rich control and management of both users and networks. DIAMETER and DiffServ are likely to turn into the future standards in AAA and QoS systems, but they are not designed to interact with each other. To face this, we propose a new Diameter-Diffserv interaction model and describe the Application Specific Module (ASM) implemented to allow this interaction. The ASM has been implemented and tested in a complete AAA-QoS IPv6 scenario