Feasible Threats By Manipulating Tunneling Packet On 6to4 Network

Tunneling mechanism becomes the most delicate transition mechanism compared to other transition mechanism, Dual Stack and Address Translation because tunneling offers easier way to start migrating from IPv4 to IPv6 and offers a smooth transition. 6to4 tunneling is automatic tunneling to conquer migration issues. In fact, tunnel transition mechanism is believed to be susceptible from several type of attacks. On 6to4 tunneling, Neighbor Discovery Protocol message becomes a potential media to exploit by attacker. It starts with deploying a controlled testbed network environment and running several scenario DoS attack by manipulating NDP message through 6to4 tunneling. The expected result is to prove that attacking methods is feasible and effective

Path computation in multi-layer networks: Complexity and algorithms

Carrier-grade networks comprise several layers where different protocols coexist. Nowadays, most of these networks have different control planes to manage routing on different layers, leading to a suboptimal use of the network resources and additional operational costs. However, some routers are able to encapsulate, decapsulate and convert protocols and act as a liaison between these layers. A unified control plane would be useful to optimize the use of the network resources and automate the routing configurations. Software-Defined Networking (SDN) based architectures, such as OpenFlow, offer a chance to design such a control plane. One of the most important problems to deal with in this design is the path computation process. Classical path computation algorithms cannot resolve the problem as they do not take into account encapsulations and conversions of protocols. In this paper, we propose algorithms to solve this problem and study several cases: Path computation without bandwidth constraint, under bandwidth constraint and under other Quality of Service constraints. We study the complexity and the scalability of our algorithms and evaluate their performances on real topologies. The results show that they outperform the previous ones proposed in the literature.Comment: IEEE INFOCOM 2016, Apr 2016, San Francisco, United States. To be published in IEEE INFOCOM 2016, \<http://infocom2016.ieee-infocom.org/\&g

Revisión de la seguridad en la implementación de servicios sobre IPv6

En la actualidad los sistemas de transmisión e interconexión presentan varias vulnerabilidades, entre ellas, la facilidad de analizar tráfico que permite una tasa alta de ataques propios del protocolo IPv4, por ello se hace necesario que servicios como FTP, DHCP y SSH busquen la migración e implementación de redes IP bajo IPv6, la cual cuenta con características propias de la seguridad informática mediante el protocolo IPsec, sin importar el sistema operativo libre o propietario de los clientes finales. El presente artículo evalúa, mediante pruebas de configuración, la funcionalidad del estándar o protocolo IPv6 y sus características de seguridad en la implementación como opción de configuración en un escenario controlado para mitigar ataques en la autenticación, integridad y confidencialidad de la información, permitiendo determinar que los servicios analizados garantizan un mayor nivel de confiabilidad propio y nativo a través de IPsec por cualquier medio sobre el cual viajen los datos.Actually, transmission and interconnection systems have several vulnerabilities including the facil-ity to analyze traffic that allows a high rate of attacks own IPv4 protocol, therefore it is necessary for services such as FTP, DHCP and SSH seek Migration and De-ployment to IPv6 networks. It has characteristics of computer security by IPSEC protocol, regardless of the free operating system or own end customers. This paper analyzes by testing the functionality of the standard settings or IPv6 protocol and its security features in the implementation and setting in a controlled environment to mitigate attacks on authentication, integrity and con-fidentiality of information, allowing to determine which scenario services analyzed guarantee a higher level of own native IPSEC reliability through regardless of the medium on which data travel

Revisión de la seguridad en la implementación de servicios sobre IPv6

Actually, transmission and interconnection systems have several vulnerabilities including the facility to analyze traffic that allows a high rate of attacks own IPv4 protocol, therefore it is necessary for services such as FTP, DHCP and SSH seek Migration and Deployment to IPv6 networks. It has characteristics of computer security by IPSEC protocol, regardless of the free operating system or own end customers. This paper analyzes by testing the functionality of the standard settings or IPv6 protocol and its security features in the implementation and setting in a controlled environment to mitigate attacks on authentication, integrity and confidentiality of information, allowing to determine which scenario services analyzed guarantee a higher level of own native IPSEC reliability through regardless of the medium on which data travelEn la actualidad los sistemas de transmisión e interconexión presentan varias vulnerabilidades, entre ellas, la facilidad de analizar tráfico que permite una tasa alta de ataques propios del protocolo IPv4, por ello se hace necesario que servicios como FTP, DHCP y SSH busquen la migración e implementación de redes IP bajo IPv6, la cual cuenta con características propias de la seguridad informática mediante el protocolo IPsec, sin importar el sistema operativo libre o propietario de los clientes finales. El presente artículo evalúa, mediante pruebas de configuración, la funcionalidad del estándar o protocolo IPv6 y sus características de seguridad en la implementación como opción de configuración en un escenario controlado para mitigar ataques en la autenticación, integridad y confidencialidad de la información, permitiendo determinar que los servicios analizados garantizan un mayor nivel de confiabilidad propio y nativo a través de IPsec por cualquier medio sobre el cual viajen los datos

Privacy Enforcement in a Cost-Effective Smart Grid

In this technical report we present the current state of the research conducted during the first part of the PhD period. The PhD thesis “Privacy Enforcement in a Cost-Effective Smart Grid” focuses on ensuring privacy when generating market for energy service providers that develop web services for the residential domain in the envisaged smart grid. The PhD project is funded and associated to the EU project “Energy Demand Aware Open Services for Smart Grid Intelligent Automation” (SmartHG) and therefore introduces the project on a system-level. Based on this, we present some of the integration, security and privacy challenges that emerge when designing a system architecture and infrastructure. The resulting architecture is a consumer-centric and agent-based design and uses open Internet-based communication protocols for enabling interoperability while being cost-effective. Finally, the PhD report presentthe envisaged future work and publications that will lead to completion of the PhD study

Testing and Evaluation of a DNS64/NAT64 System

Internet on kasvanut huimasti yli sen alkuperäisten kehittäjien villien unelmien. Aikoinaan, kun IP-protokollaa oltiin kehittämässä, ei kukaan voinut ennalta nähdä tilannetta, jossa globaali osoiteavaruus loppuisi jonakin päivänä. Kuitenkin tällä hetkellä ollaan saavuttamassa tilannetta, jossa osoitteet loppuvat ja koko maailma on ison haasteen edessä. Uusi versio IP:stä, versio 6, täytyy ottaa käyttöön ympäri maailman. Tässä uudessa versiossa on niin suuri globaali osoiteavaruus, että sen pitäisi riittää ihmiskunnan loppuun asti. Siirtyminen IPv4:stä IPv6:een on alkanut monta vuotta sitten, mutta vasta nyt se alkaa nopeutua. Tässä siirtymävaiheessa on monia ongelmia. Yksi suurimmista ongelmista on se, kuinka IPv4 ja IPv6 -laitteet saadaan muodostamaan yhteyksiä keskenään tämän tärkeän ja monivuotisen siirtymävaiheen aikana. Eräs ratkaisu tähän kysymykseen on DNS64/NAT64, joka on tutkimuksen ja testauksen kohteena tässä diplomityössä. Ilman DNS64/NAT64 -järjestelmää ja muita siirtymävaiheen tekniikoita ei uuteen IPv6:een voitaisi järkevästi siirtyä. Tässä diplomityössä on tutkittu DNS64/NAT64 -järjestelmän soveltuvuutta siirtymävaiheen teknologiaksi. Työ pitää sisällään kyseisen järjestelmän testausta, ongelmakohtien kartoitusta sekä parannusehdotuksia ja yleistä analysointia. Sivutuotteena varsinaisen järjestelmän testauksen lisäksi myös testauksessa käytetyn ohjelmiston laatu parani löydettyjen virheiden ja toteutettujen parannusehdotusten seurauksena. /Kir1

Migration to a New Internet Protocol in Operator Network

This thesis explains the differences between IPv4 and IPv6. Another important part of the thesis is to review the current readiness of IPv6 for worldwide production use. The status (in terms of readiness, adaptability, compatibility and co-existence) of IPv6 in TeliaSonera is discussed in more detail. The most important reason for migrating to IPv6 is the address exhaustion of IPv4. This may not be a big problem in the developed countries but in developing countries the growth of Internet is fast and lots of more addresses are needed. The need for addresses is not only from computers but from many devices connected to the Internet. Attempts to slow down the exhaustion of free addresses have been made but current solutions are not enough. IPv6 will solve the problem by using much longer addresses. It will also add security features and simplify headers to speed up routing. TeliaSonera has started to roll out IPv6 services. At the beginning the corporate customers will receive IPv6 connectivity and consumers will follow later. TeliaSonera International Carrier is already serving its customers with IPv6. It seems that IPv6 is ready, standards have been ready for years and support in devices and software is prevalent. To achieve and keep up the global connectivity, IPv6 is a must and should not be avoided