The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

A multi-objective routing strategy for QoS and energy awareness in software-defined networks

“© © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. http://ieeexplore.ieee.org/document/8013750/”Energy consumption is a key concern in the deployment and operation of current data networks, for which Software-Defined Networks (SDN) have become a promising alternative. Although several works have been proposed to improve the energy efficiency, these techniques may lead to performance degradations when QoS requirements are neglected. Inspired by this problem, this letter introduces a new routing strategy, jointly considering QoS requirements and energy awareness in SDN with in-band control traffic. To that end, we present a complete formulation of the optimization problem and implement a Multi- Objective Evolutionary Algorithm. Simulation results validate the performance improvement on critical network parameters.Peer ReviewedPostprint (published version

Energy-aware routing techniques for software-defined networks

Achieving energy efficiency has recently become a key topic of networking research due to the ever-increasing power consumption and CO2 emissions generated by large data networks. This problem is becoming even more concerning and challenging given the drastic traffic increase expected over the next few years. However, the use of efficient energy-aware strategies could overturn this situation reducing the electricity consumption of Internet data transmission networks, as well as contributing to mitigate the environmental impact of other sectors. The existence of redundant network elements with high capacities is a common design practice in current network infrastructures in order to face suddenly failures or peak traffic flows. However, these additional resources remain either unused or barely used most of the time leading to an undesired energy waste. Therefore, putting into sleep mode (i.e. a low-power state) unused elements is an effective and widely-accepted strategy to decrease the consumption of data networks. In this context, SDN can be seen as an attractive solution to achieve the long-awaited energy efficiency in current communications systems, since they allow a flexible programmability suitable for this problem. This doctoral thesis tackles the problem of optimizing the power consumption in SDN through the design of energy-aware routing techniques that minimize the number of network elements required to satisfy an incoming traffic load. Different from existing related works, we focus on optimizing energy consumption in SDN with in-band control traffic in order to close this important gap in the literature and provide solutions compatible with operational backbone networks. Complementing the general aim of improving the energy efficiency in SDN, this research is also intended to cover important related features such as network performance, QoS requirements and real-time operation. Accordingly, this study gives a general perspective about the use of energy efficient routing techniques, which cover integrated routing considerations for the data and control plane traffic in SDN. By using realistic input data, significant values of switched-off links and nodes are reached, which demonstrates the great opportunity for saving energy given by our proposals. The obtained results have also validated the intrinsic trade-off between environmental and performance concerns, considering several performance indicators. These findings confirm that energy-aware routing schemes should be designed considering specific traffic requirements and performance metric bounds. Moreover, it is shown that jointly considering QoS requirements and energy awareness is an effective approach to improve, not only the power consumption, but the performance on critical parameters such as control traffic delay and blocking rate. Similarly, the proposed dynamic traffic allocation with congestion-aware rerouting is able to handle demanding traffic arrival without degrading the performance of higher priority traffic. In general, our proposals are fine-grained, easy to implement and quite balanced and effective in their results looking for a suitable and readily deployment in real-world SDN scenarios. Therefore, the conducted research and contributions reported through this document not only add to what is known about the potential of energy-aware routing techniques, but also stand as a valuable solution on the road to a sustainable networking.L'assoliment de l'eficiència energètica s'ha convertit recentment en un tema clau de recerca de xarxes a causa dels creixents nivells de consum d'energia i emissions de CO2 generats per les xarxes de dades. Aquest problema es torna cada vegada més preocupant i desafiant, donat el dràstic augment del trànsit esperat en els propers anys. No obstant això, l'ús d'estratègies energètiques eficients podria invertir aquesta situació, reduint el consum d'electricitat de les xarxes de dades d'Internet i contribuint a mitigar l'impacte ambiental d'altres sectors. L'existència d'elements de xarxa redundants i amb grans capacitats és una pràctica de disseny habitual en les infraestructures de xarxes actuals per afrontar fallades sobtades o fluxos de trànsit més elevats. Tanmateix, aquests recursos addicionals romanen poc o gens utilitzats la major part del temps, generant un desaprofitament d'energia no desitjat. Per tant, posar en mode de repòs (és a dir, un estat de baixa potència) elements no utilitzats és una estratègia efectiva i àmpliament acceptada per disminuir el consum en xarxes de dades. En aquest context, les xarxes definides per programari (SDN) es poden considerar una solució atractiva per aconseguir l'esperada eficiència energètica en els sistemes de comunicacions actuals, ja que permeten una flexible programabilitat idònia per a aquest problema. Aquesta tesi doctoral aborda el problema d'optimitzar el consum d'energia en SDN a través del disseny de tècniques d'encaminament conscients de l'energia que minimitzen la quantitat d'elements de xarxa necessaris per satisfer una càrrega de trànsit entrant. Diferent dels treballs existents, aquesta tesi es centra a optimitzar el consum d'energia en SDN amb el control de tràfic dins de banda per tancar aquesta important bretxa en la literatura i proporcionar solucions compatibles amb xarxes troncals operatives. Complementant l'objectiu general de millorar l'eficiència energètica en SDN, aquesta recerca també pretén cobrir altres importants paràmetres relacionats, com ara el rendiment de la xarxa, els requisits de qualitat de servei (QoS) i el funcionament en temps real. En conseqüència, aquest estudi ofereix una perspectiva general sobre l'ús de tècniques d'encaminament eficients energèticament, que contempla consideracions integrades per al tràfic de dades i del pla de control en SDN. Prenent dades d'entrada realistes, es van aconseguir desconnectar significatives quantitats d'enllaços i nodes, la qual cosa demostra la gran oportunitat d'estalvi d'energia que ofereixen les nostres propostes. Els resultats obtinguts també validen el estret compromís entre les preocupacions ambientals i les qüestions de rendiment de la xarxa, considerant diversos indicadors de rendiment. Aquests resultats confirmen que els esquemes d'encaminament conscients de l'energia s'han de dissenyar tenint en compte els requisits de tràfic específics i els límits desitjats de les mètriques de rendiment. A més, es demostra que, considerant conjuntament els requisits de QoS i de l'energia necessària, és un enfocament eficaç per millorar, no només el consum d'energia, sinó també el rendiment en paràmetres crítics, com la latència del tràfic de control i la probabilitat de bloqueig. De manera semblant, l'assignació dinàmica de tràfic proposta, amb re-encaminament conscient de la congestió, permet gestionar grans volums de trànsit sense degradar el rendiment de les demandes de major prioritat. En general, les nostres propostes són precises, fàcils d'implementar i bastant equilibrades i efectives en els seus resultats, buscant un desplegament adequat i fàcil en escenaris pràctics de SDN. Per tant, la recerca realitzada i les contribucions contingudes en aquest document no només afegeixen el que es coneix sobre el potencial de les tècniques d'encaminament conscients de l'energia, sinó que també representen una valuosa solució en el camí cap a una xarxa sostenibl

The Z-Wave Routing Protocol and Its Security Implications

Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol

Techniques for the dynamic randomization of network attributes

Critical infrastructure control systems continue to foster predictable communication paths and static configurations that allow easy access to our networked critical infrastructure around the world. This makes them attractive and easy targets for cyber-attack. We have developed technologies that address these attack vectors by automatically reconfiguring network settings. Applying these protective measures will convert control systems into «moving targets» that proactively defend themselves against attack. This «Moving Target Defense» (MTD) revolves about the movement of network reconfiguration, securely communicating reconfiguration specifications to other network nodes as required, and ensuring that connectivity between nodes is uninterrupted. Software-defined Networking (SDN) is leveraged to meet many of these goals. Our MTD approach eliminates adversaries targeting known static attributes of network devices and systems, and consists of the following three techniques: (1) Network Randomization for TCP/UDP Ports; (2) Network Randomization for IP Addresses; (3) Network Randomization for Network Paths In this paper, we describe the implementation of the aforementioned technologies. We also discuss the individual and collective successes for the techniques, challenges for deployment, constraints and assumptions, and the performance implications for each technique

Securing VoIP: A Framework to Mitigate or Manage Risks

In Australia, the past few years have seen Voice over IP (VoIP) move from a niche communications medium used by organisations with the appropriate infrastructure and capabilities to a technology that is available to any one with a good broadband connection. Driven by low cost and no cost phone calls, easy to use VoIP clients and increasingly reliable connections, VoIP is replacing the Public Switch Telephone Network (PSTN) in a growing number of households. VoIP adoption appears to be following a similar path to early Internet adoption, namely little awareness by users of the security implications. Lack of concern about security by VoIP users is probably due to the relatively risk free service provided by the PSTN. However, VoIP applications use the Internet as their communications medium and therefore the risk profile is significantly different to the PSTN. This paper reviews the risks for two VoIP implementation models now being increasingly used in Australian homes; the PC softphone and the Analogue Telephony Adaptor (ATA). An overview of each of the VoIP implementation models is given together with a description of the respective technologies and protocols utilised. The VoIP security threats, applicable to the two VoIP implementation models considered, are enumerated and vulnerabilities that could be exploited are considered. Available security mechanisms that address the identified vulnerabilities are discussed. A practical and pragmatic VoIP security framework is proposed that will enable a user to mitigate or manage the risks associated with using the VoIP implementation models considered. By applying the VoIP security framework a user will be able to deploy a secure VoIP solution appropriate for residential use