Reducing Packet Overhead in Mobile IPv6

Common Mobile IPv6 mechanisms, Bidirectional tunneling and Route optimization, show inefficient packet overhead when both nodes are mobile. Researchers have proposed methods to reduce packet overhead regarding to maintain compatible with standard mechanisms. In this paper, three mechanisms in Mobile IPv6 are discussed to show their efficiency and performance. Following discussion, a new mechanism called Improved Tunneling-based Route Optimization is proposed and due to performance analysis, it is shown that proposed mechanism has less overhead comparing to common mechanisms. Analytical results indicate that Improved Tunneling-based Route Optimization transmits more payloads due to send packets with less overhead

Enhanced Home Registration security protocol in MobileIPv6

The Enhanced Home Registration (EHR) protocol extends the basic home registration protocol defined in MIPv6 to support the location authentication of MNs to their HAs. The EHR is based on novel ideas of segmenting the IPv6 address space, using a symmetric CGA-based technique for generating CoAs, and applying concurrent CoAs reachability tests. As a result, EHR is able to reduce the likelihood of a malicious MN being successful in luring an HA to flood a third party with useless packets using MIPv6. In addition, EHR enables HAs to help in correspondent registrations by confirming MNs' CoAs to CNs

A Secure and Decentralized Registration Scheme for IPv6 Network-Based Mobility Senthil Kumar Mathi 1, M.L.Valarmathi 2

Abstract — For frequent movement of a mobile device, there is a need for a secure registration procedure of the mobile device by announcing its current location to the home network, especially, if it is not in the home domain. While devising the registration procedure for mobile IPv6 (MIPv6) based network, it is essential to consider the security issues for cryptographic approaches and an infrastructure requirement on the network. If a public key based cryptography is used for improving the security, then the key exchange mechanisms of the communicants must be handled appropriately. The infrastructure based approach increases the complexity of the mobile device and the mobility agents and also requires an additional message exchanges. Hence, this paper deals with an infrastructure-less registration scheme with symmetric key approach that acts upon MIPv6 environment consisting of the mobile node, home agent, and correspondent node. The proposed scheme is simulated and evaluated for security using Murphi checker. The correctness of the signaling/message sequences of the proposed scheme are verified by the finite state machine. Finally, the simulation results reveals that better security and mutual authentication between MIPv6 nodes have been achieved, and further, mitigation for the various attack scenarios have also been addressed

AN ENHANCED BINDING UPDATE SCHEME FOR NEXT GENERATION INTERNET PROTOCOL MOBILITY

In recent years, the usage of mobile devices has become essential for people, both for business and for their daily activities. The mobile devices can get services directly from their home network and from other correspondent devices regardless of their position without using any intermediate agent. It is achieved by using mobility based Internet Protocol version 6, called as next generation internet protocol mobility. Since network mobility uses open air interface as a communication medium, it is possible for many security threats and attacks that might attempt to get unauthorized access from the participating entities. Consequently, the protection of network mobility from threats is one of the most demanding tasks as it must be considered without increasing the complexity while enhancing security. Hence, the paper proposes an enhanced location update scheme by incorporating the optimal asymmetric encryption method based on the random oracle model for providing security and efficiency. It emphasizes the security goals such as authentication, integrity, and confidentiality from the security analysis. In addition, it addresses the attack prevention analysis for the attacks such as rerun, man-in-the-middle and false location update. The proposed scheme is simulated and verified for security properties using a security validation tool - Automated Validation of Internet Security Protocols and Applications. Finally, the simulation studies show that the latency of the proposed scheme is reduced significantly when compared the other location update schemes

Moving Target Defense for Securing SCADA Communications

In this paper, we introduce a framework for building a secure and private peer to peer communication used in supervisory control and data acquisition networks with a novel Mobile IPv6-based moving target defense strategy. Our approach aids in combating remote cyber-attacks against peer hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed at a certain interval creating a moving target to make it difficult for an attacker to find the host. At the same time, the peer host is updated through the use of the binding update procedure (standard Mobile IPv6 protocol). Compared with existing results that can incur significant packet-loss during address rotations, the proposed solution is loss-less. Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper. Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts. Recovering the communication after rebooting a host is also a new contribution of this paper. Lab-based simulation results are presented to demonstrate the performance of the method in action, including its overheads. The testbed experiments show zero packet-loss rate during handoff delay

Transición al protocolo IPV6, aspectos de seguridad informática para tener presente.

El siguiente trabajo está enfocado en el estudio de los pasos necesarios para lograr un proceso de migración del protocolo IPV4 al protocolo IPV6 de manera exitosa, mencionando las herramientas necesarias a implementar, buscando que la transición se logre de una forma transparente, evitando complicaciones en los servicios de la entidad que desea realizar la actualización; esto con el fin de dar solución a las múltiples problemáticas que se han evidenciado en el protocolo IPV4, problemáticas que generan un atraso e impiden el uso de nuevas aplicaciones que son fundamentales para la evolución de los procesos de comunicación. El nuevo protocolo se presenta como solución y forma de subsanar las falencias que su antecesor ha dejado en evidencia. Comprendiendo que este proceso de migración tiene su grado de complejidad, se requiere de una rigurosa investigación y conceptualización, por tal motivo se presenta la siguiente monografía con el fin de guiar de forma correcta en el curso de la transición. En este escrito, se plantean fases básicas las cuales buscan que la migración se logre con la mayor transparencia posible, pensando en la normalidad de los procesos de la empresa que asuma el reto, cada fase cuenta con una serie de actividades que incorporándolas en un cronograma dará vía al cambio entre el IPV4 e IPV6. Cada entidad podrá tomar como base estas fases y sus respectivas actividades para la construcción de un cronograma, este será ajustado a la necesidad de la compañía, sin saltar procesos que pudieran ser vitales para la adopción del protocolo IPV6.The following work is focused on the explanation of the steps necessary to achieve a process of migration of the IPV4 protocol to the IPV6 protocol in a successful way, mentioning the necessary tools to be implemented, looking for the transition to be achieved in a transparent way, avoiding complications in the services of the entity that wishes to perform the update; this in order to solve the multiple problems that have been evidenced in the IPV4 protocol, problems that generate a delay and prevent the use of new applications that are fundamental for the evolution of communication processes. The new protocol is presented as a solution and way of correcting the shortcomings that its predecessor has left in evidence. Understanding that this migration process has its degree of complexity, a rigorous investigation and conceptualization is required, for this reason the following monograph is presented in order to guide correctly during the transition. In this paper, basic phases are proposed which seek that migration be achieved with the greatest possible transparency, thinking about the normality of the company's processes that take on the challenge, each phase has a series of activities that incorporating them into a schedule will give way to the change between IPV4 and IPV6. Each entity may take as a basis these phases and their respective activities for the construction of a schedule, this will be adjusted to the need of the company, without skipping processes that could be vital for the adoption of the IPV6 protocol

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

Protocolo de seguridad orientado a IPv6 - IPsec.

Con la necesidad de expansión que tiene internet y la declaratoria de agotamiento del direccionamiento IPv4 por parte de IANA, entidad dedicada a supervisar la asignación global de direcciones IP, surgió en 1998 el nuevo protocolo de comunicaciones denominado IPV6 el cual reemplazaría a IPv4 gracias a que cuenta con un direccionamiento de 128 bits en comparación con los 32 bits de la versión anterior, cubriendo las necesidades de direccionamiento IP y con ella viene una solución de seguridad muy potente denominada IPsec. El protocolo IPsec integrada en IPv6 características de seguridad como: encabezados de autenticación AH, autenticación de origen de los datos, cifrado de seguridad ESP y utilización de VPN o túneles. Es de precisar que para una entidad, la realización de la transición de IPv4 a IPv6 debe realizarse de manera gradual y con anterioridad efectuar un estudio en donde se contemple infraestructura existente, software utilizado y la red de internet brindada por el ISP, todo este conjunto de variables debe estar alineado y configurado para que mediante la ayuda de ambientes de transición como dual-stack se permita la comunicación de paquetes tanto de IPv4 como IPv6 de tal forma que no exista traumatismo y sea transparente para los usuarios que utilizan la red.With the need for expansion of the internet and the declaration of exhaustion of IPv4 addressing by IANA, an entity dedicated to supervising the global allocation of IP addresses, the new communications protocol called IPV6 emerged in 1998, which would replace IPv4 thanks to the fact that It has 128-bit addressing compared to 32-bit in the previous version, covering IP addressing needs and with it comes a very powerful security solution called IPsec. The IPsec protocol built into IPv6 security features such as: AH authentication headers, data origin authentication, ESP security encryption, and use of VPNs or tunnels. It is necessary to specify that for an entity, the transition from IPv4 to IPv6 must be carried out gradually and beforehand carry out a study that includes existing infrastructure, software used and the internet network provided by the ISP, all this set The number of variables must be aligned and configured so that through the help of transitional environments such as dual-stack, the communication of both IPv4 and IPv6 packets is allowed in such a way that there is no trauma and is transparent for the users who use the network