Skip to main content
SpringerLink
Log in

A Survey on IPv6 Security Threats and Defense Mechanisms

  • Conference paper
  • First Online:
Artificial Intelligence and Security (ICAIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13338))

Included in the following conference series:

  • 1828 Accesses

Abstract

Compared with IPv4 network, IPv6 network has some new characteristics, such as larger address space and more simplified message header structure. These new characteristics in IPv6 network may introduce both security enhancement opportunities and new security challenges. At present, there are mainly two threats in IPv6 network during its wide deployment. On one hand, during the transition from IPv4 to IPv6, “dual stack”, “traffic tunneling” and “translation” are three building blocks, all of which may introduce new security threats. On the other hand, IPv6 networking internal caused by new characteristics of IPv6 can also incur vulnerability. In view of these new forms of threats, network managers will generally adopt some defense mechanisms based on the characteristics of IPv6. This paper introduces and classifies the security threats in IPv6 network, then analyzed the defense mechanisms against different security threats in detail. Finally, we present some thoughts and future research directions in the field of IPv6 security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Deering, S., Hinden, R.: Internet protocol, version 6 (ipv6) specification. RFC 1883 (Proposed Standard) (1995)

    Google Scholar 

  2. Aura, T.: Neighbor discovery for IP version 6 (ipv6). RFC2461, Internet Engineering Task Force (1998)

    Google Scholar 

  3. APNIC. Measuring IPv6 (2020). https://labs.apnic.net/?p=1335

  4. Carlos, E., Caicedo, J., Joshi, B.D.: IPv6 security challenges. Computer 42, 36–42 (2009)

    Google Scholar 

  5. Hosnieh, R., Christoph, M.: Privacy and security in ipv6 networks: challenges and possible solutions. In: SIN (2013)

    Google Scholar 

  6. Praptodiyono, S., et al.: Mobile IPv6 vertical handover specifications, threats, and mitigation methods: a survey. Secur. Commun. Netw. 2020, 5429630 (2020)

    Google Scholar 

  7. Praptodiyono, S., et al.: Improving the security of mobile IPV6 signalling using KECCAK/SHA-3. J. Eng. Sci. Technol. 16(3), 2312–2325 (2021)

    Google Scholar 

  8. Ubiedo, L., et al.: Current State of IPv6 Security in IoT. arXiv:2105.02710 (2021)

  9. Liu, R., et al.: Addressless: enhancing IoT server security using IPv6. IEEE Access 8, 90294–90315 (2020)

    Article  Google Scholar 

  10. Li, X.: Fast IPv6 network periphery discovery and security implications. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2021)

    Google Scholar 

  11. Al-Azzawi, A., Lencse, G.: Towards the identification of the possible security issues of the 464xlat ipv6 transition technology. In: 2020 43rd International Conference on Telecommunications and Signal Processing (2020)

    Google Scholar 

  12. Narten, T., Nordmark, E., Simpson, W.: Security features in IPv6. Whitepaper, SANS Institute (2002)

    Google Scholar 

  13. Narten, W.A.S.T., Nordmark, E., Soliman, H.: Neighbor discovery for IP version 6 (IPv6). RFC 4861 (2007)

    Google Scholar 

  14. Tayal, P.: IPV6 SLAAC related security issues and removal of those security issues. Int. J. Eng. Comput. Sci. 3(9), 4 (2014)

    Google Scholar 

  15. Ferdous, A.B., Santosh, B., Sukumar, N.: Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: SIN (2011)

    Google Scholar 

  16. Rehman, S.U., Manickam, S.: Improved mechanism to prevent denial of service attack in IPv6 duplicate address detection process. Int. J. Adv. Comput. Sci. Appl 8(2), 63–70 (2017)

    Google Scholar 

  17. Trabelsi, Z., Shuaib, K.: Man in the middle intrusion detection. In: Globecom, pp. 1–6 (2006)

    Google Scholar 

  18. Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: Proceedings of the 4th International Conference on Security of Information and Networks, SIN, pp. 111–118 (2011)

    Google Scholar 

  19. Wang, K.: A web-based honeypot in IPv6 to enhance security. Information 11(9), 440 (2020)

    Article  Google Scholar 

  20. Audet, F., Jennings, C.: Network address translation (NAT) behavioral requirements for unicast UDP. IETF (2007)

    Google Scholar 

  21. Yang, T., Cai, Z., Zhou, T.: 6Forest: an ensemble learning-based approach to target generation for internet-wide IPv6 scanning. In: Proceedings of INFOCOM (2022)

    Google Scholar 

  22. Hou, B.: 6Hit: a reinforcement learning-based approach to target generation for internet- wide IPv6 scanning. In: IEEE INFOCOM 2021-IEEE Conference on Computer Communications (2021)

    Google Scholar 

  23. Yang, T., Hou, B., Cai, Z., Wu, K., Zhou, T., Wang, C.: 6Graph: a graph-theoretic approach to address pattern mining for Internet-wide IPv6 scanning. Comput. Netw. (2021). https://doi.org/10.1016/j.comnet.2021.108666

    Article  Google Scholar 

  24. Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic host configuration protocol for IPv6 (DHCPv6). IETF (2003)

    Google Scholar 

  25. Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing ARP cache poisoning attacks. In: International Conference on Distributed Computing Systems Workshops, pp. 60–67 (2007)

    Google Scholar 

  26. Arkko, E.J., Kempf, J., Zill, B., Nikander, P.: Secure neighbor discovery (SEND). RFC 3971, Internet Engineering Task Force (2005)

    Google Scholar 

  27. Deering, S., Hinden, R.: Internet Protocol, version 6 (IPv6) specification. IETF (1998)

    Google Scholar 

  28. Kent, S.: IP authentication header. RFC 4302 (2005)

    Google Scholar 

  29. Kent, S.: IP encapsulating security payload (ESP). RFC 4303 (2005)

    Google Scholar 

  30. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet key exchange protocol version 2 (ikev2). RFC5996 (2010)

    Google Scholar 

  31. Arkko, J., Nikander, P.: Limitations of IPSec policy mechanisms. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 241–251. Springer, Heidelberg (2005). https://doi.org/10.1007/11542322_29

    Chapter  Google Scholar 

  32. Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6. IETF (2007)

    Google Scholar 

  33. Aura, T.: Cryptographically generated addresses (CGA). RFC3972 (2005)

    Google Scholar 

  34. Hosnieh, R., Christoph, M.: Privacy and security in IPv6 networks: challenges and possible solutions. In: SIN (2011)

    Google Scholar 

  35. Praptodiyono, S., Hasbullah, I.H., Kadhum, M.M., Wey, C.Y., Murugesan, R.K., Osman, A.: Securing duplicate address detection on IPv6 using distributed trust mechanism. Int. J. Simul. Syst. Sci. Technol. 17(26) (2016)

    Google Scholar 

  36. Andreeva, E., Mennink, B., Preneel, B.: Open problems in hash function security. Des. Codes Crypt. 77(2–3), 611–631 (2015). https://doi.org/10.1007/s10623-015-0096-0

    Article  MathSciNet  MATH  Google Scholar 

  37. Polk, T., Chen, L., Turner, S., Hoffman, P.: Security considerations for the sha-0 and sha-1 message-digest algorithms (2011)

    Google Scholar 

  38. Song, G., Ji, Z.: Novel duplicate address detection with hash function. PLoS ONE 11(3), 151612 (2016)

    Google Scholar 

  39. Rivest, R.: The MD5 message-digest algorithm (1992)

    Google Scholar 

  40. Butler, K., Farley, T.R., Mcdaniel, P., Rexford, J.: A survey of BGP security issues and solutions. Proc. IEEE 98(1), 100–122 (2010)

    Article  Google Scholar 

  41. Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, Y.B.: Proposed dad-match security technique based on Hash Function to secure duplicate address detection in IPv6 Link-local Network. In: ICIT (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer, National University of Defense Technology, Changsha, 410073, China

    Ning Liu, Jing Xia, Zhiping Cai, Tao Yang & Bingnan Hou

  2. Technical Service Center for Vocational Education, National University of Defense Technology, Changsha, 410073, China

    Zhilin Wang

Authors
  1. Ning Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jing Xia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhiping Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tao Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bingnan Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhilin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jing Xia .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Xiaorui Zhang

  3. Jinan University, Guangzhou, China

    Zhihua Xia

  4. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, N., Xia, J., Cai, Z., Yang, T., Hou, B., Wang, Z. (2022). A Survey on IPv6 Security Threats and Defense Mechanisms. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2022. Lecture Notes in Computer Science, vol 13338. Springer, Cham. https://doi.org/10.1007/978-3-031-06794-5_47

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06794-5_47

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06793-8

  • Online ISBN: 978-3-031-06794-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation