Browse > Article

A Study on Security Analysis and Security Design for IPv6 Transition Mechanisms  

Choi, In-Seok (숭실대학교 정보통신전자공학부)
Kim, Young-Han (숭실대학교 정보통신전자공학부)
Jung, Sou-Hwan (숭실대학교 정보통신전자공학부)
Abstract
The IETF has created the v6ops Working Group to assist IPv6 transition and propose technical solutions to achieve it. But it's quite problem which security consideration for a stage of IPv4/IPv6 transition and co-existence. There are new security problem threat that it caused by the characteristics of heterogeneity. In this paper, we describe IPv6 transition mechanisms and analyze security problem for IPv6 transition mechanism. also we propose security consideration and new security mechanism. We analyzed DoS and DRDoS in 6to4 environment and presented a address sanity check as a solution. We also showed an attack of address exhaustion in address allocation server. To solve this problem, we proposed challenge-response mechanism in DSTM.
Keywords
IPv6; IPv6 Transition; 6to4; DSTM; NAT-PT; Security;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Carpenter and K. Moore, 'Connection of IPv6 Domains via IPv4 Clouds,' RFC 3056, February 2001
2 Jim Bound, 'Dual Stack Transition Mechani­sm,' Internet Draft, draft-bound-dstm-exp-­01.txt, April 2004
3 J. Wiljakka (ed.), 'Analysis on IPv6 Transi­tion in 3GPP Networks,' Internet Draft, draft-ietf-v6ops-3gpp-analysis-09.txt, March 2004
4 E. Nordmark, 'Stateless IP/ICMP Translation Algorithm (SIIT),' RFC 2765, February 2000
5 William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, ISBN 0-201-­63357-4, 1994
6 K. Tsuchiya, H. Higuchi, and Y. Atarashi, 'Dual Stack Hosts using the Bump-In-the­-Stack Technique (BIS),' RFC 2767, Fe­bruary 2000
7 P. Ferguson and D. Senie, 'Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing,' RFC 2267, January 1998
8 E. Nordmark and R. E. Gilligan, 'Basic Transition Mechanisms for IPv6 Hosts and Routers,' Internet Draft, draft-ietf-v6ops­mech-v2-02.txt, January 30, 2004
9 G. Tsirtsis and P. Srisuresh, 'Network Add­ress Translation-Protocol Translation (NAT­PT),' RFC 2766, February 2000
10 P. Srisuresh, G. Tsirtsis, P. Akkira ju, and A. Heffernan, 'DNS extensions to Network Address Translators (DNS_ALG),' RFC 2694, September 1999
11 C. Huitema, 'Tunneling IPv6 over UDP through NATs,' Internet Draft, draft- huite­ma-v6ops-teredo-03.txt, November 2004
12 S. Lee, M-K. Shin, Y-J. Kim, E. Nordmark, and A. Durand, 'Dual Stack Hosts Using 'Bump-in-the-API' (BIA),' RFC 3338, October 2002
13 P. SavoIa and C. Patel, 'Security Consider­ations for 6to4,' Internet Draft, draft-ietf-­v6ops-6to4-security-02.txt, March 2004
14 차세대 인터넷 프로토콜 : IPv6, IPv6 포럼코리아, 3월 2002
15 Steve Gibson, 'DRDoS (Distributed reflec­tion Denial of Service),' Gibson Research Cor- poration, February 2002
16 F. Templin, T. Gleeson, M. Talwar, and D. Thaler, 'Intra-Site Automatic Tunnel Addre­ssing Protocol (ISATAP),' Internet Draft, draft-ietf-ngtrans-isatap-21.txt, April 2004
17 J. William Atwood, Kedar C. Das, and Xing (Scott) Jiang, 'IPv4/IPv6 Translation: Allowing IPv4 hosts to communicate with IPv6 hosts without modifying the software on the IPv4 or IPv6 hosts