Abstract
With the rapid depletion of IPv4 protocol in these recent years, the IETF introduced IPv6 as a solution to address the exhaustion, however, as a new protocol exists, new characteristics have been introduced and new threats have been discovered. Extension Headers are the new characteristics of IPv6 that have an emerging and re-emerging security threats that is needed to be taken into consideration during the full migration to the IPv6 network. This study revealed that up to this moment, the popular vendors are still vulnerable and doesn’t have any default protection to deal with extension headers’ Denial of Service Attack (DoS). Also, this study leads to the development of new security model which creates a new solution to address the emerging threats of IPv6 extension headers’ Denial of Service Attack. Moreover, the results of this study show that our proposed security model is more effective in terms of neutralizing the unwanted traffic causing evasion attack by filtering, rate-limiting and discarding the malformed packets of prohibited extension headers’ payload versus the traditional router protection.
Highlights
The Internet community was threatened by the fundamental resource scarcity issue of IPv4
We found out that even the well-known network devices and firewalls had a major issue [8] in handling internet protocol version 6 (IPv6) security especially in the denial of service attacks using the extension headers’ vulnerabilities
Cisco and Microsoft Windows 8.1 were chosen as a test device and operating system because these two brands are the most popular in their category and are widely used today, on the technical perspective, the modern day router architecture was present in Cisco whereas the router design maintains a strict separation of forwarding and router control plane hardware and software
Summary
The Internet community was threatened by the fundamental resource scarcity issue of IPv4. The internet engineering task force (IETF) defines the specifications of the IPv6 protocol [1] some of the specifications can be ambiguous and incomplete in certain areas or some security implications have not been considered at the time of writing. Unforeseen security issues can occur after the protocol is developed and deployed. These fine nuances between the specifications and practical deployments are explored by hackers and security researchers. The IETF sometimes revises the protocols but in some instances the IETF leaves it up to the deployers of IP systems to correct the specifications’ deficiencies [2]
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Bulletin of Electrical Engineering and Informatics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
