Network Security: Security of Internet Mobility. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
|
|
- Sara Griffin
- 5 years ago
- Views:
Transcription
1 Network Security: Security of Internet Mobility Tuomas Aura T Network security Aalto University, Nov-Dec 2014
2 Outline Mobile IPv6 Return routability test Address and identifier ownership Cryptographically generated IPv6 addresses 2
3 Mobile IPv6
4 Mobile IPv6 Network-layer mobility protocol Developed since 1991; now standardized by the Internet Engineering Task Force (IETF) Mobile IP(v4) [RFC 5944], Mobile IPv6 [RFC 6275] History: Mobile IPv6 standardization halted in 2000 because of security concerns Security protocol proposed by us in 2001 became a part of the standard. Major security problems fixed Mobile IPv6 never became the dominant mobility mechanism for the Internet, but the security lessons apply to many other protocols and applications! Next, we'll go through the threat analysis and security protocol design step by step 4
5 ! Why is Mobile IP(v6) not used? Mobility in the IP layer was supposed to be a generic solution to all mobility, but it is not widely used IPv6 deployment slowed than expected Too narrow view of what is mobility: Changing IP address (handover between WLAN APs, DHCP allocating a different address) only this is solved by Mobile IP(v6) Shared IP address (hosts behind a NAT) Multihoming (wired+wireless+cellular interfaces, and thus several IP addresses coming and going) Failover (duplicated nodes, e.g. telecom signaling points) Delay tolerance (device sleeping, no signal) Stateless protocols have taken over HTTP, REST, TLS tolerate connection failure and changing IP address Applications are not designed to depend on long-living TCP connections 5
6 Mobile IPv6 and addresses The mobile node (MN) has two IPv6 addresses Home address (HoA): Has subnet prefix of the home network Used as address (=location for routing packets) when MN is at home. Used as host identifier when MN is roaming in a foreign network Home network is typically virtual MN never at home Care-of address (CoA): MN s current point of attachment to the Internet Has subnet prefix of the foreign network Correspondent node (CN) can be any Internet host (Note: MN and CN are hosts, not routers.) Note the dual role of IP addresses! 6
7 Mobility Home Network Correspondent node (CN) Home address (HoA) Mobile node (MN) Foreign Network Care-of address (CoA) How to communicate after MN leaves its home network and is roaming in a foreign network? (HoA, CN and CoA are IPv6 addresses) 7
8 Mobility Home Network Home address (HoA)??? Correspondent node (CN) Mobile node (MN) Foreign Network Care-of address (CoA) How to communicate after MN leaves its home network and is roaming in a foreign network? (HoA, CN and CoA are IPv6 addresses) 8
9 Mobility goals: Mobile IPv6 goals MN is always reachable at HoA as long as it is connected to the Internet at some CoA Connections don t break when CoA changes Performance goals (different levels): Roaming (transparent access to VPN, and web while away from home) has low QoS requirements Mobile multimedia (real-time voice and sound while constantly moving) requires delays < 200 ms Security goals: As secure as the current Internet without mobility 9
10 Mobile IPv6 tunnelling Home Network Home agent HA at HoA source = CN destination = HoA CN Encapsulated packet source = HA destination = CoA source = CN destination = HoA MN at CoA Home agent (HA) is a router at the home network that forwards packets to and from the mobile MN always reachable at HoA 10
11 Tunneled packets on the wire IPsec ESP tunnel between HA and MN HA uses its own IPv6 address as the tunnel endpoint MN uses the CoA as the tunnel endpoint both SPD and SAD must be updated at HA when the mobile moves Packet from CN to HoA: IP[CN,HoA] Payload (intercepted by HA) Forward tunnel from HA to CoA: IP[HA,CoA] ESP IP[CN,HoA] Payload Reverse tunnel from MN to HA: IP[CoA,HA] ESP IP[HoA,CN] Payload Packet forwarded from HA to CN: IP[HoA,CN] Payload Note: no problems with ingress filtering because all source addresses are topologically correct 11
12 Route optimization (RO) HA at HoA 1. First packet 2. Binding Update (BU) source = CoA destination = CN This is HoA I'm at CoA CN source = CN destination = CoA For HoA 3. Following packets This is the early RO protocol (very efficient!), before security analysis and securityprotocol design MN at CoA source = CoA destination = CN From HoA Home address option (HAO) Routing header (RH) 12
13 Route-optimized packets on the wire Packet from CN to MN: IP[CN,CoA] RH[HoA] Payload (RH = Routing header Type 1, for HoA ) Packet from MN to CN: IP[CoA,CN] HAO[HoA] Payload (HAO = Home address option, from HoA ) Again, all source addresses are topologically correct 13
14 Route optimization Normally, only the first packet sent via home agent (HA) Binding udpate (BU) triggered when MN receives a tunneled packet. All following packets optimized But, if CN does not support BU or decides to ignore them, then all packets are tunneled via HA MN may send the BU at any time In principle, IP layer is stateless and does not know whether there was previous communication 14
15 Binding update Originally, a 2-message protocol: Binding update (BU) from CoA to CN Binding acknowledgement (BA) from CN to MN The final standard is a much more complex protocol, for security reasons which we'll explain CN caches the HoA CoA binding in its binding cache for a few minutes MN may send a new BU to refresh the cache or to update its location CN may send a binding request (BR) to MN to ask for a cache refresh 15
16 Who are MN, CN? Any IPv6 host may be the correspondent Any IPv6 address can become mobile, even though most never do By looking at the address, CN cannot know whether home address (HoA) belongs to a mobile node Security flaws in Mobile IPv6 may be used to attack any Internet node 16
17 17 How the MIPv6 security protocol was developed: threats and protection mechanisms
18 Attack 1: false binding updates A B False BU source = C destination = B This is A I'm at C Attacker C A, B and C can be any IPv6 nodes (i.e. addresses) on the Internet 18
19 Connection hijacking A False BU source = C destination = B This is A I'm at C B source = C destination = B From A Attacker C Attacker could highjack old connections or open new A, B and C can be any Internet nodes 19
20 Man-in-the-middle attack A False BU This is B I'm at C False BU This is A I'm at C B Attacker C 20
21 If no security measures added Attacker anywhere on the Internet can hijack connection between any two Internet nodes, or spoof such a connection Attacker must know the IPv6 addresses of the target nodes, though 21
22 BU authentication MN and HA trust each other and can have a secure tunnel between them. Authenticating BUs to CN is the problem The obvious solution is strong cryptographic authentication of BUs Problem: there is no global system for authenticating any Internet node 22
23 Authentication without infrastructure? How authenticate messages between any two IPv6 nodes, without introducing new security infrastructure? Set requirements to the right level: Internet with Mobile IPv6 deployed must be as secure as before it no general-purpose strong authentication needed Some IP-layer infrastructure is available: IPv6 addresses Routing infrastructure Surprisingly, both can be used for BU authentication: Cryptographically generated addresses (CGA) Routing-based weak authentication, called return routability 23
24 BU Authentication v.1 HA at HoA 2. K 1. BU CN accept BU 3. BU, MAC K (BU) MN at CoA CN send a key in plaintext to HoA 24
25 Is that good enough? Weak, routing-based authentication, but it meets the stated requirement Attacker has to be on the path between CN and HA to break the authentication and hijack connections This is true even if the MN never leaves home, so mobility does not make the Internet less secure Not possible for any Internet node to hijack any connection significantly reduced risk K is not a general-purpose session key! Only for authenticating BUs from MN to CN Anything else? The routing-based authentication, CGA, and other protocols discourage lying about who you are Still possible to lie about where you are! 25
26 Attack 2: bombing attack A Attacker False BU source = C destination = B This is A I'm at C Video stream bbc.co.uk Unwanted video stream B Target C Attacker can flood the target by redirecting data streams 26
27 Bombing attack - ACKs A Attacker A False acknowledgments False BU source = C destination = B This is A ACK bbc.com B Target C Unwanted video stream Attacker participated in the transport-layer handshake can spoof TCP ACKs or similar acknowledgements Attacker only needs to spoof one ACK per sender window to keep the stream going Target will not even send a TCP Reset! 27
28 BU Authentication v.2 HA at HoA 2a. K0 1. BU 2b. K1 CN accept BU MN at CoA 3. BU, MAC K (BU) K=h(K0,K1) CN sends a message to CoA to ask whether someone there wants the packets Common misconception: the purpose is not to send K0 and K1 along two independent paths! 28
29 Is that good enough? Not possible to lie about identity or location; all information in BUs is true Almost ready, but we still need to consider standard denial of service attacks against the BU protocol 29
30 Attack 3: Exhausting state storage lost Attacker 2a. K0 1. BU source = D destination = B This is E I'm at D C lost B 2b. K1 Correspondent will generate and store K0, K1 Attacker can flood CN with false BUs CN has to remember thousands of K0s and K1s 30
31 HA at HoA BU authentication v.3 2a. K0 = h (N, HoA) 1. BU N periodically changing random secret CN accept BU 2b. K1 = h (N, CoA) 3. BU, MAC K (BU) K=h(K0,K1) MN at CoA We can make the correspondent stateless 31
32 Attack 4: reflection and amplification HA at HoA 2a. K0 2b. K1 B 1. MN at CoA Two DDoS packets become one minor issue IP trace-back cannot find the attacker DDoS Attacker 32
33 BU Authentication v.4 HA at HoA 2a. K0 1a. BU 1b. BU 2b. K1 CN accept BU 3. BU, MAC K (BU) K=h(K0,K1) MN at CoA Balanced message flows prevent amplification 33
34 The Mobile IPv6 Standard (RFC 6275) HA at HoA 2a. HoT 1a. HoTI CN 1b. CoTI 2b. CoT 3. BU MN at CoA 4. BA Return routability (RR) test for HoA and CoA 34
35 Attack 5: Unnecessary BUs HA at HoA Spoofed packet source = B destination = HoA Attacker CN Unnecessary BU (authentication not shown) MN at CoA Tunneled packets trigger BUs spoofed packets to home address trigger true but unnecessary BUs DoS Attack against MN or a correspondent Defense: limit the amount of resources used for BU authentication; revert to non-optimized routing 35
36 36 Bombing attacks in general General problem with mobility, multihoming, failover etc.
37 Packet-bombing attack Junk & Stream Services Ltd Target Rd Alice Does authentication help? Please send me stuff. Alice Evil St Bob 37
38 Packet-bombing attack Junk & Stream Services Ltd Target Rd Please send me stuff at Target Rd. Bob Alice Authentication does not always help! Evil St Bob 38
39 Ask Permission to Send (1) Junk & Stream Services Ltd Target Rd Do you want this? Please send me stuff at Target Rd. Bob Alice What s that? I m not answering Evil St Bob 39
40 Packet-bombing with mobility Junk & Stream Services Ltd Please send me stuff at Evil St. Bob Target Rd Alice I have moved to Target Rd. Bob Thank you! Send more. Bob Do you want this? Yes! Evil St Bob 40
41 Protocol layering issues Mobility is usually implemented in a lower protocol layer than data transport (e.g., IP vs. TCP). Mobility is transparent to the data-sending layer Sender does not know about changes of the peer address Solutions typically lead to layer violations i.e. require network and transport layer to know about each other s state 41
42 Address ownership and squating General problem with addresses and identifiers
43 Address squatting 1 LAN Rd Welcome to LAN Town I need to find a free address to stay at 2 LAN Rd 3 LAN Rd 4 LAN Rd 43
44 Address squatting 1 LAN Rd 2 LAN Rd Welcome to LAN Town Can I stay at LAN Rd? Sorry, Sorry, I m I m already already living living at at Sorry, 1 LAN 2 Sorry, I m Rd LAN Rd I m already already living living at at 4 LAN 3 Rd LAN Rd 3 LAN Rd 4 LAN Rd 44
45 Address squatting 1 LAN Rd Welcome to LAN Town There is no place for me here 2 LAN Rd 3 LAN Rd 4 LAN Rd 45
46 Addresses and identifier allocation Methods for allocating IP addresses and other unique identifiers: Static allocation IP addresses, MAC addresses Stateful configuration by a server DHCP Autoconfiguration IPv6 addresses Autoconfiguration requires least infrastructure and administration, is most scalable, and is suitable for ad-hoc and mobile-access networks Autoconfiguration is also most vulnerable to attacks like address squatting 46
47 IPv6 addresses 47
48 IPv6 address 64-bit Subnet Prefix FEDC:9773:D983: bit Interface Id F56C:74C4:9212:02BA Nodes attached to the same gateway router have the same subnet prefix but different interface ids Subnet prefix is used for routing 62 bits of the interface id can be chosen in random (2 bits have a special meaning) 48
49 Stateless autoconfiguration MAC Address (EUI-48) Company Id 48 bits Extension Id 64 bits EUI-64 Company Id FFFE Extension Id Link-local IPv6 Address 64 bits ug=10 62 bits FE80:: Interface Id Global IPv6 Address 64 bits ug=10 Subnet Prefix Interface Id 49
50 Address privacy extensions (RFC 4941) 62 pseudo-random bits Global IPv6 Address 64 bits Subnet Prefix ug=00 Interface Id The interface identifier is randomized to enhance user privacy: servers on the internet cannot recognize the client machine by its IPv6 address 50
51 Configuring IPv6 addresses Host s addresses [RFC 4291]: Zero or more global addresses: subnet prefix interface identifier At least one link-local address for each interface: FE80::0 interface identifier Router has one link-local address for each interface Stateless address autoconfiguration [RCF 4862]: Host creates a link-local address and performs duplicate address detection (DAD) Host performs router discovery to obtain router addresses and subnet prefixes; it chooses which one(s) to use Host creates a global address for each prefix and performs DAD (some implementations don t) Neighbor discovery [RFC 4861] maps IP addresses to MAC addresses 51
52 Uniqueness of addresses EUI-64 addresses are supposed to be unique because MAC addresses are Address collision is an unrecoverable error. Give up and report failure IPv6 address privacy extensions have random interface identifiers, which may sometimes collide Try different random values and perform DAD. After a few collisions, give up and report error (How likely is a collision?) DHCPv6 can be used to assign addresses instead of stateless autoconfiguration In all cases, duplicate address detection is mandatory 52
53 Neighbor discovery Soliciting node Multicast NS to the link: "Who has the address 3ff0::5d28:1e51:b429:bc1f?" Unicast NA to the source: "00:30:65:19:67:28 has 3ff0::5d28:1e51:b429:bc1f." Solicited node Multicast neighbor solicitation (NS), unicast neighbor advertisement (NA) Also unsolicited multicast NA 53
54 Duplicate address detection (DAD) During address autoconfiguration, DAD is required for each unicast address to detect accidental address collisions and administrative errors New node 1. Pick an address: 3ff0::5d28:1e51:b429:bc1f 2. Multicast a neighbor solicitation to the link: "Is anyone using 3ff0:: 5d28:1e51:b429:bc1f?" No answer address ok 54
55 DAD address squatting New Node Is anyone using 3ff0::5d28:1e51:b429:bc1f? I am Attacker Attacker responds to every neighbor solicitation (NS) from the new node with a neighbor advertisement (NA) New node cannot find a free address 55
56 Cryptographically generated addresses (CGA)
57 Address ownership Needed: a mechanism for proving address ownership Potential uses: Preventing DAD address squatting Preventing spoofing of neighbor advertisements in neighbor discovery Authenticating Mobile IPv6 binding updates Authenticating ICMPv6 error messages Exchanging keys for opportunistic IPSec 57
58 Cryptographically generated address (CGA) The interface identifier contains the address owner's public signature key can sign messages sent from the address CAM proposal for Mobile IPv6 [O Shea & Roe 2000] Hash = SHA-1 (Address Owner's Public Key) 64 bits Subnet Prefix ug=00 62 hash bits Interface Id 58
59 Proof of address ownership Node sends the public key and a signed message from the CGA address Receiver Recomputes the hash of the public key Compares the hash with the with the interface id of the source address Verifies the signature using the public key Receiver knows that the message was sent by the owner of the source address CGA-signing can prevent spoofing of IP-layer signaling messages such as neighbor advertisements 59
60 Countering dictionary attacks Attacker could create a database of all (or most) interface identifiers and corresponding public keys Solution: include the subnet prefix as salt in the hash input However, link-local addresses still vulnerable and every IPv6 node needs one 60
61 Hash extension The hash in CGA is at most 62 hash bits vulnerable to brute-force attacks in the foreseeable future Moore s law (one variation): CPU speed doubles every 18 months one bit of hash strength lost in about 30 years, CGA might be useless Already too weak for strong authentication but still ok for DoS protection Solution: Increase artificially the cost of a brute-force attack Cost of creating a CGA will increase by the same factor Allow CGA creator to decide how much extra strength is needed Cost of using CGA (signing and verifying) will stay constant 61
62 Standard CGA address format [RFC 3972] Hash1 = SHA-1 (Public Key, Modifier, Subnet Prefix, Collision Count) 64 bits Subnet Prefix Security Parameter (Sec) 3 bits 59 hash bits Interface Id ug=00 Hash2 = SHA-1 (Public Key, Modifier, 0, 0) = xxx xxx 2 Modifier must be chosen so that Hash2 begins with 16*Sec zero bits. 62
63 Bidding down problem Cannot require all Internet nodes to have CGA addresses. Which addresses are CGA and which are not? Cannot trust the address owner to tell. Attacker can claim that it is not using CGA even when it is Solutions: Our proposal, not accepted in IETF: use an unused combination of g and u bits (g=1 and u=1) in the interface id as a type tag for CGAs Current solution: Prioritize CGAs. CGA-signed data will overwrite unsigned data (e.g. in the neighbor cache) but not the other way 63
64 CGA limitations DNS names must be mapped to IP addresses CGA-based authentication prevents spoofing of source IP addresses; it does not prevent DNS spoofing Authenticates the interface identifiers only, not the subnet prefix (=location in the network topology) CGA-based authentication prevents spoofing of someone else s IP address. An attacker can generate a new address with any subnet prefix. CGA does not prove that the node or address exists Attacks against link layer may be just as bad 64
65 CGA advantages Authentication of an IP address without a PKI or other security infrastructure With Secure DNS, gives strong host authentication Without Secure DNS, prevents many DoS attacks Particularly suitable for authenticating IP-layer signaling 65
66 Secure neighbor discovery 66
67 SEND Secure neighbor discovery (SEND) [RFC 3971] CGA-based signatures on neighbor advertisements Prevents NA spoofing Prevents address squatting in DAD Zero-configuration security! Certificate-based authorization of routers Certificate authorizes router for a an address prefix Extension to X.509 to certify IPv6 address allocation [RFC 3779] Requires hosts to know the root key; currently no global CA hierarchy Freshness: Timestamp in unsolicited advertisement and redirect Nonce in NS and RS, copied to NA and RA
68 Remaining threats
69 Remaining threats MAC address ownership? Lower-layer attacks ND/RD tunneling attack DoS against the PK protocols 69
70 Link layer: Lower-layer attacks Local network can be flooded for DoS MAC address spoofing Attacker can teach learning Ethernet switches to redirect any node s packets to itself by broadcasting a frame with a spoofed MAC address Physical layer: Radio jamming Jamming trailer of selected packets Link-layer security is getting increasing attention we are forcing the attacker down the stack 70
71 ND/RD tunneling (wormhole) attack A mobile node does not know which link it is (or should be) on! Attacker can tunnel ND and RD packets between two local networks Node will believe it is on a the remote links Cryptographic authentication and authorization does not help Tunneling can be done by physical copying of electric or radio signals Distance bounding based on speed-of-light distance measurement Implementation must be at hardware layer 71
72 Local link security why bother? Large networks, public access networks and shared access points always have untrusted nodes on local link The DoS attacker (e.g. worm) will be on the local link; we must limit damage Force attackers to down the stack to radio jamming and indiscriminate jamming instead of targeted attacks Protect against accidental misconfiguration Wireless networks are mission-critical 72
73 Exercises Based on the historical flaws in Mobile IPv6, are there any potential security problems in dynamic DNS? Does Secure DNS solve these problems? Could a SIP INVITE specify a false destination for a data stream? How could this be prevented? Design a more efficient binding-update protocol for Mobile IPv6 assuming a global PKI is available How could the return-routability test for the care-of address (CoA RR) be optimized if the mobile is opening a TCP connection? What are the advantages and disadvantages? What problems arise if the mobile node can automatically pick a home agent in any network that has one? 73
74 Exercises Why cannot CGA-based authentication prevent all IP sourceaddress spoofing? Can CGA-based authentication prevent IP source-address spoofing in DDoS attacks? Why? What would be the advantages and limitations of using CGAbased authentication with IPSec? Design cryptographically generated MAC addresses for Ethernet. How would they be used? How to use CGA-based authentication with IPSec? What are the benefits and limitations? 74
More about identity and authentication. Tuomas Aura T Network security Aalto University, autumn 2015
More about identity and authentication Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Authentication issues beyond protocols What is hard about authentication in a network? Authentication
More informationT Computer Networks II. Mobility Issues Contents. Mobility. Mobility. Classifying Mobility Protocols. Routing vs.
T-0.50 Computer Networks II Mobility Issues 6.0.008 Overview Mobile IP NEMO Transport layer solutions i SIP mobility Contents Prof. Sasu Tarkoma Mobility What happens when network endpoints start to move?
More informationIPv6 CGAs: Balancing between Security, Privacy and Usability
IPv6 CGAs: Balancing between Security, Privacy and Usability Ahmad Alsadeh Birzeit university 1 Outline IPv6 Configuration IPv6 StateLess Address Auto-Configuration Extended Unique ID (EUI-64) Privacy
More informationMobile IPv6. Raj Jain. Washington University in St. Louis
Mobile IPv6 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 13-1 Overview! IPv6:
More informationMobile IPv6. Washington University in St. Louis
Mobile IPv6 Raj Jain Professor of Computer Science and Engineering Washington University in Saint Louis Saint Louis, MO 63130 Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse574-08/
More informationgenerated, it must be associated with a new nonce index, e.g., j. CN keeps both the current value of N j and a small set of previous nonce values, N j
Authenticated Binding Update in Mobile IPv6 Networks Qiu Ying Institute for Infocomm Research Singapore qiuying@i2r.a-star.edu.sg Bao Feng Institute for Infocomm Research Singapore baofeng@i2r.a-star.edu.sg
More informationSJTU 2018 Fall Computer Networking. Wireless Communication
SJTU 2018 Fall Computer Networking 1 Wireless Communication Internet Protocol Stack 2 Application: supporting network applications - FTP, SMTP, HTTP Transport: data transfer between processes - TCP, UDP
More informationSecure Neighbor Discovery. By- Pradeep Yalamanchili Parag Walimbe
Secure Neighbor Discovery By- Pradeep Yalamanchili Parag Walimbe Overview Neighbor Discovery Protocol (NDP) Main Functions of NDP Secure Neighbor Discovery (SEND) Overview Types of attacks. NDP Nodes on
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationSecurity Issues In Mobile IP
Security Issues In Mobile IP Zhang Chao Tsinghua University Electronic Engineering 1 OUTLINE 1.Introduction 2.Typical threats 3. Mobile IPv6 and new threats 4.Open issues 2 OUTLINE 1.Introduction 2.Typical
More informationA new protocol for location management in Mobile IPv6
A new protocol for location management in Mobile IPv6 Christian Veigner 1 and Chunming Rong Stavanger University College Box 8002, 4068 Stavanger, Norway christian.veigner@his.no, chunming.rong@his.no
More informationMobile IP. Mobile IP 1
Mobile IP Mobile IP 1 Motivation for Mobile IP Routing based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet change of physical subnet implies change of IP address
More informationIPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011
IPv6 Associated Protocols Athanassios Liakopoulos (aliako@grnet.gr) 6DEPLOY IPv6 Training, Skopje, June 2011 Copy... Rights This slide set is the ownership of the 6DEPLOY project via its partners The Powerpoint
More informationInternet Engineering Task Force (IETF) Ericsson July 2011
Internet Engineering Task Force (IETF) Request for Comments: 6275 Obsoletes: 3775 Category: Standards Track ISSN: 2070-1721 C. Perkins, Ed. Tellabs, Inc. D. Johnson Rice University J. Arkko Ericsson July
More informationTable of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1
Table of Contents 1 IPv6 Configuration 1-1 IPv6 Overview 1-1 IPv6 Features 1-1 Introduction to IPv6 Address 1-2 Introduction to IPv6 Neighbor Discovery Protocol 1-5 Introduction to ND Snooping 1-7 Introduction
More informationNetwork Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004
Network Working Group Request for Comments: 3776 Category: Standards Track J. Arkko Ericsson V. Devarapalli Nokia Research Center F. Dupont GET/ENST Bretagne June 2004 Using IPsec to Protect Mobile IPv6
More informationOverview of the MIPv6 Implementation
Overview of the MIPv6 Implementation Tunneling Tunneling support was added as it is necessary for MIPv6. Interfaces have interfaceids that uniquely identify them. Similarly, every tunnel has a virtual
More informationManaging and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer
Managing and Securing Computer Networks Guy Leduc Chapter 7: Securing LANs Computer Networking: A Top Down Approach, 7 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2016. (section 8.8) Also
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationMobile IPv6 Overview
Sungkyunkwan University Prepared by H. Choo Copyright 2000-2018 Networking Laboratory Lecture Outline Network Layer Mobile IPv6 Proxy Mobile IPv6 Networking Laboratory 2/87 Sungkyunkwan University Network
More informationMore about identity and authentication. Tuomas Aura CS-E4300 Network security Aalto University, autumn 2016
More about identity and authentication Tuomas Aura CS-E4300 Network security Aalto University, autumn 2016 Authentication issues beyond protocols What is hard about authentication in a network? Authentication
More informationIPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land
IPv6 1 IPv4 & IPv6 Header Comparison IPv4 Header IPv6 Header Ver IHL Type of Service Total Length Ver Traffic Class Flow Label Identification Flags Fragment Offset Payload Length Next Header Hop Limit
More informationIPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC
IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC Lin Tao lintao850711@sina.com Liu Wu liuwu@cernet.edu.cn Duan Haixin dhx@cernet.edu.cn Sun Donghong sdh@cernet.edu.cn Abstract IPv6 is widely
More informationSECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK
1 SECURE ROUTER DISCOVERY MECHANISM TO OVERCOME MAN-IN THE MIDDLE ATTACK IN IPV6 NETWORK Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre, Universiti Sains Malaysia March 2018 Copyright
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationSecurity Considerations for IPv6 Networks. Yannis Nikolopoulos
Security Considerations for IPv6 Networks Yannis Nikolopoulos yanodd@otenet.gr Ημερίδα Ενημέρωσης Χρηστών για την Τεχνολογία IPv6 - Αθήνα, 25 Μαίου 2011 Agenda Introduction Major Features in IPv6 IPv6
More informationMohammad Hossein Manshaei 1393
Mohammad Hossein Manshaei manshaei@gmail.com 1393 Mobile IP 2 Mobile Network Layer: Problems and Concerns Entities and Terminology in Mobile IP Mobile Indirect Routing Mobile IP Agent Advertisement Registration
More informationTechological Advantages of Mobile IPv6
Techological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 / HFl Outline
More informationA New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks
A New Authentication Scheme of Binding Update Protocol on Handover in Mobile IPv6 Networks Jung Doo Koo 1, Jungsook Koo 2, Dong Chun Lee 3 1 Dept. of Computer Science and Eng., Hanyang Univ., Korea jdkoo@cse.hanyang.ac.kr
More informationIPv6 Security Fundamentals
IPv6 Security Fundamentals UK IPv6 Council January 2018 Dr David Holder CEng FIET MIEEE david.holder@erion.co.uk IPv6 Security Fundamentals Common Misconceptions about IPv6 Security IPv6 Threats and Vulnerabilities
More informationForeword xxiii Preface xxvii IPv6 Rationale and Features
Contents Foreword Preface xxiii xxvii 1 IPv6 Rationale and Features 1 1.1 Internet Growth 1 1.1.1 IPv4 Addressing 1 1.1.2 IPv4 Address Space Utilization 3 1.1.3 Network Address Translation 5 1.1.4 HTTP
More informationInsights on IPv6 Security
Insights on IPv6 Security Bilal Al Sabbagh, MSc, CISSP, CISA, CCSP Senior Information & Network Security Consultant NXme FZ-LLC Information Security Researcher, PhD Candidate Stockholm University bilal@nxme.net
More informationSlide 1. Slide 2. Slide 3. Technological Advantages of Mobile IPv6. Outline of Presentation. Earth with 2 Billion Mobile devices
Slide 1 Technological Advantages of Mobile IPv6 Nokia Research Center Mountain View, CA USA Charles E. Perkins http://people.nokia.net/charliep charliep@iprg.nokia.com 1 NOKIA NERD2000.PPT/ 11/20/00 /
More informationIPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
More informationPMIPv6 PROXY MOBILE IPV6 OVERVIEW OF PMIPV6, A PROXY-BASED MOBILITY PROTOCOL FOR IPV6 HOSTS. Proxy Mobile IPv6. Peter R. Egli INDIGOO.COM. indigoo.
PMIPv6 PMIPv6 Proxy Mobile IPv6 PROXY MOBILE IPV6 OVERVIEW OF PMIPV6, A PROXY-BASED MOBILITY PROTOCOL FOR IPV6 HOSTS Peter R. Egli INDIGOO.COM 1/25 Contents 1. Why PMIPv6 when we have MIP? 2. PMIPv6 terminology
More informationIPv6: An Introduction
Outline IPv6: An Introduction Dheeraj Sanghi Department of Computer Science and Engineering Indian Institute of Technology Kanpur dheeraj@iitk.ac.in http://www.cse.iitk.ac.in/users/dheeraj Problems with
More informationIPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local
1 v4 & v6 Header Comparison v6 Ver Time to Live v4 Header IHL Type of Service Identification Protocol Flags Source Address Destination Address Total Length Fragment Offset Header Checksum Ver Traffic Class
More informationCommunications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage
CSE 123b CSE 123b Communications Software Spring 2003 Lecture 10: Mobile Networking Stefan Savage Quick announcement My office hours tomorrow are moved to 12pm May 6, 2003 CSE 123b -- Lecture 10 Mobile
More informationQuick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003
CSE 123b Communications Software Quick announcement My office hours tomorrow are moved to 12pm Spring 2003 Lecture 10: Mobile Networking Stefan Savage May 6, 2003 CSE 123b -- Lecture 10 Mobile IP 2 Last
More informationIPv6 migration challenges and Security
IPv6 migration challenges and Security ITU Regional Workshop for the CIS countries Recommendations on transition from IPv4 to IPv6 in the CIS region, 16-18 April 2014 Tashkent, Republic of Uzbekistan Desire.karyabwite@itu.int
More informationRecent advances in IPv6 insecurities reloaded Marc van Hauser Heuse GOVCERT NL Marc Heuse
Recent advances in IPv6 insecurities reloaded Marc van Hauser Heuse GOVCERT NL 2011 2011 Marc Heuse Hello, my name is Basics Philosophy Vulnerabilities Vendor Responses & Failures Recommendations
More informationLECTURE 8. Mobile IP
1 LECTURE 8 Mobile IP What is Mobile IP? The Internet protocol as it exists does not support mobility Mobile IP tries to address this issue by creating an anchor for a mobile host that takes care of packet
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011
Network Security: Broadcast and Multicast Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Broadcast and Multicast Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter4inHuitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit hexadecimal integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationCharles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo
IETF Mobile IP Working Group INTERNET-DRAFT David B. Johnson Rice University Charles Perkins Nokia Research Center 2 July 2000 Mobility Support in IPv6 Status of This
More informationInsights on IPv6 Security
Insights on IPv6 Security Bilal Al Sabbagh, MSc, CISSP, CCSP Senior Information & Network Security Consultant - NXme Information Security Researcher Stockholm University 10/9/10 NXme FZ-LLC 1 NIXU Middle
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationMobile Communications Mobility Support in Network Layer
Motivation Mobility support needed to be able to use mobile devices in the Mobile devices need IP address for their communication Applications would like to communicate while being on the move Mobile Communications
More informationThe Netwok Layer IPv4 and IPv6 Part 2
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE The Netwok Layer IPv4 and IPv6 Part 2 Jean Yves Le Boudec 2014 1 Contents 6. ARP 7. Host configuration 8. IP packet format Textbook Chapter 5: The Network Layer
More informationCSE 123A Computer Netwrking
CSE 123A Computer Netwrking Winter 2005 Mobile Networking Alex Snoeren presenting in lieu of Stefan Savage Today s s issues What are implications of hosts that move? Remember routing? It doesn t work anymore
More informationMobility in IPv6 Standards and Upcoming Trends. Thomas C. Schmidt HAW Hamburg & link-lab
Mobility in IPv6 Standards and Upcoming Trends Thomas C. Schmidt t.schmidt@ieee.org HAW Hamburg & link-lab Agenda Motivation Mobility Paradigm & Target Applications Key Issues & Approaches Limits of MIPv4
More informationConfiguring IPv6 First-Hop Security
This chapter describes the IPv6 First-Hop Security features. This chapter includes the following sections: Finding Feature Information, on page 1 Introduction to First-Hop Security, on page 1 RA Guard,
More informationMobile Communications Chapter 9: Network Protocols/Mobile IP
Mobile Communications Chapter 9: Network Protocols/Mobile IP Motivation Data transfer Encapsulation Security IPv6 Problems DHCP Ad-hoc s Routing protocols 9.0.1 Motivation for Mobile IP Routing based on
More informationTransitioning to IPv6
Transitioning to IPv6 麟瑞科技區域銷售事業處副處長張晃崚 CCIE #13673 2007 Cisco Systems, Inc. All rights reserved. ICND2 v1.0 7-1 IPv4 and IPv6 Currently, there are approximately 1.3 billion usable IPv4 addresses available.
More informationTD#RNG#2# B.Stévant#
TD#RNG#2# B.Stévant# En1tête#des#protocoles#IP# IPv4 Header IPv6 Extensions ICMPv6 s & 0...7...15...23...31 Ver. IHL Di Serv Packet Length Identifier flag O set TTL Checksum Source Address Destination
More informationSetup. Grab a vncviewer like: Or https://www.realvnc.com/download/viewer/
IPv6 Matt Clemons Topology 2 Setup Grab a vncviewer like: http://uvnc.com/download/1082/1082viewer.html Or https://www.realvnc.com/download/viewer/ Connect where I tell you and enter the password to see
More informationRequest for Comments: Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009
Network Working Group Request for Comments: 5648 Category: Standards Track R. Wakikawa, Ed. Toyota ITC V. Devarapalli Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009 Multiple
More informationAdvanced Computer Networks. IP Mobility
Advanced Computer Networks 263 3501 00 IP Mobility Patrick Stuedi Spring Semester 2014 1 Oriana Riva, Department of Computer Science ETH Zürich Tuesday 1 April 2014 Outline Last week: Today: Cellular Networks
More informationODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight
ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight Sridhar Gaddam (sgaddam@redhat.com) Dayavanti Gopal Kamath (dayavanti.gopal.kamat@ericsson.com) Agenda IPv6 Intro. IPv6 Neighbor Discovery. IPv6
More informationConfiguring IPv6 basics
Contents Configuring IPv6 basics 1 IPv6 overview 1 IPv6 features 1 IPv6 addresses 2 IPv6 neighbor discovery protocol 5 IPv6 PMTU discovery 8 IPv6 transition technologies 8 Protocols and standards 9 IPv6
More informationThe Study on Security Vulnerabilities in IPv6 Autoconfiguration
The Study on Security Vulnerabilities in IPv6 Autoconfiguration Myung-Eun Kim*, Dong-il Seo** * Department of Network Security, ETRI, Daejeon, Korea (Tel : +82-42-860-5303; E-mail: mekim@etri.re.kr) **Department
More informationNETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt
Draft summary Reviewers' comments Mailing-list discussion NETLMM Security Threats on the MN-AR Interface draft-kempf-netlmm-threats-00.txt New Terminology 1 MN authentication: Initial authentication of
More informationRemember Extension Headers?
IPv6 Security 1 Remember Extension Headers? IPv6 allows an optional Extension Header in between the IPv6 header and upper layer header Allows adding new features to IPv6 protocol without major re-engineering
More informationIPv6 Feature Facts
12.1.2 IPv6 Feature Facts The current IP addressing standard, version 4, will eventually run out of unique addresses, so a new system is being developed. It is named IP version 6 or IPv6. You should know
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationIPv6 Client IP Address Learning
Prerequisites for IPv6 Client Address Learning, on page 1 Information About IPv6 Client Address Learning, on page 1 Configuring IPv6 Unicast, on page 6 Configuring RA Guard Policy, on page 7 Applying RA
More informationPlanning for Information Network
Planning for Information Network Lecture 7: Introduction to IPv6 Assistant Teacher Samraa Adnan Al-Asadi 1 IPv6 Features The ability to scale networks for future demands requires a limitless supply of
More informationIPv6 Neighbor Discovery
The IPv6 neighbor discovery process uses Internet Control Message Protocol (ICMP) messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local
More informationCSE 4215/5431: Mobile Communications Winter Suprakash Datta
CSE 4215/5431: Mobile Communications Winter 2013 Suprakash Datta datta@cse.yorku.ca Office: CSEB 3043 Phone: 416-736-2100 ext 77875 Course page: http://www.cse.yorku.ca/course/4215 Some slides are adapted
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Stefan Savage Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to
More informationQuick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004
CSE 123b Communications Software Spring 2004 Lecture 9: Mobile Networking Quick announcements Typo in problem #1 of HW #2 (fixed as of 1pm yesterday) Please consider chapter 4.3-4.3.3 to be part of the
More informationIPv6 Neighbor Discovery
About, page 1 Prerequisites for, page 2 Guidelines for, page 2 Defaults for, page 4 Configure, page 5 View and Clear Dynamically Discovered Neighbors, page 10 History for, page 11 About The IPv6 neighbor
More informationNetwork Security: IPsec. Tuomas Aura T Network security Aalto University, Nov-Dec 2014
Network Security: IPsec Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 2 IPsec: Architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationMobile IP and its trends for changing from IPv4 to IPv6
Mobile IP and its trends for changing from IPv4 to IPv6 Nguyen Ngoc Chan*, Tran Cong Hung Ph.D. (Posts & Telecommunications Institute of Technology, Viet Nam) E-mail: ngoc_chan@ptithcm.edu.vn, conghung@ptithcm.edu.vn
More informationMobile Internet Protocol v6 MIPv6
Mobile Internet Protocol v6 MIPv6 A brief introduction Holger.Zuleger@hznet.de 13-dec-2005 Holger Zuleger 1/15 > c Defined by MIPv6 RFC3775: Mobility Support in IPv6 (June 2004) RFC3776: Using IPsec to
More informationRadware ADC. IPV6 RFCs and Compliance
Radware ADC IPV6 s and Compliance Knowledgebase Team February 2016 Scope: This document lists most of the s that relevant to IPv6. Legend: Yes supported N/A not applicable No Currently not supported Relevance:
More informationMobile & Wireless Networking. Lecture 9: Mobile IP. [Schiller, Section 8.1]
192620010 Mobile & Wireless Networking Lecture 9: Mobile IP [Schiller, Section 8.1] Geert Heijenk Outline of Lecture 11 q Mobile IP Basics q 3 parts of Mobile IP: q Advertising Care-of Addresses q Registration
More informationIntroduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology
2005 / High Speed Networks II Outline Introduction Mobility Support Overview of IPv6 Mobility Support Handover Management Mobility Support What means Mobility Support? allow transparent routing of IPv6
More informationUne attaque par rejeu sur le protocole SEND
Une attaque par rejeu sur le protocole SEND Tony Cheneau mail: tony.cheneau@it-sudparis.eu (Télécom SudParis) & Jean-Michel Combes mail: jeanmichel.combes@orange-ftgroup.com (FT R&D) October 17, 2008 SAR-SSI'2008
More informationRequest for Comments: 3971 Category: Standards Track. DoCoMo Communications Labs USA B. Zill Microsoft P. Nikander. Ericsson.
Network Working Group Request for Comments: 3971 Category: Standards Track J. Arkko, Ed. Ericsson J. Kempf DoCoMo Communications Labs USA B. Zill Microsoft P. Nikander Ericsson March 2005 SEcure Neighbor
More informationMobile Communications Chapter 8: Network Protocols/Mobile IP
Mobile Communications Chapter 8: Network Protocols/Mobile IP Motivation Data transfer, Encapsulation Security, IPv6, Problems Micro mobility support DHCP Ad-hoc networks, Routing protocols Prof. Jó Ueyama
More informationOperation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents
Operation Manual IPv6 Table of Contents Table of Contents Chapter 1 IPv6 Basics Configuration... 1-1 1.1 IPv6 Overview... 1-1 1.1.1 IPv6 Features... 1-2 1.1.2 Introduction to IPv6 Address... 1-3 1.1.3
More informationRequest for Comments: T. Aura Microsoft Research G. Montenegro Microsoft Corporation E. Nordmark Sun Microsystems December 2005
Network Working Group Request for Comments: 4225 Category: Informational P. Nikander J. Arkko Ericsson Research NomadicLab T. Aura Microsoft Research G. Montenegro Microsoft Corporation E. Nordmark Sun
More informationMobile IP and Mobile Transport Protocols
Mobile IP and Mobile Transport Protocols 1 IP routing Preliminaries Works on a hop-by-hop basis using a routing table 32 bits: 129.97.92.42 Address = subnet + host (Mobility No packet for you) Two parts»
More informationFixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering
Fixed Internetworking Protocols and Networks IP mobility Rune Hylsberg Jacobsen Aarhus School of Engineering rhj@iha.dk 1 2011 ITIFN Mobile computing Vision Seamless, ubiquitous network access for mobile
More informationMobile IP version 6 (MIPv6) Route Optimization Security Design
IP version 6 (MIPv6) Route Optimization Security Design Pekka Nikander Jari Arkko Ericsson Research NomadicLab Hirsalantie FIN-02420 JORVAS, Finland Tuomas Aura Microsoft Research Cambridge 7 J J Thomson
More informationTrust Management in Mobile IPv6
HELSINKI UNIVERSITY OF TECHNOLOGY Department of Computer Science and Engineering Telecommunications Software and Multimedia Laboratory Trust Management in Mobile IPv6 ZHOU Yuchen This licentiates thesis
More informationT Network Application Frameworks and XML Routing and mobility Tancred Lindholm. Based on slides by Sasu Tarkoma and Pekka Nikander
T-110.5140 Network Application Frameworks and XML Routing and mobility 10.2.2009 Tancred Lindholm Based on slides by Sasu Tarkoma and Pekka Nikander Contents Background IP routing and scalability Mobility
More informationHandover Management for Mobile Nodes in IPv6 Networks
TECHNOLOGY ADVANCES FOR 3G AND BEYOND Handover Management for Mobile Nodes in IPv6 Networks Nicolas Montavont and Thomas Noël LSIIT Louis Pasteur University CNRS, Strasbourg ABSTRACT In this article we
More informationMobile IPv6 performance in networks: handover optimizations on the link and network layer
Mobile IPv6 performance in 802.11 networks: handover optimizations on the link and network layer LaTe project, Networking laboratory, TKK Mikko Hautala mhautala@cc.hut.fi 16.03.2006 Supervisor: Instructor:
More informationMOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS
MOBILITY AGENTS: AVOIDING THE SIGNALING OF ROUTE OPTIMIZATION ON LARGE SERVERS Albert Cabellos-Aparicio and Jordi Domingo-Pascual * Technical University of Catalonia, Department of Computer Architecture
More informationIPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering
IPv6 Security Vendor Point of View Eric Vyncke, evyncke@cisco.com Distinguished Engineer Cisco, CTO/Consulting Engineering 1 ARP Spoofing is now NDP Spoofing: Threats ARP is replaced by Neighbor Discovery
More informationIPv6 Security Course Preview RIPE 76
IPv6 Security Course Preview RIPE 76 Alvaro Vives - Marseille - 14 May 2018 Overview IPv6 Security Myths Basic IPv6 Protocol Security (Extension Headers, Addressing) IPv6 Associated Protocols Security
More informationMobile IPv6 Operations Explored
Mobile IPv6 Operations Explored U.S. IPv6 Summit 2003 December 8-118 2003 Carl Williams NAv6TF Steering Committee and IPv6 Forum Technical Directorate carlw@mcsr-labs.org labs.org IPv6 Mobility/wireless
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationETSF05/ETSF10 Internet Protocols Network Layer Protocols
ETSF05/ETSF10 Internet Protocols Network Layer Protocols 2016 Jens Andersson Agenda Internetworking IPv4/IPv6 Framentation/Reassembly ICMPv4/ICMPv6 IPv4 to IPv6 transition VPN/Ipsec NAT (Network Address
More information