CS 265 – Project IPv6 Security Aspects Surekha Shinde.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

IPv6 The New Internet Protocol Integrated Network Services Almerindo Graziano.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

IPv6 AL-MAJRASHI, FAHAD AL-MUQAIREN, FAHAD

The Future of TCP/IP Always evolving: –New computer and communication technologies More powerful PCs, portables, PDAs ATM, packet-radio, fiber optic, satellite,

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

OverView Over View Introduction to IPv6Introduction to IPv6 IPv4 and IPv6 ComparisonIPv4 and IPv6 Comparison Current issues in IPv4Current issues in IPv4.

IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.

IPv6 Network Security.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IP Security. n Have a range of application specific security mechanisms u eg. S/MIME, PGP, Kerberos, SSL/HTTPS n However there are security concerns that.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Lecture 15: IPsec AH and ESP IPsec introduction: uses and modes IPsec concepts –security association –security policy database IPsec headers –authentication.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

K. Salah1 Security Protocols in the Internet IPSec.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

CS 6401 IPv6 Outline Background Structure Deployment.

1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.

Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public BSCI Module 8 Lessons 1 and 2 1 BSCI Module 8 Lessons 1 and 2 Introducing IPv6 and Defining.

IP Security: Security Across the Protocol Stack

1 Network Security Lecture 8 IP Sec Waleed Ejaz

CSCE 715: Network Systems Security

© 2009 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved. © The McGraw-Hill Companies, Inc. IP version 6 Asst. Prof. Chaiporn Jaikaeo,

Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.

TCP/IP Protocols Contains Five Layers

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

Karlstad University IP security Ge Zhang

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

IP Security.  In CERTs 2001 annual report it listed 52,000 security incidents  the most serious involving:  IP spoofing intruders creating packets.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Chapter 27 IPv6 Protocol.

Encapsulated Security Payload Header ● RFC 2406 ● Services – Confidentiality ● Plus – Connectionless integrity – Data origin authentication – Replay protection.

1 Lecture 13 IPsec Internet Protocol Security CIS CIS 5357 Network Security.

Lecture 6 W.Lilakiatsakun.  Internet Protocol  IPv4 /IPv6  IPsec  ICMP  Routing Protocol  RIP/OSPF  BGP  Attack on Layer3 Layer 3 Technology.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer NAT, IPv6.

Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.

Cryptography and Network Security (CS435) Part Thirteen (IP Security)

1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.

Network Layer Security Network Systems Security Mort Anvari.

IPSEC Modes of Operation. Breno de MedeirosFlorida State University Fall 2005 IPSEC  To establish a secure IPSEC connection two nodes must execute a.

K. Salah1 Security Protocols in the Internet IPSec.

IP Security (IPSec) Authentication Header (AH) Dr Milan Marković.

IPsec Problems and Solutions

IPSec Detailed Description and VPN

UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture

IP Version 6 (IPv6).

CSE 4905 IPsec.

Chapter 16 – IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death, together with the man to whom.

IT443 – Network Security Administration Instructor: Bo Sheng

IPSec IPSec is communication security provided at the network layer.

Presentation transcript:

CS 265 – Project IPv6 Security Aspects Surekha Shinde

IPv6 Security Aspects Agenda Introduction to IPv6 IPv4 and IPv6 Comparison Current issues in IPv4 IPv6 solutions for IPv4 issues New issues of new protocol Hacking Tools Conclusion

Introduction to IPv6 Why IPv6 IPv6 Important features : Wish-list Faster Packet Processing Enhanced QOS Improved Security Greater protocol Flexibility Dual-Stack approach

031 VersionClassFlow Label Payload LengthNext HeaderHop Limit 128 bit Source Address 128 bit Destination Address The IPv6 Header 40 Octets, 8 fields

031 VerIHLTotal Length IdentifierFlags Fragment Offset 32 bit Source Address 32 bit Destination Address Service Type Options and Padding Time to Live Header Checksum Protocol Shaded fields are absent from IPv6 header The IPv4 Header 20 octets + options : 13 fields, including 3 flag bits

IPv6 Addressing IPv6 Addressing rules are covered by multiples RFC’s Architecture defined by RFC 2373 Address Types are : Unicast : One to One Anycast : One to Nearest Multicast : One to Many Reserved A single interface may be assigned multiple IPv6 addresses of any type (unicast, anycast, multicast) No Broadcast Address -> IPv6 Use Multicast

Notation & Abbreviation Notation Bits = 16 bytes = 32 Hex digits : :: ADBF : BBFF2922FFFF ::: FDEC BA98 FDEC : BA98 : 0074 : 3210 : 000F : BBFF : 0000 : FFFF FDEC : BA98 : 74 : 3210 : F : BBFF : 0 : FFFF Abbreviation Unabbreviated Abbreviated FDEC : 0 : 0 : 0 : 0 : BBFF : 0 : FFFF FDEC : 00 : BBFF : 0 : FFFF Abbreviated More Abbreviated

IPv6 Addressing for IPv4 IPv4-Compatible IPv6 Address format IPv4-Mapped IPv6 Address format 0 IPv4 Address 96 Bits 32 Bits 0:0:0:0:0: IPv4 Compatible Address = 0:0:0:0:0:0: = :: IPv4 Address 80 Bits 32 Bits 0:0:0:0:0: FFFF 16 Bits IPv4-Mapped Address = 0:0:0:0:0:FFFF:

IPv6 over IPv4 Tunnels Tunneling is encapsulating the IPv6 packet in the IPv4 packet Tunneling can be used by routers and hosts IPv4 IPv6 Network Tunnel: IPv6 in IPv4 packet IPv6 HostA Dual-Stack RouterB Dual-Stack RouterA IPv6 HostB IPv6 Header IPv4 Header IPv6 Header Transport Header Data Transport Header

Dual Stack Approach & DNS In a dual stack case, an application that: Is IPv4 and IPv6-enabled Asks the DNS for all types of addresses Chooses one address and, for example, connects to the IPv6 address DNS Server IPv4 IPv6 = * ? 3ffe:b00::

Security Advantages of IPv6 Over IPv4 IPv4 - NAT breaks end-to-end network security IPv6 - Huge address range – No need of NAT IPv4 – IPSEC is Optional IPv6 - Mandatory in v6 IPv4 - Security extension headers(AH,ESP) – Back ported IPv6 - Built-in Security extension headers IPv4 - External Firewalls introduce performance bottlenecks IPv6 - Confidentiality and data integrity without need for additional firewalls

Security Advantages of IPv6 Over IPv4 (2) IPv4 - Security issues related to ICMPV4. IPv6 - ICMPV6 uses IPSEC authentication and encryption. IPv4 - No mechanism for resistance to scanning IPv6 - RTS possible only in IPV6 IPV4 - Doesn’t support Auto configuration IPv6 - Built in Auto configuration support Ignorance of network administrator to IPV6 But, Thanks to the transitional efforts of IETF

IPV4 - Security option field and Optional IPSEC IPV6 - IPSEC part of protocol suite-mandatory IPSEC provides network-level security IPSEC uses:- AH ( Authentication Header) ESP( Encapsulating Security Payload) Header Important Security fields in IPv6

Authentication Header(AH) Data integrity Data authentication Anti-replay protection Next HeaderHdr Ext Len Security Parameters Index (SPI) Reserved Sequence Number Authentication Data Fig.- Authentication Header(AH) Packet Format

Authentication Header fields SPI:-Security parameter index Sequence number field :- Anti-replay protection Authentication data :- ICV-authentication and data integrity HMAC(Hash message authentication code)+MD5 & HMAC+SHA-1 AH supports several authentication algorithms Prevents IP spoofing attacks Prevents DOS attacks

Encapsulating Security Payload (ESP) Data confidentiality Data integrity Data authentication Anti-replay protection Authentication applied only to data being encrypted Optional services-select at least one

Payload Next Header Security Parameters Index (SPI) Sequence Number Authentication Data Padding Length Padding ESP Packet Header Format

ESP Packet Header ESP header with confidentiality service – prevents sniffing Ex.TCP dump & Windump ESP - symmetric key algorithms like DES, 3DES and AES ESP Header Fields: SPI:-Security parameter index Sequence number field :- Anti-replay protection

Security issues in IPV6: IPSEC Relies on PKI, Not yet fully Standardized Scanning possible – If poorly designed No protection against all denial of service attack (DoS attacks difficult to prevent in most cases) No many firewalls in market with V6 capable But ??????

By The Way… IPv6 Hacking Tools Sniffer/packet capture Analyzer Snort TCP dump Ethereal Windump WinPcap Scanners IPV6 security scanner Halfscan6 Nmap DOS Tools 6tunneldos 4to6DDOS Imps6-tools Packet forgers SendIP Packit Spak6 Worms Slapper RealSecure & Proventia Tools

Conclusion ‘Black Hats’ Vs ‘White Hats’ Time for ignoring IPV6…..PAST Time for understanding,recognizing and deploying it…… NOW

References Computer Networks By Larry Peterson and Bruce Davie

Questions ?