IPv6 is the next generation Internet protocol that is aimed at replacing the current IPv4 implementation that exists in TCP/IP based networks and the Internet. IPv6 offers a larger address space than that of IPv4, mechanisms for stateless autoconfiguration, fixed header size and support for quality of service among many other features.
Although IPv6 adoption has been slow, countries in Asia and Europe have already taken several steps towards its deployment. In the US, the Department of Defense and Office of Management and Budget have taken the lead on IPv6 adoption. In the 3rd generation mobile communication systems, IPv6 has been incorporated as one of the protocols of choice for carrying the data of several mobile network functions
Researchers in this area investigate the inner-workings of the IPv6 protocol with a focus on its security vulnerabilities. IPv6 is the updated version of one of the main protocols that makes the internet work. They have configured a small IPv6 network in which they perform several security attacks in order to characterize their impact on a network and their possible countermeasures. The study of similar issues on Mobile IPv6 networks is under way this semester. This work will also result in the creation of demos and lab exercises about the IPv6 protocol.
Vulnerabilities in IPv6
Sniffing and reconnaissance attacks such as port scanning are still possible in IPv6. However, the large address space of IPv6 makes ping sweep and port scan more difficult to complete.
Although IPSec is mandated in IPv6, in practice it is not used. This leaves the network vulnerable to several attacks
The auto-configuration capabilities that are built into IPv6 open the door for several security attacks such as Denial of Service (DoS) and Man-in-the-middle.
Routers use the Neighbor Discovery (ND) protocol to discover each other’s presence, determine their link layer addresses and prefix information.
Router advertisements (RAs) are not validated by a receiving node. Thus, any node that receives a fake RA will update its communication parameters blindly based on the information contained in the RA
Man in the middle attack: Lack of proper authentication mechanism in IPv6 allows the attacker to intercept and relay messages of legitimate users.
Denial of service attacks (DOS): Certain services are flooded with a large amount of illegitimate requests that render the targeted system unreachable by legitimate users.
Mobile IPv6 has been designed to enable mobile devices to migrate seamlessly between networks whilst keeping the same IPv6 address, regardless of the local subnet addressing scheme.
Mobile IPv6 provides an efficient, scalable mechanism for roaming within the Internet. Using Mobile IP, nodes may change their point-of-attachment to the Internet without changing their home IP address. This allows them to maintain transport and higher-layer connections while roaming. Node mobility is realized without the need to propagate host-specific routes throughout the Internet routing fabric.
Carlos E Caicedo Bastidas
Amol Dineshbhai Rawal – Graduate Student, TNM Program
Sathyanarayana Gopal – Graduate Student, TNM Program
Rohan Kamath – Graduate Student, TNM Program
Ningjia Huang – Graduate Student, TNM Program