Matjaž Drča (2010) Security in networks with IPv6 protocol. EngD thesis.
Abstract
It is the year 2010. Modern forms of communication are increasingly using IP networks infrastructure. There are requirements to accelerate network traffic direction, global availability, opportunities for identification and quality control services and, in particular, to increase the address space for network devices. At the same time enhancing the IP packet traffic raise questions about the security of information transfer. Some answers to these challenges introduce a new age protocol IPv6. Initially the thesis presents the basic characteristics of this protocol. I explained the main planners objectives and goals of future IP protocol which are the result of the imperfection of its predecessor, IPv4. In order to understand the subsequent quotes and attack descriptions I have described also the IPsec security protocol, which represents a fundamental mechanism for the protection of IP communications. In the central part I focused on the execution of attacks to the IP version 6 protocol. Since IPv6 according to contemporary needs in the field of communication represents a logical upgrade of IPv4, some risks remain identical or very similar to IPv4. In this chapter I listed a description of execution for each type of attack and any differences in approach. In the next chapter, I tried to sum up the attacks, which appear in a new form only in IP version 6. These are primarily related to messages manipulation with which network hosts advertise configuration parameters or express request for it. One of the attacks is based on message spoofing at the process of verification of IP address availability. The theoretical description of the vulnerability in duplicate address detection procedure served as a basis for the implementation of practical implementation of an attack. In the last part I have practically demonstrated the possibility of an attack, which prevents the victim to obtain a valid address. I realized the attack on four virtual PCs with network interfaces. Each of them had a defined role during the attack. The aim of the attack is to show the ability of infiltration of unauthorized messages into the network in order to execute malicious activity. IPv6 inherited certain vulnerability from its predecessor while others are the result of new approaches in the design of the protocol. We can exploit the knowledge we have gained with IPv4 protocol threats analysis since the transitional period to native IPv6 network will take quite some time. The main transition mechanism towards the experts forecast is the usage of dual stack architecture which will allow simultaneous processing of both versions of the protocols. Therefore it will be necessary in the use of security mechanisms to be attentive to the common vulnerabilities and new opportunities in the IPv6 protocol as to the security holes in implementations of the mechanisms of the transition period.
Actions (login required)
![[img]](http://eprints.fri.uni-lj.si/style/images/fileicons/application_pdf.png)
