Abstract
Compared with IPv4 network, IPv6 network has some new characteristics, such as larger address space and more simplified message header structure. These new characteristics in IPv6 network may introduce both security enhancement opportunities and new security challenges. At present, there are mainly two threats in IPv6 network during its wide deployment. On one hand, during the transition from IPv4 to IPv6, “dual stack”, “traffic tunneling” and “translation” are three building blocks, all of which may introduce new security threats. On the other hand, IPv6 networking internal caused by new characteristics of IPv6 can also incur vulnerability. In view of these new forms of threats, network managers will generally adopt some defense mechanisms based on the characteristics of IPv6. This paper introduces and classifies the security threats in IPv6 network, then analyzed the defense mechanisms against different security threats in detail. Finally, we present some thoughts and future research directions in the field of IPv6 security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Deering, S., Hinden, R.: Internet protocol, version 6 (ipv6) specification. RFC 1883 (Proposed Standard) (1995)
Aura, T.: Neighbor discovery for IP version 6 (ipv6). RFC2461, Internet Engineering Task Force (1998)
APNIC. Measuring IPv6 (2020). https://labs.apnic.net/?p=1335
Carlos, E., Caicedo, J., Joshi, B.D.: IPv6 security challenges. Computer 42, 36–42 (2009)
Hosnieh, R., Christoph, M.: Privacy and security in ipv6 networks: challenges and possible solutions. In: SIN (2013)
Praptodiyono, S., et al.: Mobile IPv6 vertical handover specifications, threats, and mitigation methods: a survey. Secur. Commun. Netw. 2020, 5429630 (2020)
Praptodiyono, S., et al.: Improving the security of mobile IPV6 signalling using KECCAK/SHA-3. J. Eng. Sci. Technol. 16(3), 2312–2325 (2021)
Ubiedo, L., et al.: Current State of IPv6 Security in IoT. arXiv:2105.02710 (2021)
Liu, R., et al.: Addressless: enhancing IoT server security using IPv6. IEEE Access 8, 90294–90315 (2020)
Li, X.: Fast IPv6 network periphery discovery and security implications. In: 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (2021)
Al-Azzawi, A., Lencse, G.: Towards the identification of the possible security issues of the 464xlat ipv6 transition technology. In: 2020 43rd International Conference on Telecommunications and Signal Processing (2020)
Narten, T., Nordmark, E., Simpson, W.: Security features in IPv6. Whitepaper, SANS Institute (2002)
Narten, W.A.S.T., Nordmark, E., Soliman, H.: Neighbor discovery for IP version 6 (IPv6). RFC 4861 (2007)
Tayal, P.: IPV6 SLAAC related security issues and removal of those security issues. Int. J. Eng. Comput. Sci. 3(9), 4 (2014)
Ferdous, A.B., Santosh, B., Sukumar, N.: Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: SIN (2011)
Rehman, S.U., Manickam, S.: Improved mechanism to prevent denial of service attack in IPv6 duplicate address detection process. Int. J. Adv. Comput. Sci. Appl 8(2), 63–70 (2017)
Trabelsi, Z., Shuaib, K.: Man in the middle intrusion detection. In: Globecom, pp. 1–6 (2006)
Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: Proceedings of the 4th International Conference on Security of Information and Networks, SIN, pp. 111–118 (2011)
Wang, K.: A web-based honeypot in IPv6 to enhance security. Information 11(9), 440 (2020)
Audet, F., Jennings, C.: Network address translation (NAT) behavioral requirements for unicast UDP. IETF (2007)
Yang, T., Cai, Z., Zhou, T.: 6Forest: an ensemble learning-based approach to target generation for internet-wide IPv6 scanning. In: Proceedings of INFOCOM (2022)
Hou, B.: 6Hit: a reinforcement learning-based approach to target generation for internet- wide IPv6 scanning. In: IEEE INFOCOM 2021-IEEE Conference on Computer Communications (2021)
Yang, T., Hou, B., Cai, Z., Wu, K., Zhou, T., Wang, C.: 6Graph: a graph-theoretic approach to address pattern mining for Internet-wide IPv6 scanning. Comput. Netw. (2021). https://doi.org/10.1016/j.comnet.2021.108666
Droms, R., Bound, J., Volz, B., Lemon, T., Perkins, C., Carney, M.: Dynamic host configuration protocol for IPv6 (DHCPv6). IETF (2003)
Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing ARP cache poisoning attacks. In: International Conference on Distributed Computing Systems Workshops, pp. 60–67 (2007)
Arkko, E.J., Kempf, J., Zill, B., Nikander, P.: Secure neighbor discovery (SEND). RFC 3971, Internet Engineering Task Force (2005)
Deering, S., Hinden, R.: Internet Protocol, version 6 (IPv6) specification. IETF (1998)
Kent, S.: IP authentication header. RFC 4302 (2005)
Kent, S.: IP encapsulating security payload (ESP). RFC 4303 (2005)
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet key exchange protocol version 2 (ikev2). RFC5996 (2010)
Arkko, J., Nikander, P.: Limitations of IPSec policy mechanisms. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 241–251. Springer, Heidelberg (2005). https://doi.org/10.1007/11542322_29
Narten, T., Draves, R., Krishnan, S.: Privacy extensions for stateless address autoconfiguration in IPv6. IETF (2007)
Aura, T.: Cryptographically generated addresses (CGA). RFC3972 (2005)
Hosnieh, R., Christoph, M.: Privacy and security in IPv6 networks: challenges and possible solutions. In: SIN (2011)
Praptodiyono, S., Hasbullah, I.H., Kadhum, M.M., Wey, C.Y., Murugesan, R.K., Osman, A.: Securing duplicate address detection on IPv6 using distributed trust mechanism. Int. J. Simul. Syst. Sci. Technol. 17(26) (2016)
Andreeva, E., Mennink, B., Preneel, B.: Open problems in hash function security. Des. Codes Crypt. 77(2–3), 611–631 (2015). https://doi.org/10.1007/s10623-015-0096-0
Polk, T., Chen, L., Turner, S., Hoffman, P.: Security considerations for the sha-0 and sha-1 message-digest algorithms (2011)
Song, G., Ji, Z.: Novel duplicate address detection with hash function. PLoS ONE 11(3), 151612 (2016)
Rivest, R.: The MD5 message-digest algorithm (1992)
Butler, K., Farley, T.R., Mcdaniel, P., Rexford, J.: A survey of BGP security issues and solutions. Proc. IEEE 98(1), 100–122 (2010)
Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, Y.B.: Proposed dad-match security technique based on Hash Function to secure duplicate address detection in IPv6 Link-local Network. In: ICIT (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, N., Xia, J., Cai, Z., Yang, T., Hou, B., Wang, Z. (2022). A Survey on IPv6 Security Threats and Defense Mechanisms. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2022. Lecture Notes in Computer Science, vol 13338. Springer, Cham. https://doi.org/10.1007/978-3-031-06794-5_47
Download citation
DOI: https://doi.org/10.1007/978-3-031-06794-5_47
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06793-8
Online ISBN: 978-3-031-06794-5
eBook Packages: Computer ScienceComputer Science (R0)