IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network

A comparison of OSPFv3 and EIGRPv6 in a small IPv6 enterprise network

As the Internet slowly transitions towards IPv6, the routing protocols that are used to forward traffic across this global network must adapt to support this gradual transition. Two of the most frequently discussed interior dynamic routing protocols today are the IETF’s OSPF and Cisco’s EIGRP routing protocol. A wealth of papers have compared OSPF and EIGRP in terms of converge times and resource usage, however few papers have assessed the performance of each when implementing their respective security mechanisms. Therefore a comparison of OSPFv3 and EIGRPv6 will be conducted using dedicated Cisco hardware. This paper will firstly introduce each protocol and its security mechanisms, before conducting a comparison of OSPFv3 and EIGRPv6 using Cisco equipment. After discussing the simulation results, a conclusion will be drawn to reveal the findings of this paper and which protocol performs the best upon implementing their respective security mechanisms within a small IPv6 enterprise network

Convergence speed of a link-state protocol for IPv6 router autoconfiguration

This report presents a model for the NAP protocol, dedicated to the auto-configuration of IPv6 routers. If the auto-configuration of hosts is defined by IPv6 and mandatory, IPv6 routers still have to be manually configured. In order to succeed in new networking domains, a full auto-configuration feature must be offered. NAP offers a fully distributed solution that uses a link state OSPFv3-like approach to perform prefix collision detection and avoidance. In this report, we present a model for NAP and analyze the average and maximum autoconfiguration delay as a function of the network size and the prefix space size

Development of a Graduate Course on the Transition to Internet Protocol Version 6

Internet and mobile connectivity has grown tremendously in the last few decades, creating an ever increasing demand for Internet Protocol (IP) addresses. The pool of Internet Protocol version 4 (IPv4) addresses, once assumed to be more than sufficient for every person on this planet, has reached its final stages of depletion. With The Internet Assigned Numbers Authority’s (IANA) global pools depleted, and four of the five Regional Internet Registries (RIR) pools down to the their last /8 block, the remaining addresses will not last very long. In order to ensure continuous growth of the internet in the foreseeable future, we would need a newer internet protocol, with a much larger address space. Specifically, with that goal in mind the Internet Protocol version 6 (IPv6) was designed about two decades ago. Over the years it has matured, and has proven that it could eventually replace the existing IPv4. This thesis presents the development a graduate level course on the transition to IPv6. The course makes an attempt at understanding how the new IPv6 protocol is different than the currently used IPv4 protocol. And also tries to emphasize on the options existing to facilitate a smooth transition of production networks from IPv4 to IPv6

Integrating Voice over IP Solution in IPv6 and IPv4 Networks to Increase Employee Productivity: A Case Study of Cameroon Telecommunications (Camtel), North-West

Telecommunications organizations have to follow the rapid innovation of technology if they want to face challenges raised by competition. The challenge to respond to the huge market demand of updated products and services from customers requires that the organization‘s working environment be equipped with tools and communication facilities that contribute to ameliorating productivity. Cameroon Telecommunications (Camtel) is facing a digital telephony and Internet Protocol strategic management challenge. Successful implementation cannot be achieved if the employees are still depending on the ageing public switched telephone network (PSTN) as their primary communication system, despite the frequent loss of dial tone experience in a day which can last up to a week, with serious repercussions on business activities and revenues. This study is designed to provide a solution to the telecommunications challenge. The fundamental question is how to integrate a digital telephony system that will provide telephony services in the existing IPv4 data network while prioritizing IPv6 traffic forwarding. This study proposes and implements solutions that integrate a Voice over IP solution with IPv6 as an alternative communication system that relies on the existing IPv4 data network. VoIP is deemed as one of the driving forces behind the adoption of IPv6. The purpose is to offer to workers an option that will free them from the poor Quality of Service (QoS) of their existing PSTN based solution, hopefully enhancing the overall productivity. This paper follows two research methodologies: Qualitative Research in Applied Situations and Engineering design process. The first part of this study reports the results of the evaluation of how much such a solution can enhance workers’ productivity. As it is important to provide an environment where IPv4 and IPv6 networks and applications/devices can interoperate in the context of VoIP; the second part describes practically a simulation environment where various configurations of network entities are done following a Dual-Stack transition approach. Document and records were used to gather information related to the structure, operations, and topological update of the Camtel’s existing IP data network. The findings demonstrated that VoIP can be an effective communication solution for Camtel and its implementation with IPv6 will be preferable. However, for this to be efficient there must be a provision of sufficient bandwidth and usage of types of equipment and transmission mediums that minimizes processing and propagation delays. Findings also reveal that better productivity will be achieved if workers are fully trained for the exploitation. This research article tries to highlight, discuss a required transition roadmap and extend the local knowledge and practice on IPv6. Future expansion of this research work will consist of deploying Dual-Stack VoIP in the remaining 9 regional offices for full integration in the corporate communication system of Camtel

Implementação prática de tunelamento para transporte de pacotes IPv4 sobre redes IPv6

O protocolo IP é um protocolo roteado que faz parte da camada de rede do modelo OSI, e é responsável por fornecer um serviço de transferência de dados independente da implementação da camada de ligação lógica (enlace de dados).  Devido a diversas aplicações necessitando um endereço IP único, a versão 4 do protocolo IP se vê em uma exaustão próxima. Como solução, foi desenvolvido o protocolo IP na sua versão 6, onde foi calculada a expansão da Internet para os próximos anos, tornando-o uma solução cabível para o término de endereços IPv4. A principal diferença entre ambas as versões do protocolo, nota-se o número de bits, passando de 32 na versão 4 para 128 na versão 6. Porém, a transição de uma versão para a outra não se tem mostrado de maneira rápida. Neste documento é mostrado uma das diversas maneiras para transição entre as versões do protocolo – o tunelamento. Onde, é utilizado juntamente outro modelo de transição, o de pilha dupla, tendo ambas as versões do protocolo nos roteadores da rede, tendo uma ligação em túnel entre as redes IPv6 através da rede IPv4, utilizando um protocolo de roteamento já conhecido na versão 4 do IP, o RIP

RETRACTED: Analyzing challenging aspects of IPv6 over IPv4

This article has been retracted by the publisher. This article has been retracted at the request of The International Arab Journal of Information Technology (IAJIT) report because of misconduct and plagiarism. The document and its content have been removed from the Jurnal Ilmiah Teknik Elektro Komputer dan Informatika, and reasonable effort should be made to remove all references to this article

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network