7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.

Slides:



Advertisements
Similar presentations
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
Advertisements

IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
IPv6 Overview Brent Frye EECS710. Overview Google Drive Microsoft Cloud Drive Dropbox Paid-for alternatives 2.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
Prof. Dr. Sureswaran Ramadass Director National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia Prof. Dr. Sureswaran Ramadass Director National Advanced.
IPv6-The Next Generation Protocol RAMYA MEKALA UIN:
Implementing IPv6 Module B 8: Implementing IPv6
IPv4 & IPv6 Coexistence & Migration Joe Zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
IPv4 vs. IPv6 Anne-Marie Ethier Andrei Iotici "This report was prepared for Professor L. Orozco- Barbosa in partial fulfillment of the requirements for.
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
IP Version 6 Next generation IP Prof. P Venkataram ECE Dept. IISc.
IPv6 Network Security.
Understanding IPv6 Slide: 1 Lesson 1 Introduction to IPv6.
IPv6 Transition : Why a new security mechanisms model is necessary?
NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
Guide to TCP/IP Fourth Edition
1 IPv6 Address Management Rajiv Kumar. 2 Lecture Overview Introduction to IP Address Management Rationale for IPv6 IPv6 Addressing IPv6 Policies & Procedures.
بسم الله الرحمن الرحیم. Why ip V6 ip V4 Addressing Ip v4 :: 32-bits :: :: written in dotted decimal :: :: ::
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing.
Introduction to IPv6 NSS Wing,BSNL Mobile Services, Ernakulam 1.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing
IPv6 Mobility Milo Liu SW2 R&D ZyXEL Communications, Inc.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Chapter 22 Next Generation IP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration IPv6.
Introduction to IPv6 Presented by:- ASHOK KUMAR MAHTO(09-026) & ROHIT KUMAR(09-034), BRANCH -ECE.
Universal, Ubiquitous, Unfettered Internet © ui.com Pte Ltd Mobile Internet Protocol under IPv6 Amlan Saha 3UI.COM Global IPv6 Summit,
IPv6 Routing Milo Liu SW2 R&D ZyXEL Communications, Inc.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
Juan Ortega 8/13/09 NTS300. “The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally.
Ch 6: IPv6 Deployment Last modified Topics 6.3 Transition Mechanisms 6.4 Dual Stack IPv4/IPv6 Environments 6.5 Tunneling.
CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Lecture 10 Advance Topics in Networking IPv6.
Lesson 2 Introduction to IPv6.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing
Introduction to Mobile IPv6
IPv6 Introduction Joe zhao SW2 Great China R&D Center ZyXEL Communications, Inc.
Workshop: IPv6 with Packet Tracer José Esquivel Technical Manager- Latin America & the Caribbean
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
IPv 邱文揚 Joseph 李家福 Frank. Introduction The scale of IPv4 Internet has become far larger than one could ever imagine when designing.
Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Network Layer NAT, IPv6.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
1 Objectives Identify the basic components of a network Describe the features of Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
+ Lecture#4 IPV6 Addressing Asma AlOsaimi. + Topics IPv4 Issues IPv6 Address Representation IPv6 Types.
TCP/IP Protocol Suite and IP Addressing Presented By : Dupien AMS.
IPV6: CURRENT DEPLOYMENT AND MIGRATION STATUS AND SECURITY CHALLENGES Presenters Lepe Khanum Tor Håvard Karlsen Date:
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
CHAPTER 10: DHCP Routing & Switching. Objectives 10.0 Introduction 10.1 Dynamic Host Configuration Protocol v Dynamic Host Configuration Protocol.
1 Internet Protocol, Version 6 (IPv6) Special Topics in Computer Sciences Second Term 1433/1434 H Dr. Loai Bani Melhim.
Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.
IP Networking: Unit 8: Slide 1 Unit 8 Troubleshooting Routing Protocols and IP Version 6 Chapters 22 & 23 NT2640.U8.PS1.
RFC 3775 IPv6 Mobility Support
IPv6 Overview Address space Address types IPv6 and Tunneling.
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
Stateless Source Address Mapping for ICMPv6 Packets
Internet Protocol, Version 6 (IPv6)
Computer Networks Protocols
Internet Protocol version 6 (IPv6)
Presentation transcript:

7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry

Introduction The Internet Protocol version 6 was developed to extend and eventually replace IPv4’s capabilities. The shortage of IPv4 addresses, which are expected to be used up early in the next decade, and the growing need for an enhanced next-generation Internet protocol that is foundationally secure, have made IPv6 deployment urgent. Numerous nations in Europe as well as Asian countries, including Korea, Japan, and China that have limited IPv4 address space have made the migration a national priority. Selected Topics in Information Security – Bazara Barry

Introduction The developments indicate that the groundwork for a global IPv6 era is near completion. However, several transition issues and deployment challenges could have potentially severe security implications if not properly addressed. Although IPv6 was designed with security in mind, security concerns could hinder its success if adequate efforts and resources are not devoted to fully understanding IPv6-related security issues and vulnerabilities in IPv6-based network infrastructures. Selected Topics in Information Security – Bazara Barry

IPv6 features In contrast to IPv4 addresses, which use only 32 bits, IPv6 addresses are 128 bits long. This larger address size allows for the generation of 3.4 × address values, which should be more than enough for current and future applications. IPv6 also supports end-to-end communication, enabling source and destination nodes to interact without intermediate systems such as NAT devices. Because IPSec support is mandatory in IPv6, a fully compliant IPv6 network deployment should provide better security than its IPv4 counterpart. Selected Topics in Information Security – Bazara Barry

IPv6 features IPv6 introduces a simplified stateless autoconfiguration procedure where a node can configure its IP address based only on local information—that is, without contacting a server. In addition, IPv6 offers better methods for generating manageable routing tables than IPv4. It also provides improved mobility support: Mobile IPv6 is defined as a separate protocol based on the use of IPv6 extension headers and has better authentication and traffic-handling capabilities than MIPv4. Selected Topics in Information Security – Bazara Barry

Security issues in IPv6 First, even though IPSec support is mandatory in IPv6, its use is not. Further, during the IPv4-to-IPv6 transition and even beyond, both IPv4-based legacy networks and IPv6 networks will likely coexist. In such a situation, the possibilities for network-based attacks will likely increase. Several other new, unanticipated security issues will likely emerge as the hacking community starts actively targeting IPv6 networks. Selected Topics in Information Security – Bazara Barry

Reconnaissance attacks The potentially huge size of IPv6 subnets makes reconnaissance attacks more difficult, but there are other ways to identify target systems. The difficulty in scanning posed by IPv6 addressing also makes it hard for an administrator to identify hosts that are either malicious or possible targets for attackers. Selected Topics in Information Security – Bazara Barry

Host initialization and associated attacks An IPv6 node can configure its address through either stateless or stateful autoconfiguration. Stateless autoconfiguration generates the address by combining the network prefix, obtained from the routers located in the network segment to which the host is attached; and the media access control (MAC) address, obtained from the node’s network interface Stateful autoconfiguration contacts a DHCPv6 server for the required address and network information. Selected Topics in Information Security – Bazara Barry

Host initialization and associated attacks The Neighbor Discovery Protocol (NDP) assists the stateless autoconfiguration process. NDP messages are part of the Internet Control Message Protocol for IPv6 (ICMPv6), which also provides functionalities for reporting error messages, performing network diagnostics, and handling multicast memberships. Selected Topics in Information Security – Bazara Barry

Host initialization and associated attacks When not secured through IPSec, ICMPv6 messages open the door for many attacks, including flooding and denial of service (DoS). These are possible because any malicious node that generates ICMPv6 packets can easily fool other nodes on a network segment to follow the packet’s instructions, resulting in a subversion attack that makes the subverted nodes follow the attacker’s wishes. In addition, if the attacker generates a flood of ICMPv6 messages, a victim node or network segment will suffer decreased performance. Selected Topics in Information Security – Bazara Barry

Host initialization and associated attacks Selected Topics in Information Security – Bazara Barry

Security solutions and tools The Secure Neighbor Discovery protocol (SEND) can counter some of the threats against the ND protocol when IPSec is not used. SEND uses cryptographically generated addresses to verify the sender’s ownership of a claimed address. CGAs are IPv6 addresses in which part of the address is generated by applying a cryptographic one-way hash function based on a node’s public key and auxiliary parameters. The hash value can then be used to verify the binding between the public key and a node’s address. Selected Topics in Information Security – Bazara Barry

Security solutions and tools Applying packet filters in IPv6 firewalls is more complicated than in IPv4 firewalls. The IPv6 packet structure definition allows for packets to contain several types of headers, and justifying and applying rules for each type of header will be burdensome. Selected Topics in Information Security – Bazara Barry

Deployment challenges IPSec and key management. Transition issues.  Protocol translation  Traffic tunneling  Dual-stack systems. Selected Topics in Information Security – Bazara Barry

References 1.Carlos E. Caicedo, James B.D. Joshi, and Summit R. Tuladhar, “IPv6 Security Challenges,” Computer, vol. 42, issue. 2, pp , Feb

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.