 |
IPv6 Security 2015 |
Internet Protocol Version 6 is gradually being adopted as the replacement for version 4. According to Google Statistics Google reports that IPv6 adoption is now about 11% of all internet traffic on its network. See https://www.google.com/intl/en/ipv6/statistics.html.
Touted as a more secure protocol with increased address space, portability, and greater privacy, research into this and other related protocols has increased, particularly in the context of smart grid, mobile communications, and cloud computing. For the Science of Security community, it is relevant to resiliency, composability, metrics, and policy-based governance. The work cited here was presented in 2015.
V. J. D. Barayuga and W. E. S. Yu, “Packet Level TCP Performance of NAT44, NAT64 and IPv6 Using Iperf in the Context of IPv6 Migration,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-3. doi:10.1109/ICITCS.2015.7293006
Abstract: Current allocation rates suggest IPv4 exhaustion by approximately 2011. Hence, this paper will lead the way for the acceptance of Internet Protocol version 6 (IPv6) migration in the Philippines using a similar Network Address Translation (NAT) that there is an apparent means to be taken into consideration and NAT IPv6 to IPv4 (NAT64) can be a good choice for computer networks like the Philippines which is behind NAT44. This paper is a continuation of the previous paper to be published wherein it focused on the packet level UDP performance of NAT44, NAT64 and IPv6 while this paper is focused on the packet level TCP performance of NAT44, NAT64 and IPv6 using iperf. Therefore this paper concluded based on the packet level TCP results wherein overall performance revealed that IPv6 network and NAT64 network offered better performance against the NAT44 network in almost all of instances on the iperf generic TCP mode test. For time transfer, IPv6 had 26% less and NAT64 had 27% less where both executed the transfer in a lesser time compared to NAT44 networks having 45% which is longer than the results of the aforementioned networks. In the bandwidth utilization, it is presented that IPv6 network had 50% and NAT64 network had 33% offered better bandwidth utilization as compared to NAT44 network having 15%. IPv6 network had 43% which showed faster transfer rate along with NAT64 network which had 41% compared to the NAT44 network with only 15% transfer.
Keywords: computer networks; transport protocols; IPv6; IPv6 migration context; Internet protocol; Iperf; NAT44; NAT64; Philippines; computer networks; network address translation; packet level TCP performance; packet level UDP performance; time transfer; transport control protocol; user defined protocol; Bandwidth; Cities and towns; Computers; IP networks; Internet; Payloads; Protocols (ID#: 16-10724)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293006&isnumber=7292885
V. Aghaei-Foroushani and A. N. Zincir-Heywood, “Deterministic Flow Marking for IPv6 Traceback (DFM6),” Network and Service Management (CNSM), 2015 11th International Conference on, Barcelona, 2015, pp. 270-273. doi:10.1109/CNSM.2015.7367370
Abstract: Although some security threats were taken into consideration in the IPv6 design, DDoS attacks still exist in the IPv6 networks. The main difficulty to counter the DDoS attacks is to trace the source of such attacks, as the attackers often use spoofed source IP addresses to hide their identity. This makes the IP traceback schemes very relevant to the security of the IPv6 networks. Given that most of the current IP traceback approaches are based on the IPv4, they are not suitable to be applied directly on the IPv6 networks. In this research, a modified version of the Deterministic Flow Marking (DFM) approach for the IPv6 networks, called DFM6, is presented. DFM6 embeds a fingerprint in only one packet of each flow to identify the origin of the IPv6 traffic traversing through the network. DFM6 requires only a small amount of marked packets to complete the process of traceback with high traceback rate and no false positives.
Keywords: IP networks; computer network security; DDoS attacks; DFM approach; DFM6; IP traceback approaches; IPv6 design; IPv6 networks; IPv6 traffic; deterministic flow marking approach; marked packets; security threats; spoofed source IP addresses; Computer crime; Data mining; Decoding; Encoding; Network interfaces; DDoS Attacks; Flow Based IP Traceback; IPv6; Network Security (ID#: 16-10725)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7367370&isnumber=7367318
T. Saraj, A. Hanan, M. S. Akbar, M. Yousaf, A. Qayyum, and M. Tufail, “IPv6 Tunneling Protocols: Mathematical and Testbed Setup Performance Analysis,” 2015 Conference on Information Assurance and Cyber Security (CIACS), Rawalpindi, 2015, pp. 62-68. doi:10.1109/CIACS.2015.7395568
Abstract: Unlike the early days of IPv6 deployment, the interest of enterprise organizations, research community and academia in IPv6 is increasing day-by-day. Presence of IPv6 in providers network is very limited and community is adopting alternate methods to experience the IPv6 communication. Tunneling protocols are used over Hybrid IPv4-IPv6 networks to provide end-to-end IPv6 connectivity. These protocols while providing solution for end-to-end IPv6 connectivity also introducing a bad experience of use of IPv6 due to the additional overhead of tunneling. In this paper, we analyze the most common tunneling protocols that are available to configure in most of the network device. Our analysis in this paper is based on mathematical and deployment on a testbed setup in LAN, CAN and MAN only. Further this activity covers the behavior of tunneling protocols with applications that use either TCP or UDP on top of tunneling protocols.
Keywords: IP networks; controller area networks; metropolitan area networks; protocols; CAN; IPv6; LAN; MAN; TCP; UDP; tunneling protocols; Performance analysis; Routing protocols; Servers; Throughput; Tunneling; Wide area networks; End-to-End Delay; Jitter; Overhead; RTT; Throughput; Tunnel; UDP (ID#: 16-10726)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7395568&isnumber=7395552
S. Debbarma and P. Debnath, “Internet Protocol Version 6 (IPv6) Extension Headers: Issues, Challenges and Mitigation,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 923-928. doi: (not provided)
Abstract: IPv6 extension headers allow for the extension of the IPv6 protocol and provides support for some core functionality such as IPv6 fragmentation. This paper is about the issues surrounding IPv6 Extension Headers and their use on the public Internet. More specifically, it summarize the issues associated with IPv6 EHs (performance, security, etc). To illustrate support of IPv6 EHs in the real world. Summarizes the implications of the filtering at the intermediately nodes.
Keywords: IP networks; Internet; IPv6 EH; IPv6 fragmentation; Internet protocol version 6 extension headers; core functionality; intermediately node filtering; public Internet; Authentication; Cryptography; IP networks; Payloads; Protocols; EHs; ESP; Extension Header; Fragmentation; IPv6; IoT; MTU; Security; Traffic class (ID#: 16-10727)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7100382&isnumber=7100186
F. Najjar and M. M. Kadhum, “Reliable Behavioral Dataset for IPv6 Neighbor Discovery Protocol Investigation,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-5. doi:10.1109/ICITCS.2015.7293014
Abstract: Neighbor Discovery Protocol (NDP), which is the main supported protocol for IPv6, has some security issues due to its intuitive trust of every device inside the local area network. Securing NDP becomes an important research area as the Internet is deployed widely in public areas, such as airports, where the trust is not necessary between hosts, which may expose them to attacks. In addition, securing network from inside is necessary, particularly when security hierarchical exist between users. One of the major problems in conducting research on IPv6 security is the absence of a reliable dataset, which is essential in testing and evaluating the proposed solutions. This research develops a reliable dataset of IPv6 NDP by capturing the normal and abnormal behaviors of NDP using specific dependable tools. Reliable dataset helps to understand and distinguish between normal behavior and anomalies in IPv6 NDP.
Keywords: IP networks; computer network security; transport protocols; trusted computing; IPv6 NDP; IPv6 neighbor discovery protocol; IPv6 security; Internet; attacks; local area network; network security; reliable behavioral dataset; reliable dataset; security issues; trust; Intrusion detection; Local area networks; Protocols; Reliability (ID#: 16-10728)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293014&isnumber=7292885
J. R. P. Sánchez, “Analysis of the Security IPv6 and Comparative Study Between Two Routing Protocols Oriented to IPv6,” Computer Aided System Engineering (APCASE), 2015 Asia-Pacific Conference on, Quito, 2015, pp. 374-379. doi:10.1109/APCASE.2015.73
Abstract: In the next years, IPv6 will inevitably replace the IPv4 protocol. Although, taking consciousness about technical details and aspects of security of this “new” protocol is still being poor in network administrators from different companies in the world. Many security attacks performed in IPv4, exploiting vulnerabilities in a certain network, are also feasible in IPv6. That is why we proposed to evaluate the response from two IPv6 protocols against security attacks. Designed and implemented two virtual networks conformed by routers and hosts. The first one was configured with OPSFv3 protocol and the second one with RIPng. I used server-client model, where clients share information with the server databases, interacting with the services. The implemented model network simulated a business environment, where each node connected to the network represented different branches and matrices that a company could have. Do different types of attacks to the network and then we measure the response from both, taking into consideration the following parameters: Availability, integrality and confidentiality. Statistical data of the tests, which helped us to have a better idea about how security operates in IPv6. These results could help as a source of information for network administrators, so they could know more details about security in IPv6.
Keywords: IP networks; computer network security; routing protocols; IPv6 security; OPSFv3 protocol; RIPng protocol; business environment; client-server system; data availability; data confidentiality; data integrality; routing protocols; Routing; Routing protocols; Security; Servers; Standards; Virtual private networks; IPv6; OSPFv3; RIPng; availability; confidentiality; denial of service; integrality (ID#: 16-10729)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287049&isnumber=7286975
M. Panwar and A. Kumar, “Security for IoT: An Effective DTLS with Public Certificates,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 163-166. doi:10.1109/ICACEA.2015.7164688
Abstract: The IoT (Internet of Things) is a scenario in which things, people, animal or any other object can be identified uniquely and have the ability to send or receive data over a network. With the IPV6 the address space has been increased enormously, favors allocation of IP address to a wide range of objects. In near future the number of things that would be connected to internet will be around 40 million. In this scenario it is expected that it will play a very vital role in business, data and social processes in which devices will interact among themselves and with the surrounding by interchanging information [5]. If this information carries sensitive data then security is an aspect that can never be ignored. This paper discusses some existing security mechanism for IoT and an effective DTLS mechanism that makes the DTLS security more robust by employing public certificates for authentication. We can use a Certificate authority that can give the digital certificates to both the client and server and can increase the effectiveness of this communication. This work aims to introduce a CA for the communication and to provide some results that can show its improved performance in contrast to the pre-shared key communication.
Keywords: IP networks; Internet of Things; computer network security; DTLS mechanism; DTLS security; IP address; IPV6; IoT security; authentication; interchanging information; public certificates; receive data; security mechanism; Authentication; Internet of things; Protocols; Public key; Servers; Certificate Authority (CA); Datagram Transport Layer Security (DTLS); Internet of Things (IoT) (ID#: 16-10730)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164688&isnumber=7164643
J. L. Santos and R. Kantola, “Transition to IPv6 with Realm Gateway 64,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 5614-5620. doi:10.1109/ICC.2015.7249217
Abstract: The IPv4 address space has been depleted and the usage of IPv6 is still very limited, however increasing. Smooth coexistence of IPv4 and IPv6 can support the development of the next generation Internet. During the transition there will be IPv4-only, IPv6-only and dual-stack hosts and network segments. This paper presents Realm Gateway 64 (RGW64) ? a solution for interconnecting heterogeneous network realms as defined by the IETF, which does not require changes in end-hosts. RGW64 relies on stateful DNS64/NAT64 translation and DNS resolution for establishing inbound connections. An analysis of the scalability and the security is also presented. The paper shows that RGW64 is suitable for operators who want to gradually migrate customer networks to IPv6 yet maintaining reachability with the IPv4 Internet.
Keywords: IP networks; Internet; next generation networks; DNS64; IETF; IPv4 Internet; IPv4-only; IPv6-only; NAT64; RGW64; Realm Gateway 64; dual-stack hosts; heterogeneous network; next generation Internet; Logic gates; Ports (Computers); Protocols; Security; Servers; IPv6 transition; IPv6 translation; NAT; Realm Gateway (ID#: 16-10731)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249217&isnumber=7248285
T. Chen, H. Huang, Z. Chen, Y. Wu, and H. Jiang, “A Secure Routing Mechanism Against Wormhole Attack in IPv6-Based Wireless Sensor Networks,” Parallel Architectures, Algorithms and Programming (PAAP), 2015 Seventh International Symposium on, Nanjing, 2015, pp. 110-115. doi:10.1109/PAAP.2015.30
Abstract: The increasing popularity of wireless sensor networks and IPv6 technology is creating varieties of applications for wireless sensor networks based on IPv6. However, IPv6-based Wireless sensor networks are vulnerable to a harmful attack known as the wormhole attack, where a malicious node overhears data packet at one location and tunnels it to a colluding node, which replays it locally. This can have a negative influence on the routing mechanism by preventing nodes from discovering the normal routes. In this paper, we present a secure routing mechanism against wormhole attack in IPv6-based wireless sensor networks. The design of this routing mechanism can be divided into two phases -- wormhole detection and defense, which is based on the average distance per hop in the network and the TTL of IP header. Besides, our proposal does not require special hardware or high computation and storage capacity of the node, which is quite suitable for the resource-constrained IPv6-based wireless sensor networks. The simulation results show that our proposal is effective under the conditions of different network topology and wormhole parameters.
Keywords: IP networks; invasive software; telecommunication network routing; telecommunication security; wireless sensor networks; network topology; resource-constrained IPv6-based wireless sensor networks; routing mechanism security; wormhole attack; wormhole parameters; Encryption; Hardware; Network topology; Routing; Routing protocols; Wireless sensor networks; IPv6; Security; Wireless sensor networks(WSNs); Wormhole attack; Wormhole detection and defense (ID#: 16-10732)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387310&isnumber=7387279
W. Liu, P. Ren, D. Sun, Y. Zhao, and K. Liu, “Study on Attacking and Defending Techniques in IPv6 Networks,” Digital Signal Processing (DSP), 2015 IEEE International Conference on, Singapore, 2015, pp. 48-53. doi:10.1109/ICDSP.2015.7251328
Abstract: Although widely deployed in recent years, the IPv6 protocols still have many security problems, especially the Man-In-The-Middle (MITM) Attack in IPv6 Local Area Network. This paper presents an IPv6 MITM Attack test system to help users aware the security risks, and then design a defending tool using DNSSEC to avoid session hijack attack in IPv6 Networks.
Keywords: IP networks; computer network security; local area networks; protocols; DNSSEC; IPv6 MITM attack; IPv6 local area network security; defending tool; man-in-the-middle attack; session hijack attack avoidance; Local area networks; Logic gates; Routing protocols; Security; Servers; Web sites; Attack Testing; IPv6; Man-In-The-Middle Attack; Security (ID#: 16-10733)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7251328&isnumber=7251315
S. Schindler, B. Schnor, and T. Scheffler, “Taming the IPv6 Address Space with Hyhoneydv6,” 2015 World Congress on Internet Security (WorldCIS), Dublin, 2015, pp. 113-118. doi:10.1109/WorldCIS.2015.7359425
Abstract: This paper presents a new hybrid honeypot architecture which focuses on the coverage of large IPv6 address spaces. Results from a 15-months darknet experiment verify that attackers and researchers utilise various approaches to scan wide and unforeseeable IPv6 address ranges which cannot be managed with current honeypot solutions. The huge IPv6 address space not only makes it hard for attackers to find target hosts, it also makes it difficult for a honeypot to get found by an attacker. We solve this challenge through the use of dynamically configured high-interaction honeypots that can cover large chunks of the IPv6 address space. A new proxy mechanism is used to transparently handover and forward traffic from low-to high-interaction honeypots on demand to provide the best possible service granularity. Measurements with our prototype implementation show that the proposed approach performs well on off-the-shelf hardware and has low maintenance costs.
Keywords: IP networks; mobility management (mobile radio); Hyhoneydv6; IPv6 address ranges; IPv6 address space; forward traffic; handover; honeypot solutions; hybrid honeypot architecture; maintenance costs; proxy mechanism; service granularity; Hardware; Internet; Operating systems; Protocols; Security; Virtual machining; Visualization; Honeypot Network Security; IPv6 (ID#: 16-10734)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359425&isnumber=7359393
I. Halcu, G. Stamatescu, and V. Sgârciu, “Enabling Security on 6LoWPAN / IPv6 Wireless Sensor Networks,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. SSS-29-SSS-32. doi:10.1109/ECAI.2015.7301201
Abstract: The increasing interest in the development of open-source, IPv6 platforms for Wireless Sensor Networks (WSN) and the Internet of Things (IoT), offers a significant potential ubiquitous monitoring and control. The usage of IPv6 in WSNs enables the integration of sensing applications with the Internet. For relevant goals, we consider security should properly be addressed as an integral part of high-level layers of the protocol stack. This paper describes and evaluates the usage of new compressed 6LoWPAN security headers, with a focus on the link-layer. Leveraging the Contiki operating system for resource constrained devices, along with link-layer security sublayers and IPv6, helpful insight is achieved for evaluation and deployment.
Keywords: IP networks; operating systems (computers); personal area networks; public domain software; telecommunication security; ubiquitous computing; wireless sensor networks; 6LoWPAN security headers; Contiki operating system; IPv6 wireless sensor networks; WSN; link-layer; link-layer security sublayers; open-source development; resource constrained devices; ubiquitous control; ubiquitous monitoring; Encryption; IEEE 802.15 Standard; Memory management; Payloads; Protocols; Wireless sensor networks; 6LoWPAN; 802.15.4; LLSEC; Security; Wireless Sensor Networks (ID#: 16-10735)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301201&isnumber=7301133
A. Komal, “Performance Evaluation of Tunneling Mechanisms in IPv6 Transition: A Detailed Review,” Advances in Computing and Communication Engineering (ICACCE), 2015 Second International Conference on, Dehradun, 2015, pp. 144-149. doi:10.1109/ICACCE.2015.95
Abstract: It has been quite a long time since we heard of IPv4 address space depletion problem. Today new generation internet protocol, IPv6, has been adopted widely to fulfill the needs of rapidly growing internet population. Nonetheless, many organizations and Internet Service Providers (ISPs) still adhere to IPv4 infrastructure. The co-existence of IPV4 and IPV6 networks has contributed to copious issues related to successful communication between hosts. Internet Engineering Task Force (IETF) suggested numerous transition mechanisms (Dual Stack, Tunneling and Header Translation) to enable communication between hosts working on incompatible network layer protocols-IPv4 and IPv6. Tunneling mechanism enables seamless communication between dual stack nodes of IPV4 and IPv6 network clouds and hence it is widely implemented. This paper discusses various tunneling mechanisms as proposed by IETF with comparative assessment based on different criteria identified. It also addresses the security concerns related to them and evaluates their performance using simulation.
Keywords: IP networks; computer network performance evaluation; protocols; IETF; IPv4 infrastructure; IPv6 transition; ISP; Internet engineering task force; Internet service provider; network layer protocol; performance evaluation; tunneling mechanism; Internet; Ports (Computers); Relays; Routing; Security; Servers; Tunneling; Dual stack; Header Translation; IPv4; IPv6; ISATAP; ISPs; Tunneling; transition (ID#: 16-10736)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7306667&isnumber=7306547
S. Bobade and R. Goudar, “Secure Data Communication Using Protocol Steganography in IPv6,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, India, 2015, pp. 275-279. doi:10.1109/ICCUBEA.2015.59
Abstract: In secure data communication Network Security is important. Basically in cryptography Encryption is used for data security. Still attacker can attract towards encrypted data due to different form of data. so this limitation could overcome by using steganography. Steganography is the technique of information hiding. In steganography different carriers can be used for information hiding like image, audio, video, network protocols. Network steganography is a new approach for data hiding. In network steganography network layer protocol of TCP/IP suite are used for data hiding. In Network layer covert channels are used for data hiding. Covert channels violate security policies of the system. Covert channels are either used for steal the information or communicate secrete information overt a network. Covert channel in TCP, IPv4 are previously implemented and studied. IPv6 is a new generation protocol which slowly replaces IPv4 in future because IPv4 is rapidly running out. So there is need to examine security issues related IPv6 protocol. Covert channels are present in IPv6 protocol. 20 bit Flow label field of IPv6 protocol can be used as covert channel. RSA algorithm is used for data Encryption. Chaotic method used for data encoding. Secret data communication is possible in IPv6.
Keywords: IP networks; computer network security; cryptographic protocols ;data communication;steganography; transport protocols;IPv6 protocol; RSA algorithm; TCP/IP suite; chaotic method; cryptography encryption; data encoding; data encryption; data hiding; flow label field; information hiding; network layer covert channels; network security; network steganography network layer protocol; protocol steganography; secure data communication; security policy; Chaotic communication; Encoding; IP networks; Logistics; Protocols; Security; Chaos Theory; Covert channel; Network Security; Steganography; TCP/IP (ID#: 16-10737)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155850&isnumber=7155781
J. Ullrich, P. Kieseberg, K. Krombholz, and E. Weippl, “On Reconnaissance with IPv6: A Pattern-Based Scanning Approach,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, pp. 186-192. doi:10.1109/ARES.2015.48
Abstract: Today’s capability of fast Internet-wide scanning allows insights into the Internet ecosystem, but the on-going transition to the new Internet Protocol version 6 (IPv6) makes the approach of probing all possible addresses infeasible, even at current speeds of more than a million probes per second. As a consequence, the exploitation of frequent patterns has been proposed to reduce the search space. Current patterns are manually crafted and based on educated guesses of administrators. At the time of writing, their adequacy has not yet been evaluated. In this paper, we assess the idea of pattern-based scanning for the first time, and use an experimental set-up in combination with three real-world data sets. In addition, we developed a pattern-based algorithm that automatically discovers patterns in a sample and generates addresses for scanning based on its findings. Our experimental results confirm that pattern-based scanning is a promising approach for IPv6 reconnaissance, but also that currently known patterns are of limited benefit and are outperformed by our new algorithm. Our algorithm not only discovers more addresses, but also finds implicit patterns. Furthermore, it is more adaptable to future changes in IPv6 addressing and harder to mitigate than approaches with manually crafted patterns.
Keywords: IP networks; Internet; protocols; IPv6 addressing; IPv6 reconnaissance; Internet Protocol version 6; Internet ecosystem; Internet-wide scanning; pattern-based algorithm; pattern-based scanning approach; search space; Ports (Computers); Probes; Protocols; Reconnaissance; Servers; Standards; Addresses; IPv6; Network Security (ID#: 16-10738)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299913&isnumber=7299862
L. Kypus, L. Vojtech and J. Hrad, “Security of ONS Service for Applications of the Internet of Things and Their Pilot Implementation in Academic Network,” Carpathian Control Conference (ICCC), 2015 16th International, Szilvasvarad, 2015, pp. 271-276. doi:10.1109/CarpathianCC.2015.7145087
Abstract: The aim of the Object name services (ONS) project was to find a robust and stable way of automated communication to utilize name and directory services to support radio-frequency identification (RFID) ecosystem, mainly in the way that can leverage open source and standardized services and capability to be secured. All this work contributed to the new RFID services and Internet of Things (IoT) heterogeneous environments capabilities presentation. There is an increasing demand of transferred data volumes associated with each and every IP or non-IP discoverable objects. For example RFID tagged objects and sensors, as well as the need to bridge remaining communication compatibility issues between these two independent worlds. RFID and IoT ecosystems require sensitive implementation of security approaches and methods. There are still significant risks associated with their operations due to the content nature. One of the reasons of past failures could be lack of security as the integral part of design of each particular product, which is supposed to build ONS systems. Although we focused mainly on the availability and confidentiality concerns in this paper, there are still some remaining areas to be researched. We tried to identify the hardening impact by metrics evaluating operational status, resiliency, responsiveness and performance of managed ONS solution design. Design of redundant and hardened testing environment under tests brought us the visibility into the assurance of the internal communication security and showed behavior under the load of the components in such complex information service, with respect to an overall quality of the delivered ONS service.
Keywords: Internet of Things; radiofrequency identification; telecommunication security; ONS service; RFID; academic network; object name services; radio-frequency identification; Operating systems; Protocols; Radiofrequency identification; Security; Servers; Standards; Virtual private networks; IPv6; ONS; security hardening (ID#: 16-10739)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145087&isnumber=7145033
J. L. Shah and J. Parvez, “Impact of IPSec on Real Time Applications in IPv6 and 6to4 Tunneled Migration Network,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ICIIECS.2015.7193114
Abstract: IPSec is the amalgam of protocols dispensing security in IP networks. It has been the rudimentary security component in IPv4 and IPv6 networks providing for data authentication, integrity and confidentiality. Earlier security was not embedded at the IP level however with emergence of large scale public and corporate internets, the user data became vulnerable to malicious activities like privacy attacks and thefts. To mitigate this and secure network traffic, IETF introduced IPSec for robust network communications. IPSec is a framework that provides sublime options for encryption and authentication of data packets. IPSec architecture provides a flexible and agile approach for securing network traffic. Initially IPSec was introduced as an additional component in IPv4, but in next generation internet protocol IPv6, it’s an inbuilt component implemented as a part of extension header. Although IPSec is the panacea for securing IP protocol, its implementation and management is unequivocally complex in nature. The implementation involves key management and exchange through IKE, protocol negotiations and establishment of security associations which can significantly decrease performance and degrade IP communication. This fact has a significant impact on real time communication. This paper makes an empirical investigation of the parameters that are affected by implementation of IPSec in IPv6 and 6 to 4 Tunneled Migration Networks. The investigation is significant and evaluates about the performance decay that is encountered by incorporating security. The simulation approach is used and measurements are performed in OPNET Simulator ver. 14.5.
Keywords: IP networks; computer network management; computer network security; cryptographic protocols; data integrity; next generation networks; telecommunication traffic; 6to4 tunneled migration network; IETF; IKE; IP protocol management; IPSec; IPv6 tunneled migration network security; OPNET Simulator ver. 14.5; data authentication; data confidentiality; data integrity; data packet encryption; key management; malicious activity; network traffic security; next generation Internet protocol; protocol negotiation; Authentication; Delays; Encryption; Internet; Protocols; 6to4; IPv4; IPv6; OPNET (ID#: 16-10740)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193114&isnumber=7192777
F. Januário, A. Santos, L. Palma, A. Cardoso, and P. Gil, “A Distributed Multi-Agent Approach for Resilient Supervision over a IPv6 WSAN Infrastructure,” Industrial Technology (ICIT), 2015 IEEE International Conference on, Seville, 2015, pp. 1802-1807. doi:10.1109/ICIT.2015.7125358
Abstract: Wireless Sensor and Actuator Networks has become an important area of research. They can provide flexibility, low operational and maintenance costs and they are inherently scalable. In the realm of Internet of Things the majority of devices is able to communicate with one another, and in some cases they can be deployed with an IP address. This feature is undoubtedly very beneficial in wireless sensor and actuator networks applications, such as monitoring and control systems. However, this kind of communication infrastructure is rather challenging as it can compromise the overall system performance due to several factors, namely outliers, intermittent communication breakdown or security issues. In order to improve the overall resilience of the system, this work proposes a distributed hierarchical multi-agent architecture implemented over a IPv6 communication infrastructure. The Contiki Operating System and RPL routing protocol were used together to provide a IPv6 based communication between nodes and an external network. Experimental results collected from a laboratory IPv6 based WSAN test-bed, show the relevance and benefits of the proposed methodology to cope with communication loss between nodes and the server.
Keywords: Internet of Things; multi-agent systems; routing protocols; wireless sensor networks; Contiki operating system; IP address; IPv6 WSAN infrastructure; IPv6 communication infrastructure; RPL routing protocol; distributed hierarchical multiagent architecture; distributed multiagent approach; external network; intermittent communication; resilient supervision; wireless sensor and actuator networks; Actuators; Electric breakdown; Monitoring; Peer-to-peer computing; Routing protocols; Security (ID#: 16-10741)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7125358&isnumber=7125066
R. Ghafouri, A. Ashrafi, and B. V. Vahdat, “Security Consideration of Migration to IPv6 with NAT (Network Address Translation) Methods,” Electrical Engineering (ICEE), 2015 23rd Iranian Conference on, Tehran, 2015, pp. 746-749. doi:10.1109/IranianCEE.2015.7146312
Abstract: However, the idea of the IPv6 comes from 1990s, but motion towards IPv6 carries out slowly. IPv6 is used in some companies but it has not been used all over the world yet. As a result, these companies are like islands in IPv4 oceans that it is needed to connect these islands with other islands & oceans. To connect these islands with each other, there are three methods: 1. Dual stack 2. NAT 3. Tunneling In this article; first of all, introduced attacks and then after analyzing these attacks. Vulnerability towards migration with NAT method comes out and finally security ways apply for each Vulnerabilities.
Keywords: IP networks; computer network security; IPv6; NAT; dual stack; network address translation method; security attack; tunneling; Conferences; Decision support systems; Electrical engineering; Attack; Migration; Threat; Vulnerability; security (ID#: 16-10742)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7146312&isnumber=7146167
G. B. Satrya, R. L. Chandra and F. A. Yulianto, “The Detection of DDOS Flooding Attack Using Hybrid Analysis in IPv6 Networks,” Information and Communication Technology (ICoICT ), 2015 3rd International Conference on, Nusa Dua, 2015, pp. 240-244. doi:10.1109/ICoICT.2015.7231429
Abstract: DDOS attack is very popular used by attacker to disrupt a computer network. The evolution of attack and the increase of vulnerable hosts on the Internet, have made its improvement more varied and difficult to be detected in real time. Today’s popular IP protocol development is IPv6. IPv6 provides a new technology including vulnerabilities and allows the attacker to attack the system. This issue may be the obstacle to make a DDOS attack detection algorithm more efficient and accurate. Due to that fact, this paper will discuss the development of prototype to detect DDOS attack using source addresses analytical methods and analysis of network flow. This prototype can detect DDOS attacks on IPv6 with 85% accuracy for the most severe test scenarios. For the detection time, the prototype can recognize DDOS within 2 minutes 56 seconds.
Keywords: IP networks; computer network security; DDOS flooding attack detection; Distributed Denial of Service flooding attack detection; IPv6 network; Internet; computer network; network flow analysis; source addresses analytical method; Computer crime; Floods; IP networks; Protocols; Prototypes; DDOS detection; IPv6; hybrid; network flow; source address analysis (ID#: 16-10743)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7231429&isnumber=7231384
C. Matthias, S. Kris, B. An, S. Ruben, M. Nele, and A. Kris, “Study on Impact of Adding Security in a 6LoWPAN Based Network,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 577-584. doi:10.1109/CNS.2015.7346871
Abstract: 6LoWPAN, a technology for allowing the deployment of IPv6 on Low Power and Lossy Networks enables interoperability and user-friendliness when establishing applications related to the highly popular trend of Internet of Things. In this paper, we investigate the impact of including a low cost security solution into the communication scheme on latency, power and memory requirements. The measurements demonstrate that this impact is acceptable for most applications. They also show that the impact drastically decreases when the number of transmitted messages decreases or the number of hops increases.
Keywords: IP networks; computer network security; 6LoWPAN; IPv6; Internet of Things; low cost security solution; Cryptography; IEEE 802.15 Standard; Internet; Protocols; Servers; Wireless Sensor and Actuator Network; energy consumption; latency; security (ID#: 16-10744)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346871&isnumber=7346791
C. Y. Liu, F. Y. Leu, I. You, A. Castiglione, and F. Palmieri, “The Untrusted Handover Security of the S-PMIPv6 on LTE-A,” Computer Communications Workshops (INFOCOM WKSHPS), 2015 IEEE Conference on, Hong Kong, 2015, pp. 161-166. doi:10.1109/INFCOMW.2015.7179378
Abstract: In this paper, we propose a secure scheme, named the Digital-Signature-based Authentication Method (DiSAM for short), in which two authentication methods, called Homogeneous Network Authentication (HoNA for short) and Untrusted Network Authentication (UNA for short), are proposed to enhance the security of the LTE-A on F-PMIPv6 handover. In the HoNA, when UE enters a network, it obtains its representative identify (RI for short) as the user’s digital signature, and reuses the code for the later authentications. The purpose is to avoid redundantly performing the whole authentication procedure once UE hands over to the next eNB, thus dramatically lowering the LTE-A’s handover delay without scarifying its original security level. Due to creating a special authentication parameter, which contains KASME, the HoNA is suitable for a homogeneous environment provided by the same 4G operator. In the UNA, the MME which is now serving UE, denoted by MME 1, will predict the next eNB/base station (BS) through the assistance of ANDSF. The next eNB/BS can be heterogeneous to the eNB/BS currently serving UE. After that, MME 1 sends an Authentication Request message to the next eNB/BS’s HSS, e.g., HSS 2. HSS 2 will request the HSS of UE’s home network, e.g., HSS 0, to authenticate UE. When successful, HSS 2 notifies its MME, e.g., MME 2 which will allow the UE to access its network resources. Of course, the UNA can also be applied to a homogeneous handover if the two systems before and after handover are untrusted.
Keywords: 4G mobile communication; IP networks; Long Term Evolution; digital signatures; mobile computing; mobility management (mobile radio); telecommunication security; 4G operator; ANDSF; DiSAM; F-PMIPv6 handover; HSS 2; HoNA; KASME; LTE-A handover delay; Long Term Evolution-Advanced; MME 1; MME 2; S-PMIPv6; UNA; authentication procedure; authentication request message; digital-signature-based authentication method; homogeneous handover; homogeneous network authentication; network resources; next eNB-base station; untrusted handover security; untrusted network authentication; user digital signature; Authentication; Databases; Handover; Protocols; IPv6; LTE-A; SCTP; Security; authentication (ID#: 16-10745)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7179378&isnumber=7179273
M. Verovko, O. Verovko, V. Kazymyr, J. N. Davies, and V. Grout, “Performance Concerns When Implementing Infrastructure Security in IPv4/IPv6 Networks,” Internet Technologies and Applications (ITA), 2015, Wrexham, 2015, pp. 186-191. doi:10.1109/ITechA.2015.7317393
Abstract: Internet Service Providers (ISPs) throughout the world are beginning the rollout of IPv6 networks to cater for the increase in the number of devices connected to the Internet. Without the use of this technology the internet would not be able grow at the present rate. Network security has become a very important function of the network infrastructure since it has the ability to limit the packets that can be passed. This functionality is usually implemented as an Access Control List (ACL) within a router. ACLs are created from rules that specify the action to be taken for any packet which is tested and matched against it. Rules are put together to form an ordered. If a match is made on a particular rule the packet is either permitted or denied and no further rules are evaluated. This paper investigates the effect on the delays through a router when ACLs are implemented using an IPv6 addressing scheme. With the increase in the bandwidth of networks the delays through networking equipment can become significant and so this is the main area of research. A comparison is made with similar ACLs implemented in an IPv4 and IPv6 network. Additionally the tests are repeated using an IPv6-IPv4-IPv6 Tunnel to compare the delays with the previous results. To eliminate the uncertainties related to the internet performance a set of experiments were conducted on a laboratory network ensuring that the comparisons are consistent.
Keywords: IP networks; Internet; authorisation; computer network performance evaluation; computer network security; telecommunication network routing; ACL; IPv4-IPv6 networks; IPv6 addressing scheme; IPv6-IPv4-IPv6 tunnel; ISPs; Internet service providers; access control list; infrastructure security; network infrastructure; network security; networking equipment; router; Legged locomotion; Logic gates; Access Control Lists (ACL); IPv4; IPv4 address exhaustion; IPv6; Internet Protocol; Network Security; Tunnels (ID#: 16-10746)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7317393&isnumber=7317353
S. Varakliotis, P. T. Kirstein, and G. Deiana, “The Use of Handle to Aid IoT Security,” Communications (ICC), 2015 IEEE International Conference on, London, 2015, pp. 542-548. doi:10.1109/ICC.2015.7248378
Abstract: This paper describes how the use of Identifiers with an appropriate system of identifier storage, registration and identifier resolution can greatly extend the flexibility of a system dealing with IoT. The features of the CNRI Handle system are shown to match well the requirements of such a IoT system. We have validated our thesis, by applying the system to a smart office environment, and shown how the properties of the IoT devices can be stored securely in a Handle repository including the characteristics of the device, network addresses and security attributes. We have concentrated on the security functionality combined with IPv6 infrastructure and the relevant Internet protocols.
Keywords: IP networks; Internet of Things; computer network security; CNRI handle system; IPv6 infrastructure; Internet protocol; IoT device; IoT system security; handle repository; identifier registration; identifier resolution; identifier storage; smart office environment; Authentication; Authorization; Buildings; Internet; Protocols; Servers; CoAP; DTLS; Digital Object Architecture; Handle System; IPv6; IoT security (ID#: 16-10747)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7248378&isnumber=7248285
Sun Meng and W. Xingwei, “Secure Email System Based on True IPv6 Address Access,” Fuzzy Systems and Knowledge Discovery (FSKD), 2015 12th International Conference on, Zhangjiajie, 2015, pp. 2180-2184. doi:10.1109/FSKD.2015.7382290
Abstract: Network security problems still exist when IPv4 transfers to IPv6. The current Email framework neither authenticates the sender nor traces the source of the mail, so even find a spam, the method is just to reject the mail or insert the mail source into “blacklist”, and both of these methods can’t deracinate the generation of spam. For this reason, this paper designs secure email system based on true IPv6 address access. It divides the authentication to inter-domain and intra-domain authentication. Inter-domain authentication is used to authenticate the mail sender’s domain. It combines path-based authentication, encryption-based authentication and trust and prestige system-based authentication methods in order to support both mail forwarding and mail list. Authentication efficiency can be further improved by organizing authentication order properly. Intra-domain is used to affirm the sender’s IP address which is used to trace the sender. It supports user to move by combining the fixed and changing IP address. After testing, this system is both feasible and effective.
Keywords: IP networks; computer network security; cryptography; unsolicited e-mail; IPv4 transfers; authentication order properly; encryption-based authentication; interdomain authentication; intradomain authentication; mail forwarding; mail list; mail sender domain; network security problem; path-based authentication; prestige system-based authentication method; secure email system; true IPv6 address access; trust system-based authentication method; Authentication; Cryptography; Electronic mail; Postal services; Protocols; Servers; Email; Encryption-based authentication; IPv6; Path-based authentication; Trust and prestige-based authentication (ID#: 16-10748)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7382290&isnumber=7381900
A. S. Ahmed, R. Hassan, and N. E. Othman, “Improving Security for IPv6 Neighbor Discovery,” Electrical Engineering and Informatics (ICEEI), 2015 International Conference on, Denpasar, 2015, pp. 271-274. doi:10.1109/ICEEI.2015.7352509
Abstract: For a successful communication in a LAN network Internet Protocol version 4 (IPv4) has to identify Machine Code Address (MAC) of the target host which was possible via using Address Resolution Protocol (ARP). This is improved in IPv6 in which nodes uses Neighbor Discovery Protocol (NDP) to access MAC address of other nodes. In addition to this it enables accessibility to routers and reachability of information on paths to active neighbor discovery. When NDP was initially defined, there was a belief that the local link would be made up of mutually trusting nodes. On the contrary, this has been rectified in wireless connection of networks in which the situation has radically changed. The lack of authorization and vulnerability to various attacks, various mechanisms have been implemented to counter this effect. These mechanisms are of two types which are Secured Neighbor Discovery Protocol (SEND) and Internet Protocol Security (IPSec). A keen interest is taken to analyze this mechanisms showing how it works including the shortcoming of each and various recommendations. Also we analyze each of NDP attacks in details, define the requirements to mitigate each of them and proposed a conceptual model layout in order to secure NDP.
Keywords: Internet; authorisation; computer network security; local area networks; protocols; trusted computing; ARP; IPSec; IPv6; IPv6 neighbor discovery security; Internet protocol security; LAN network Internet protocol version 4; MAC; NDP attacks; SEND; address resolution protocol; conceptual model layout; machine code address; neighbor discovery protocol; secured neighbor discovery protocol; wireless network connection; Authorization; Computer crime; Internet; Peer-to-peer computing; Routing protocols; NDP; NS; RS (ID#: 16-10749)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7352509&isnumber=7352453
Y. Hong, Y. Choi, M. Shin, and J. Youn, “Analysis of Design Space and Use Case in IPv6 over NFC for Resource-Constrained IoT Devices,” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 1009-1012. doi:10.1109/ICTC.2015.7354725
Abstract: This paper describes the characteristics of link layer technologies that are used at constrained node networks and typical use cases of IPv6 over networks of resource-constrained nodes. In addition to IEEE 802.15.4, various link layer technologies such as BLE, Z-wave, DECT-ULE, MS/TP, and NFC are widely used at constrained node networks for typical services. Based on these link layer technologies, IPv6 over networks of resource-constrained nodes has various and practical use cases. To efficiently implement typical IoT services, a typical use case and consideration of several design spaces in IPv6 over NFC are described.
Keywords: IP networks; Internet of Things; Zigbee; near-field communication; radio links; IEEE 802.15.4 various link layer technology; IPv6; NFC; constrained node network; design space analysis; resource-constrained IoT device; Bluetooth; Network topology; Quality of service; Reliability; Security; Synchronization; Topology; 6lo; IoT; resource-constrained node (ID#: 16-10750)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7354725&isnumber=7354472
S. U. Rehman and S. Manickam, “Rule-Based Mechanism to Detect Denial of Service (DoS) Attacks on Duplicate Address Detection Process in IPv6 Link Local Communication,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on, Noida, India, 2015, pp. 1-6. doi:10.1109/ICRITO.2015.7359243
Abstract: Internet Protocol version 6 (IPv6) is currently being deployed progressively around the world and soon will become the de facto IP communication standard. Nevertheless, due to the nature of the protocol design of IPv6, it has brought about various security issues. One of the security issues relates to leveraging the vulnerability that exists in the way Duplicate Address Detection (DAD) process is carried out leading to Denial or Service (DoS) attacks. Such attacks can render the whole network non-functional. Several mechanisms have been introduced to detect this attack. Nevertheless, these mechanisms had some drawbacks. In this paper, we propose a new mechanism that uses rule-based approach that is able to address the shortcomings of existing mechanisms with improved accuracy and performance.
Keywords: Address autoconfiguration; DAD; DoS; IPv6 Security; Intrusion Detection; Neighbor Discovery (ID#: 16-10751)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359243&isnumber=7359191
S. Ziegler, A. Skarmeta, P. Kirstein and L. Ladid, “Evaluation and Recommendations on IPv6 for the Internet of Things,” Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, Milan, 2015, pp. 548-552. doi:10.1109/WF-IoT.2015.7389113
Abstract: This article presents some key achievements and recommendations from the IoT6 European research project on IPv6 exploitation for the Internet of Things (IoT). It highlights the potential of IPv6 to support the integration of a global IoT deployment including legacy systems by overcoming horizontal fragmentation as well as more direct vertical integration between communicating devices and the cloud.
Keywords: Internet of Things; cloud computing; service-oriented architecture; software maintenance; IPv6 exploitation; IoT6 European research project; legacy systems; Europe; Interoperability; Object recognition; Protocols; Routing; Security; Standards; 6LoWPAN; CoAP; IPv6; Machine-to-Machine; addressing; integration; interoperability; scalability (ID#: 16-10752)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7389113&isnumber=7389012
Y. Qiu and M. Ma, “An Authentication and Key Establishment Scheme to Enhance Security for M2M in 6LoWPANs,” Communication Workshop (ICCW), 2015 IEEE International Conference on, London, 2015, pp. 2671-2676. doi:10.1109/ICCW.2015.7247582
Abstract: With the rapid development of wireless communication technologies, machine-to-machine (M2M) communications, which is an essential part of the Internet of Things (IoT), allows wireless and wired systems to monitor environments without human intervention. To extend the use of M2M applications, the standard of Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN), developed by The Internet Engineering Task Force (IETF), would be applied into M2M communication to enable IP-based M2M sensing devices to connect to the open Internet. Although the 6LoWPAN standard has specified important issues in the communication, security functionalities at different protocol layers have not been detailed. In this paper, we propose an enhanced authentication and key establishment scheme for 6LoWPAN networks in M2M communications. The security proof by the Protocol Composition Logic (PCL) and the formal verification by the Simple Promela Interpreter (SPIN) show that the proposed scheme in 6LoWPAN could enhance the security functionality with the ability to prevent malicious attacks such as replay attacks, man-in-the-middle attacks, impersonation attacks, Sybil attacks, and etc.
Keywords: Internet; Internet of Things; cryptographic protocols; personal area networks; transport protocols; 6LoWPAN; IETF; IPv6; Internet engineering task force; Internet protocol version 6; IoT; M2M communication; PCL; SPIN; authentication scheme; key establishment scheme; low power wireless personal area network; machine-to-machine communication; protocol composition logic; protocol layer; security enhancement; simple Promela interpreter; wireless communication technology; Authentication; Cryptography; Internet of things; Protocols; Servers; M2M (ID#: 16-10753)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247582&isnumber=7247062
S. Narayan, R. Gupta, A. Kumar, S. Ishrar, and Z. Khan, “Cyber Security Attacks on Network with Transition Mechanisms,” 2015 International Conference on Computing and Network Communications (CoCoNet), Trivandrum, 2015, pp. 163-169. doi:10.1109/CoCoNet.2015.7411182
Abstract: Cyber security is a big part of the Internet nowadays. There are cyber-attacks happening around the world right this very moment. Attacker mainly target national or corporate organizations and use cyber-attacks to attack and penetrate their network, which include the server, routers and computers. Transition mechanisms such as NAT64, 6to4, 4to6, 4in6, 6rd, Dual Stack and ISATAP were developed by Internet Engineering Task Force (IETF) to establish communication between IPv4 and IPv6 standards. There has not been much research done in the past to show how secure these transition mechanism are. This paper shows the performance and comparison between 4to6 transition mechanism and 6to4 transition mechanism when attacked by various cyber-attacks such as the Nmap, Zenmap, Smurf6 and flood router6. This paper also compares how both the transition mechanisms perform when Virtual Private Network (VPN) such as PPTP and IPsec are configured and the different cyber-attacks are executed. The average values of UDP and TCP delay and jitter for each of the tests that was performed are shown in the graphs.
Keywords: IP networks; Internet; computer network security; transport protocols; virtual private networks;4to6 transition mechanism; 6to4 transition mechanism; IETF; IPv4 standard; IPv6 standard; Internet Engineering Task Force; TCP delay; UDP; VPN; cyber security attack; jitter; virtual private network; Computer crime; Computers; Internet; Protocols; Standards; Virtual private networks; 4to6; 6to4; Cyber-attacks; IPsec; PPTP; VPN; performance evaluation; transition mechanism (ID#: 16-10754)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7411182&isnumber=7411155
W. Lee, M. Noh, B. Cho, T. Kim, and H. Kim, “Designing of Healthcare Information Network Using IPv6 Cloud Networks,” IT Convergence and Security (ICITCS), 2015 5th International Conference on, Kuala Lumpur, 2015, pp. 1-3. doi:10.1109/ICITCS.2015.7292969
Abstract: Information networks have emerged a major research area in the interest of healthcare. There are several applications in the R&D field of healthcare. Healthcare Network must ensure the reliability and efficiency because it transfer data of health. We consider distributed cloud systems, which deploy IPv6 and agents that are geographically distributed over a large number of locations in a wide-area network. In this article, we also argue for a healthcare information management model that provides higher-level connectivity and logical network abstraction that are integral parts of wellness applications.
Keywords: cloud computing; health care; medical information systems; research and development; wide area networks; IPv6 cloud networks; Internet protocol; distributed cloud systems; healthcare R-and-D field; healthcare information management model; healthcare information network; research and development; wellness applications; wide-area network; Connectors; IP networks; Measurement; Medical services; Monitoring; Tunneling; Visual databases (ID#: 16-10755)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292969&isnumber=7292885
Bingqing Luo, Suning Tang, and Zhixin Sun, “Research of Neighbor Discovery for IPv6 over Low-Power Wireless Personal Area Networks,” Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, Taipei, 2015, pp. 233-238. doi: (not provided)
Abstract: The Ipv6 neighbor discovery protocol is unable to meet the networking and address configuration requirements of the nodes in the wireless sensor network (WSN). To address this problem, the 6lowpan network architecture is presented in this paper, and based on the architecture, a method for configuring addresses of the 6lowpan nodes and a basic process for interaction during neighbor discovery are proposed. A context management and distributing strategy is also proposed to expanded 6lowpan domain, providing an approach to the standard protocol RFC6775. Simulation results show that the proposed 6lowpan neighbor discovery protocol is highly feasible and effective.
Keywords: IP networks; personal area networks; protocols; telecommunication power management; wireless sensor networks;Ipv6 neighbor discovery protocol; WSN; configuration requirements; low power wireless personal area networks; neighbor discovery; wireless sensor network; Context; Logic gates; Routing protocols; Standards; Synchronization; Wireless sensor networks; 6LoWPAN; address configuration; context; header compression; neighbor discovery (ID#: 16-10756)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332574&isnumber=7332527
M. Udhayamoorthi, S. Karthik, C. Senthilkumar, K. S. Mohan, and P. S. Dinesh, “Enhanced Designing of Network Using IPv6 Protocol and Enabling HSRP for Redundancy,” Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, Coimbatore, 2015, pp. 1-5. doi:10.1109/ICSNS.2015.7292431
Abstract: This project involves finding out a solution through implementation of HSRP (Hot Standby Routing Protocol) which gives robustness to the network and allows load sharing between links. HSRP is a routing protocol used to find out an alternate route to forward a packet to the destination network. Two routers connected to the same network are required to initiate HSRP. To enable HSRP, a dynamic routing protocol called OSPF (Open Shortest Path First) is used. OSPF is based on link state routing algorithm. OSPF selects the best routes by finding the lowest cost path to a destination. OSPF routes IP packets based solely on the destination IP address found in the IP packet header. Whenever OSPF needs to perform its functions, it should transmit certain packets. The main objective of this project is to deliver the packets between the nodes consistently in ipv6 network by using HSRP, to increase the network performance by enabling HSRP and to enhance the auto-redundancy, reliability, and efficiency.
Keywords: IP networks; routing protocols; telecommunication network reliability; HSRP; IP packet header; IP packets; IPv6 protocol; OSPF dynamic routing protocol; destination IP address; hot standby routing protocol; link state routing algorithm; load sharing; open shortest path first; redundancy; reliability; Communication networks; Information technology; Routing; Routing protocols; Security; Convergence; Loops; Metrics; OSPF networks; RIP (ID#: 16-10757)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292431&isnumber=7292366
S. Park and Y. Kwon, “Enhanced Scheme for Improving of TCP Performance on Handover in Mobile IPv6 Networks,” Information Science and Security (ICISS), 2015 2nd International Conference on, Seoul, 2015, pp. 1-4. doi:10.1109/ICISSEC.2015.7370999
Abstract: In the TCP over Mobile IPv6 (MIPv6) Networks, TCP responds to losses such as high bit errors and handovers by invoking congestion control and avoidance algorithms. In this paper we propose new handover notification algorithm scheme that is to send an explicit handover notification message to the source host from mobile host when occurring to handover. Upon receipt of explicit handover notification, the source host enters persist mode. This way, data transmissions at the source host during handover are frozen. In numerical result, proposed algorithm scheme provides a little performance improvement compared with general TCP method, and expects to greater performance improvements while having frequent handover in MIPv6 Networks.
Keywords: IP networks; mobile radio; mobility management (mobile radio); telecommunication congestion control; transport protocols; TCP; congestion avoidance; congestion control; handover notification message; mobile IPv6 networks; mobile host; source host; Handover; Loss measurement; Mobile communication; Mobile computing; Protocols; Wireless networks (ID#: 16-10758)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7370999&isnumber=7370954
R. Liu, “Research on IPV6-Based Computer Crime Evidence Dynamic Forensics Technology,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 720-724. doi:10.1109/CSNT.2015.201
Abstract: Computer crime is a kind of high-tech crime, it is intelligent and hidden and the traditional internet security technologies cannot be survived with. Therefore, relevant laws and regulations need to be establishing and people’s security awareness should be enhance as soon as possible. This is how computer forensics comes is born. Computer forensics is a combination of technologies including obtaining, conserving, analyzing and presenting the electronic evidence. The main goal is to excavate and collect electronic evidences. Tests shows results can effectively complete the supervision of target host computer, collect electric evidence and safely transfer target data, and the original design goal is realized.
Keywords: IP networks; Internet; computer crime; computer network security; digital forensics; IPv6-based computer crime evidence dynamic forensics technology; Internet security technology; electronic evidence collection; electronic evidence excavation; high-tech crime; target host computer supervision; Computer networks; Databases; Education; Information services; Law; Security; Computer crime; Computer forensics; realized (ID#: 16-10759)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7280013&isnumber=7279856
N. C. Arjuman and S. Manickam, “A Review on ICMPv6 Vulnerabilities and its Mitigation Techniques: Classification and Art,” Computer, Communications, and Control Technology (I4CT), 2015 International Conference on, Kuching, 2015, pp. 323-327. doi:10.1109/I4CT.2015.7219590
Abstract: In IPv4, ICMP was used for error reporting and flow control management among others. Due to lack of security consideration in the design of ICMPv4 protocol leading to numerous vulnerabilities, this has led to exploitation and attacks on a particular network. IPv6 is a new protocol introduced to replace IPv4 in order to circumvent IP address depletion. ICMPv6 now has expanded role, so security measures introduced in ICMPv4 are no longer sufficient to address the security issues potentially inherent in ICMPv6. This paper will review the vulnerabilities and exploitation of ICMPv6. The existing mitigation techniques and approaches used to address these vulnerabilities will also be reviewed to an extent.
Keywords: IP networks; computer network management; computer network security; ICMPv6 vulnerabilities; IP address depletion; IPv6; error reporting; flow control management; mitigation techniques; security consideration; Data structures; Filtering; Internet; Logic gates; Protocols; Security; ICMPv6; Mitigation; Review; Security (ID#: 16-10760)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219590&isnumber=7219513
I. Coonjah, P. C. Catherine, and K. M. S. Soyjaudah, “6to4 Tunneling Framework Using OpenSSH,” Computing, Communication and Security (ICCCS), 2015 International Conference on, Pamplemousses, 2015, pp. 1-4. doi:10.1109/CCCS.2015.7374134
Abstract: 6to4 tunneling enables IPv6 hosts and routers to connect with other IPv6 hosts and routers over the existing IPv4Internet. The main purpose of IPv6 tunneling is to maintain compatibility with large existing base of IPv4 hosts and routers. OpenSSH VPN tunneling is said to have limitations with numerous IPv6 clients and therefore it is advisable to use OpenVPN. To the best knowledge of the authors, this is the first reported successful implementation of 6to4 tunneling over OpenSSH with more than one client. This proof-of-concept positions OpenSSH therefore as a potential alternative to conventional VPNs.
Keywords: IP networks; cryptographic protocols; virtual private networks; 6to4 tunneling; IPv4Internet; IPv6 tunneling; OpenSSH VPN tunneling; OpenSSH protocol; OpenVPN; open secure shell protocol; traffic encryption; virtual private network; Internet; Protocols; Security; Servers; Tunneling; Virtual private networks; IPV6; OpenSSH; VPN (ID#: 16-10761)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7374134&isnumber=7374113
P. Pongle and G. Chavan, “A Survey: Attacks on RPL and 6LoWPAN in IoT,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi:10.1109/PERVASIVE.2015.7087034
Abstract: 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks) standard allows heavily constrained devices to connect to IPv6 networks. 6LoWPAN is novel IPv6 header compression protocol, it may go easily under attack. Internet of Things consist of devices which are limited in resource like battery powered, memory and processing capability etc. for this a new network layer routing protocol is designed called RPL (Routing Protocol for low power Lossy network). RPL is light weight protocol and doesn’t have the functionality like of traditional routing protocols. This rank based routing protocol may goes under attack. Providing security in Internet of Things is challenging as the devices are connected to the unsecured Internet, limited resources, the communication links are lossy and set of novel technologies used such as RPL, 6LoWPAN etc. This paper focuses on possible attacks on RPL and 6LoWPAN network, counter measure against them and consequences on network parameters. Along with comparative analysis of methods to mitigate these attacks are done and finally the research opportunities in network layer security are discussed.
Keywords: IP networks; Internet; Internet of Things; computer network security; personal area networks; routing protocols; 6LoWPAN; IPv6 over Low-Power Wireless Personal Area Network standard; IoT; RPL; network layer routing protocol; network layer security; novel IPv6 header compression protocol; rank based routing protocol; routing protocol for low power lossy network; Authentication; Delays; Maintenance engineering; Network topology; Topology; Attacks; Security (ID#: 16-10762)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087034&isnumber=7086957
Z. Liu, J. Dong, Y. Cui, and C. Zhang, “Dynamic Configuration for IPv4/IPv6 Address Mapping in 4over6 Technology,” 2015 IEEE 9th International Conference on Anti-counterfeiting, Security, and Identification (ASID), Xiamen, 2015, pp. 132-136. doi:10.1109/ICASID.2015.7405677
Abstract: The configuration for address mapping is an important process for IPv4-over-IPv6 (4over6) technology, which is the major scenario of IPv6 transition. However, it is not straightforward to use current configuration methods because they were only designed to solve part of the configuration scenario. In this paper, we first analyze the challenges of current configuration solutions. After that, we propose a dynamic configuration mechanism for address mapping based on the DHCPv4 over DHCPv6 (DHCP4o6) lease query. The boarder router device (BR) in 4over6 transition is able to obtain the IPv4/IPv6 heterogeneous lease of customer premises equipment (CPE) in bulk or in real-time with the help of our method. The lease will then be used to build the address mapping table. We implement the prototype system and verify it in a real 4over6 network at Tsinghua University. The results show that our mechanism satisfies the requirement of quick establishment of address mapping table when BR device is being initiated. Furthermore, our solution reduces the load of BR device comparing to current methods.
Keywords: transport protocols; CPE; IPv4-over-IPv6 technology; Tsinghua University; boarder router device; customer premises equipment; dynamic configuration mechanism; Encapsulation; Internet; Ports (Computers); Protocols; Real-time systems; Resource management; Servers; 4over6; IPv6 transition; address mapping; lease query (ID#: 16-10763)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7405677&isnumber=7405648
A. Shiranzaei and R. Z. Khan, “Internet Protocol Versions — A Review,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 397-401.
Abstract: Internet contributes to effective communication and exchange the information between people around the world through the easiest and fastest way. TCP/IP (Transmission Control Protocol/Internet Protocol) is a protocol which allocates address to each device for recognition and dispreads packets on the Internet. Over the years the IP has been changed because of user’s requirements. The first IP has been used broadly is IPV4 (Internet Protocol version 4) but it has encountered some problems with growth the number of user who use Internet. Internet Protocol version 6 is the next generation of Internet Protocol which has been used globally. IPv6 eliminates the most important problems of IPv4. This study briefly investigates the key features of IPv4 and IPv6.
Keywords: Internet; protocols; IPv4; IPv6; Internet Protocol version 4; Internet Protocol version 6; Computer science; IP networks; Next generation networking; Protocols; Security; Unicast; History of IP; IP; TCP/IP (ID#: 16-10764)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7100280&isnumber=7100186
J. Santa, P. J. Fernández, F. Pereñíguez, F. Bernal, and A. F. Skarmeta, “A Vehicular Network Mobility Framework: Architecture, Deployment and Evaluation,” Computer Communications Workshops (INFOCOM WKSHPS), 2015 IEEE Conference on, Hong Kong, 2015, pp. 127-132. doi:10.1109/INFCOMW.2015.7179372
Abstract: Research on vehicular networks has increased for more than a decade, however, the maturity of involved technologies has been recently reached and standards/specifications in the area are being released these days. Although there are a number of protocols and network architecture proposals in the literature, above all in the Vehicular Ad-hoc Network (VANET) domain, most of them lack from realistic designs or present solutions far from being interoperable with the Future Internet. Following the ISO/ETSI guidelines in field of (vehicular) cooperative systems, this work addresses this problem by presenting a vehicular network architecture that integrates well-known Internet Engineering Task Force (IETF) technologies successfully employed in Internet. More precisely, this work describes how Internet Protocol version 6 (IPv6) technologies such as Network Mobility (NEMO), Multiple Care-of Address Registration (MCoA), IP Security (IPsec) or Internet Key Exchange (IKE), can be used to provide network access to in-vehicle devices. A noticeable contribution of this work is that it not only offers an architecture/design perspective, but also details a deployment viewpoint of the system and validates its operation under a real performance evaluation carried out in a Spanish highway. The results demonstrate the feasibility of the solution, while the developed testbed can serve as a reference in future vehicular network scenarios.
Keywords: IP networks; Internet; intelligent transportation systems; mobile computing; mobility management (mobile radio); protocols; telecommunication security; vehicular ad hoc networks; IETF technologies; IKE; IP security; IPsec; IPv6 technologies; ISO/ETSI; Internet Protocol version 6; Internet engineering task force technologies; Internet key exchange; MCoA; NEMO; Spanish highway; VANET; cooperative systems; future Internet; multiple care-of address registration; network architecture protocols; vehicular ad-hoc network; vehicular network mobility framework; Computer architecture; Roads; Security; Telecommunication standards; Vehicles; 802.11p; IPv6; Intelligent Transportation Systems; V2I; testbeds; vehicular networks (ID#: 16-10765)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7179372&isnumber=7179273
S. S. Slehat, Z. Chaczko, and A. Kale, “Securing Teredo Client from Nat Holes Vulnerability,” Computer Aided System Engineering (APCASE), 2015 Asia-Pacific Conference on, Quito, 2015, pp. 366-369. doi:10.1109/APCASE.2015.71
Abstract: The aim of paper to presents the contain problem in automatic tunneling. Automatic tunneling has three main components to encapsulate IPv6 packets into IPv4 packets. The components called Teredo, ISATAP, and 6to4. In some cases, these components related problems such as source routing, neighbor discovery and NAT holes. This paper present key issues related to the Teredo tunneling called “Teredo NAT Holes” that increases the attack surface. And thus causes the NAT service to become more vulnerable.
Keywords: IP networks; Internet; computer network security; protocols; telecommunication network routing; telecommunication services; tunnelling; 6to4; IPv4 packets; IPv6 packets; ISATAP; NAT holes vulnerability; NAT service; Teredo NAT holes; Teredo client; Teredo tunneling; attack surface; automatic tunneling; neighbor discovery; source routing; Ports (Computers); Protocols; Relays; Security; Servers; Tunneling; IPv6; Teredo tunneling; Tunneling (ID#: 16-10766)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287047&isnumber=7286975
O. Kodym, F. Benes, and J. Svub, “EPC Application Framework in the Context of Internet of Things,” Carpathian Control Conference (ICCC), 2015 16th International, Szilvasvarad, 2015, pp. 214-219. doi:10.1109/CarpathianCC.2015.7145076
Abstract: Internet of Things philosophy implementation in conditions of the existing communication networks requires new types of services and interoperability. Once of the desired innovations is communication between existing IP world and the new generation network. Not just networks of smart devices that may not always have IP connectivity, but also other RFID-labeled objects and sensors. Fulfilling the need for high-quality applications for further more specific parameters of these objects internet of things, as may be location, serial number, distinctive and unique characters/connections, can add a proper extension of the existing network and system infrastructure with new information and naming service. Their purpose is not only to assign a unique identifier to the object, but also allow users to new services use other information associated with the selected object. The technology that enables the data processing, filtering and storage is defined in the Electronic Product Code Application Framework (EPCAF) as RFID middleware and EPCIS. One of the implementations of these standards is the Open Source solution Fosstrak. We experimented with Fosstrak system that was developed on Massachusetts Institute of Technology (MIT) by an academic initiative but nowadays we are going to prove its benefits in the context of business environment. The project is aimed also on connection and linking between systems of the EPCIS class made by the ONS systems.
Keywords: IP networks; Internet of Things; filtering theory; middleware; open systems; product codes; radiofrequency identification; storage management; EPC application framework; EPCAF; EPCIS class; Fosstrak system; IP connectivity; IP world; MIT; Massachusetts Institute of Technology; ONS system; RFID middleware; RFID-labeled object; academic initiative; business environment; communication network; data processing; electronic product code application framework; filtering; high-quality application; information service; interoperability; naming service; new generation network; open source solution Fosstrak; smart device; storage; system infrastructure; Artificial neural networks; Interoperability; Product codes; Standards; Technological innovation; Testing; Fosstrak; IPv6; IoT (Internet of Things); ONS (Object name services); RFID security (ID#: 16-10767)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7145076&isnumber=7145033
S. Singh and K. Mittal, “Internet of Everything Smart Environment,” Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on, Noida, 2015, pp. 1309-1311. doi:10.1109/ICGCIoT.2015.7380668
Abstract: The Internet of Things (IoT) poses completely new challenges when compared to the traditional Internet which cannot be faced if the involved objects are just traditional “smart” objects. IoT technologies improve our lives, but along with those benefits bring the real responsibility of securing the systems which have now incorporated a huge amount of data and the ability to control systems across the Internet. In this framework, the key function is the ability of acquiring personal information (i.e., human factors) simultaneously with the information from the social and physical context that constitutes the environment. Hence, in this paper we have tried to bring forward some new and efficient technologies that will help in security of the data and of the individual in a way that has not been thought yet in this world of things.
Keywords: Internet of Things; authorisation; human factors; public transport; data security; human factors loT technologies; personal information acquisition; physical context; smart objects; social context; system security; systems control; Cooling; Sensors; Switches; Vehicles; ECG sensors; EEG sensors; IPv6; SmartCities; actuators; gyroscopes; sensors (ID#: 16-10768)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380668&isnumber=7380415
S. Vohra and R. Srivastava, “A Survey on Techniques for Securing 6LoWPAN,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 643-647. doi:10.1109/CSNT.2015.163
Abstract: The integration of low power wireless personal area networks (LoWPANs) with the Internet allows the vast number of smart objects to harvest data and information through the Internet. Such devices will also be open to many security threats from Internet as well as local network itself. To provide security from both, along with Cryptography techniques, there also requires certain mechanism which provides anonymity & privacy to the communicating parties in the network in addition to providing Confidentiality & Integrity. This paper provides survey on techniques used for securing 6LoWPAN from different attacks and aims to assist the researchers and application developers to provide baseline reference to further carry out their research in this field.
Keywords: Internet; cryptography; personal area networks; telecommunication security; 6LoWPAN; baseline reference; cryptography techniques; local network; low power wireless personal area networks; security threats; smart objects; Computer crime; IEEE 802.15 Standard; Protocols; Routing; Sensors; IDS; IEEE 802.15.4; IPsec; IPv6; Internet of Thing; MT6D (ID#: 16-10769)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279997&isnumber=7279856
A. A. Alsaffar, M. Aazam, and E. N. Huh, “Framework of N-Screen Services Based on PVR-Micro Data Center and PMIPv6 in Cloud Computing,” Ubiquitous and Future Networks (ICUFN), 2015 Seventh International Conference on, Sapporo, 2015, pp. 839-841. doi:10.1109/ICUFN.2015.7182661
Abstract: Most of today smart devices (e.g. smart phone, tablets, etc) are mobile and can access the Internet through wireless network which is almost everywhere. For mobility support, IETF developed PMIPv6 to enable user devices to be connected to the Internet without being disconnected when passing by different network areas. Unlike wired network, a wireless network increased the potential threats to every device that is wirelessly connected to Internet. As a result, security threats and attacks are critical issues which are needed to be address. In addition, provides mobility for devices in different network area require different security measures and configuration to be configured such as user device registration and authentication in PMIPv6 inter/intra-domain as well as providing fast delivery of multimedia content. In this paper, we introduce new architecture for N-Screen services which allows the streaming of application based on N-Screen technology using Personal Video Recorder function built-in micro data center and Proxy Mobile IPv6 technology in cloud computing environment. Through utilizing this service, we can clearly solve the issues mentioned above and have a better understanding. We compare our work with others where it shows better performance.
Keywords: IP networks; IPTV; cloud computing; computer centres; computer network security; IETF; N-screen services; PMIPv6; PMIPv6 interdomain; PMIPv6 intradomain; PVR-microdata center; Proxy Mobile IPv6 technology; cloud computing environment; device mobility; mobility support; multimedia content; network areas; personal video recorder function; security attacks; security configuration; security measures; security threats; smart devices; user device authentication; user device registration; user devices; wireless network; Authentication; Cloud computing; Mobile communication; Multimedia communication; Streaming media; N-Screen; PVR; mega data center; micro data center; multimedia delivery protocol (ID#: 16-10770)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7182661&isnumber=7182475
M. A. Gosselin-Lavigne, H. Gonzalez, N. Stakhanova, and A. A. Ghorbani, “A Performance Evaluation of Hash Functions for IP Reputation Lookup Using Bloom Filters,” Availability, Reliability and Security (ARES), 2015 10th International Conference on, Toulouse, 2015, pp. 516-521. doi:10.1109/ARES.2015.101
Abstract: IP reputation lookup is one of the traditional methods for recognition of blacklisted IPs, i.e., IP addresses known to be sources of spam and malware-related threats. Its use however has been rapidly increasing beyond its traditional domain reaching various IP filtering tasks. One of the solutions able to provide a necessary scalability is a Bloom filter. Efficient in memory consumption, Bloom filters provide a fast membership check, allowing to confirm a presence of set elements in a data structure with a constant false positive probability. With the increased usage of IP reputation check and an increasing adoption of IPv6 protocol, Bloom filters quickly gained popularity. In spite of their wide application, the question of what hash functions to use in practice remains open. In this work, we investigate a 10 cryptographic and non-cryptographic functions for on their suitability for Bloom filter analysis for IP reputation lookup. Experiments are performed with controlled, randomly generated IP addresses as well as a real dataset containing blacklisted IP addresses. Based on our results we recommend two hash functions for their performance and acceptably low false positive rate.
Keywords: IP networks; computer network security; cryptography; data structures; probability; table lookup; Bloom filter; IP filtering tasks; IP reputation check; IP reputation lookup; IPv6 protocol; blacklisted IP addresses; constant false positive probability; data structure; hash functions; malware-related threats; membership check; memory consumption; noncryptographic functions; performance evaluation; set elements; spam; Accuracy; Cities and towns; Cryptography; Hardware; Software; Theory; complexity measures; performance measures (ID#: 16-10771)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7299960&isnumber=7299862
B. Liu and J. Bi, “DISCS: A DIStributed Collaboration System for Inter-AS Spoofing Defense,” Parallel Processing (ICPP), 2015 44th International Conference on, Beijing, 2015, pp. 160-169. doi:10.1109/ICPP.2015.25
Abstract: IP spoofing is prevalently used in DDoS attacks for anonymity and amplification, making them harder to prevent. Combating spoofing attacks requires the collaboration of different autonomous systems (ASes). Existing methods either lack flexibility in collaboration or require centralized control in the inter-AS environment. In this paper, we propose a Distributed Collaboration System (DISCS) for inter-AS spoofing defense, which allows ASes to flexibly collaborate in spoofing defense in a distributed manner. Each DISCS-enabled AS implements four defense functions. When a victim AS is under a spoofing attack, it can request other ASes to execute the most appropriate defense functions. We present the distributed and flexible control plane design and the backward compatible and incrementally deployable data plane design for both IPv4 and IPv6. We evaluate DISCS with theoretical proof and simulations using real Internet data. The results show that DISCS has strong deployment incentives, high effectiveness, minimal false positives, modest resource consumption and strong security.
Keywords: IP networks; Internet; centralised control; computer network security; ASes; DDoS attacks; DISCS; IP spoofing; IPv4; IPv6; distributed collaboration system; distributed control plane design; flexible control plane design; inter-AS environment; inter-AS spoofing defense; real Internet data; Bandwidth; Collaboration; Computer crime; Cryptography; DDoS defense; inter-AS collaboration; spoofing defense (ID#: 16-10772)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7349571&isnumber=7349545
S. Narayan, C. J. Williams, D. K. Hart, and M. W. Qualtrough, “Network Performance Comparison of VPN Protocols on Wired and Wireless Networks,” Computer Communication and Informatics (ICCCI), 2015 International Conference on, Coimbatore, 2015, pp. 1-7. doi:10.1109/ICCCI.2015.7218077
Abstract: VPNs are a well-established method employed by organizations to secure their data communications across un-trusted networks. This is due to their relative low cost and ease with which they can be implemented, VPNs also allow the flexibility for staff to be able to access network resources in a secure manner from anywhere in the world. However performance of the network must be considered alongside the flexibility and security a VPN provides. With the address range of IPv4 all but exhausted organizations are now slowly adopting IPv6 addressing, and alongside this there have also been advances with wireless technologies such as the introduction of IEEE802.11ac. In this research paper we conduct performance evaluations of three VPNs (PPTP, IPSec, and SSTP) in a Windows 7 Windows 2012 Client/Server network environment over wired and wireless media (Ethernet and IEEE802.11ac) using both IP versions and observe their performance. IT is found that IPSec had the worst performance in all network metrics and SSTP had the most consistent performance. PPTP performed well in the IPv4 tests but is incompatible with IPv6.
Keywords: data communication; protocols; telecommunication security; telecommunication standards; virtual private networks; Ethernet; IEEE802.11ac; IPSec; IPv4; IPv6; PPTP; SSTP; VPN protocols; Windows 2012; Windows 7; client/server network; data communications; network performance comparison; un-trusted networks; virtual private networks; wired networks; wireless networks; Computers; Jitter; Protocols; Servers; Throughput; Virtual private networks; Wireless communication; IEEE802.11ac; VPN; performance evaluation (ID#: 16-10773)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218077&isnumber=7218046
P. Singh and S. Manickam, “Design and Deployment of OpenStack-SDN Based Test-bed for EDoS,” Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on, Noida, 2015, pp. 1-5. doi:10.1109/ICRITO.2015.7359327
Abstract: High fidelity experimental facilities play an important role in evaluating new technologies such as cloud computing and software defined network (SDN). In this paper, we highlight how OpenDaylight can be integrated with OpenStack to provide a powerful SDN-based networking solution for OpenStack Clouds. It provides practical application of the future network standards leveraging SDN technology. We will discuss the important elements of designing and implementing OpenStack-SDN testbed for virtual networks that integrates additional capabilities compared to existing SDN testbeds. We will also provide an overview of setting up the testbed with the necessary hardware and components required to build this testbed.
Keywords: cloud computing; computer network security; open systems; software defined networking; virtual private networks; EDoS; OpenDaylight; OpenStack clouds; OpenStack-SDN based test-bed; SDN technology; SDN-based networking solution; software defined network; virtual networks; Cloud computing; Computer architecture; Computer crime; Control systems; Monitoring; Random access memory; Servers; DDoS; OpenStack; SDN; Test Bed (ID#: 16-10774)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359327&isnumber=7359191
K. Iuchi, T. Matsunaga, K. Toyoda, and I. Sasase, “Secure Parent Node Selection Scheme in Route Construction to Exclude Attacking Nodes from RPL Network,” 2015 21st Asia-Pacific Conference on Communications (APCC), Kyoto, 2015, pp. 299-303. doi:10.1109/APCC.2015.7412530
Abstract: The IPv6 Routing Protocol for Low-power and Lossy networks (RPL) is a standard routing protocol to realize the Internet of Things (IoT). Since RPL is a tree-based topology network, an attacking node may falsely claim its rank towards neighbor nodes in order to be chosen as a parent of them and to collect more packets to tamper. In this paper, we propose a secure parent selection scheme so that each child node can select a legitimate node as its parent. In the proposed scheme, each node chooses a parent after excluding the best candidate if multiple parent candidates exist. Our scheme utilizes the fact that an attacking node claims falsely a lower rank than that of a legitimate nodes. We show that attacking nodes have no merits to claim lower ranks than true ones in a secure parent node selection scheme. By the computer simulation, we show that the proposed scheme reduces the total number of child nodes attached to attacking nodes in comparison with the conventional RPL scheme.
Keywords: IP networks; Internet of Things; computer network security; routing protocols; telecommunication network topology; trees (mathematics); IPv6 routing protocol for low-power and lossy networks; IoT; RPL network attacking node; computer simulation; multiple parent candidates; route construction; secure parent node selection scheme; tree-based topology network; Authentication; Complexity theory; Monitoring; Network topology; Routing protocols; Topology (ID#: 16-10775)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7412530&isnumber=7412489
Li Xue and Sun Zhixin, “An Improved 6LoWPAN Hierarchical Routing Protocol,” Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, Taipei, 2015, pp. 318-322. doi: (not provided)
Abstract: IETF 6LoWPAN working group is engaged in the IPv6 protocol stack research work based on IEEE802.15.4 standard. In this working group, the routing protocol is one of the important research contents. In the 6LoWPAN, HiLow is a well-known layered routing protocol. This paper puts forward an improved hierarchical routing protocol GHiLow by improving HiLow parent node selection and path restoration strategy. GHiLow improves the parent node selection by increasing the choice of parameters. Simultaneously, it also improves path recovery by analysing different situations to recovery path. Therefore, GHiLow contributes to the enhancement of network performance and the decrease of network energy consumption.
Keywords: personal area networks; routing protocols; 6LoWPAN hierarchical routing protocol; IEEE802.15.4 standard; IETF 6LoWPAN working group; IPv6 protocol; node selection; parent node selection; path restoration strategy; Artificial neural networks; Protocols; Routing; 6LoWPAN; HiLow; path recovery (ID#: 16-10776)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7332588&isnumber=7332527
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.