Possible Attacks based on IPv6 Features and Its Detection

Slides:



Advertisements
Similar presentations
A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Advertisements

1 Mobile IPv6-Based Ad Hoc Networks: Its Development and Application Advisor: Dr. Kai-Wei Ke Speaker: Wei-Ying Huang.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.
IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
How to Design Wireless Security Mechanisms Manel Guerrero Zapata Mobile Networks Laboratory Nokia Research Center.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
© Mobile Platform Laboratory | SAMSUNG Electronics IPv6 DAD Optimization Goals and Requirements Soohong Daniel Park / Youn-Hee Han / Greg Daley
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
Hidden Terminal based Attack, Diagnosis and Detection Yao Zhao, Leo Zhao, Yan Chen Lab for Internet & Security Tech, Northwestern Univ.
PaC with unspecified IP address. Requirements Assigning an IP address to the client is outside the scope of PANA. PANA protocol design MAY require the.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.
Secure Cell Relay Routing Protocol for Sensor Networks Xiaojiang Du, Fengiing Lin Department of Computer Science North Dakota State University 24th IEEE.
1 Adaptive QoS Framework for Wireless Sensor Networks Lucy He Honeywell Technology & Solutions Lab No. 430 Guo Li Bin Road, Pudong New Area, Shanghai,
Weaponizing Wireless Networks: An Attack Tool for Launching Attacks against Sensor Networks Thanassis Giannetsos Tassos Dimitriou Neeli R. Prasad.
Fault-Tolerant Design for Mobile IPv6 Networks Jenn-Wei Lin and Ming-Feng Yang Graduate Institute of Applied Science and Engineering Fu Jen Catholic University.
Inter-Mobility Support in Controlled 6LoWPAN Networks Zinonos, Z. and Vassiliou, V., GLOBECOM Workshops, 2010 IEEE.
A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.
Source Address Validation Architecture (SAVA) Requirements of CNGI-CERENT2 Jianping Wu CERNET/Tsinghua University IETF 68 Prague March 2007.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Roaming Over Savi Device Tao Lin IETF 79. Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN.
Localized Algorithm for Aggregate Fairness in Wireless Sensor Networks Authors : Shigang Chen, Zhan Zhang CISE university of Florida CISE university of.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Speaker : Po-Kang Chen Advisor : Quincy Wu Date : 2010/06/13.
Secure Neighbor Discovery in IPv6 Jari Arkko Ericsson Research James Kempf DoCoMo US Labs.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
Duplicate Address Detection Proxy (draft-costa-6man-dad-proxy-00)
Introduction to Mobile IPv6
Enhance Security of IP Network using New Architecture of Address Validation Xiaodong Duan China Mobile.
V6OPS WG – IETF #85 IPv6 for 3GPP Cellular Hosts draft-korhonen-v6ops-rfc3316bis-00 Jouni Korhonen, Jari Arkko, Teemu Savolainen, Suresh Krishnan.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
Energy Efficient Data Management for Wireless Sensor Networks with Data Sink Failure Hyunyoung Lee, Kyoungsook Lee, Lan Lin and Andreas Klappenecker †
Jinfang Jiang, Guangjie Han, Lei Shu, Han-Chieh Chao, Shojiro Nishio
2/25/2016CSI WG/IETF761 Open Source Project SEND & Extensions Beijing University of Posts & Telecommunications HUAWEI Yuhong LI (Speaker) Wendong WANG.
IETF-53-IPv6 WG- Cellular host draft 1 Minimum IPv6 Functionality for a Cellular Host Jari Arkko Peter Hedman Gerben Kuijpers Hesham Soliman John Loughney.
Per-MS Prefix Model for IPv6 in WiMAX by Frank Xia Behcet Sarikaya Raj Patil Presented by Jonne Soininen.
Doc.: IEEE /1426r00 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi- tech District,
CSI WG / IETF741/12 Implementation of SeND/CGA and Extensions Beijing University of Posts and Telecommunications HUAWEI.
1/7 zerouter BoF Problem Statement 19 th Nov th IETF - Atlanta, Georgia, USA
DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.
IPV6: CURRENT DEPLOYMENT AND MIGRATION STATUS AND SECURITY CHALLENGES Presenters Lepe Khanum Tor Håvard Karlsen Date:
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
Design Guidelines for IPv6 Networks draft-matthews-v6ops-design-guidelines Philip Matthews Alcatel-Lucent.
Mobile IP Security Konidala M. Divyan International Research Center for Information Security Network Security (ICE 615) Term Project – 2002 Autumn.
03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis oss-unipi: Event #27.
SubmissionSlide 1 Discussions on adaptive frame length in MAC based on block ACK Date: Authors: Ningbo Zhang, Guixia Kang and Bingning Zhu.
V4 traversal for IPv6 mobility protocols - Scenarios Mip6trans Design Team MIP6 and NEMO WGs, IETF 63.
Part III. Data Link Layer
Architecture for security monitoring in IoT environments
Chapter 6 Exploring IPv6.
FAR: A Fault-avoidance Routing Method for Data Center Networks with Regular Topology Please send.
Chapter 2: Basic Switching Concepts and Configuration
Weak Duplicate Address Detection in Mobile Ad Hoc Networks
Wireless LAN Security 4.3 Wireless LAN Security.
Proposal for IEEE 802.1CQ-LAAP
Proposal for IEEE 802.1CQ-LAAP
Proposal for IEEE 802.1CQ-LAAP
بسمه تعالی کارگاه ارزشیابی پیشرفت تحصیلی
Wireless Sensor Network - course: Project to investigate requirements and applications using wireless sensor networks on a construction site Ykä Marjanen.
San Diego 802.1CQ discussions
Current IEEE 802.1CQ Project status
Computer Networks ARP and RARP
Task Manager & Profile Interface
Presentation transcript:

Possible Attacks based on IPv6 Features and Its Detection Zhaowen Lin Presented by: Xiaohong Huang Beijing University of Posts and Telecommunications 2007 APAN Meeting Xi’an, 27/08/2007 2019/10/12

Outline 1 2 3 4 5 BACKGROUND TAXONOMY OF ATTACKS NDP DETECTOR TESTING AND RESULTS 4 CONCLUSION 5

Background Following the current IPv4 address assignment model and trend, the lifespan of IPv4 could still last for some years, but, the IPv6 is the future The research, development and deployment of IPv6 is inevitable trend in the world

Background IPv6 in wireless environments Security problems Wireless LANs at airports, hotels and cafes, etc. Security problems It is fairly easy to set up a phony WLAN base station, leading to various kinds of access stealing, Scan, DoS, and man-in-middle attacks. More attentions are needed on this point.

Contribution of the paper This paper aims to solve the possible attacks pertinent to current IPv6 Neighbor Discovery Protocol (NDP). One NDP Detector is proposed to avoid untrustworthy nodes to launch various kinds of attacks.

TAXONOMY OF ATTACKS Scan Attack MitM (man-in-the-middle ) Attack DoS (Deny of Service) Attack

Scan Attack

MitM Attack

DoS Attacks DoS (Deny of Service) Attack Bogus On-Link Prefix Bogus Address Configuration Prefix DAD Spoofing Bogus Address DoS Attack Parameter Spoofing Smurf6 Attack PMTU Attack

Smurf6 Attack

NDP DETECTOR

TESTING AND RESULTS As we discussed above, there are several types of attacks based on IPv6 features. We designed and implemented an IPv6 attack tool and a detector. In this section, they are used to launch attacks and do the detection. The tests are carried on the BUPT NOC of CERNET2, including scan attacks, DoS attacks and MitM attacks. The results are showed in Table .

CONCLUSION Possible attacks pertinent to current IPv6 Neighbor Discovery Protocol are introduced. One detector is developed to detect possible attacks. Results show that the attack methods are feasible and the detection logics are effective. Due to the fact that Secure Neighbor Discovery (SEND) forwarded by IETF SEND Group is too complex to be applied to actual network, our detection methods will be an efficient method to low the damages to a certainty.

Thank You ! http://ipv6.bupt.edu.cn   返回

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.