Enhanced encapsulated security payload a new mechanism to secure internet protocol version 6 over internet protocol version 4

Rosilah Hassan, Amjed Sid Ahmed, Nor Effendy Othman, Samer Sami

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec's protocol Encapsulated Security Payload (ESP). ESP's padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.

Original languageEnglish
Pages (from-to)1344-1354
Number of pages11
JournalJournal of Computer Science
Volume10
Issue number8
DOIs
Publication statusPublished - 2014

Fingerprint

Internet protocols
Tunnels
Internet
Engineers

Keywords

  • ESP
  • IPsec
  • IPv6

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Artificial Intelligence

Cite this

Enhanced encapsulated security payload a new mechanism to secure internet protocol version 6 over internet protocol version 4. / Hassan, Rosilah; Ahmed, Amjed Sid; Othman, Nor Effendy; Sami, Samer.

In: Journal of Computer Science, Vol. 10, No. 8, 2014, p. 1344-1354.

Research output: Contribution to journalArticle

@article{e6db4695e96d4b34ac5004e1bff54ba7,
title = "Enhanced encapsulated security payload a new mechanism to secure internet protocol version 6 over internet protocol version 4",
abstract = "A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec's protocol Encapsulated Security Payload (ESP). ESP's padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.",
keywords = "ESP, IPsec, IPv6",
author = "Rosilah Hassan and Ahmed, {Amjed Sid} and Othman, {Nor Effendy} and Samer Sami",
year = "2014",
doi = "10.3844/jcssp.2014.1344.1354",
language = "English",
volume = "10",
pages = "1344--1354",
journal = "Journal of Computer Science",
issn = "1549-3636",
publisher = "Science Publications",
number = "8",

}

TY - JOUR

T1 - Enhanced encapsulated security payload a new mechanism to secure internet protocol version 6 over internet protocol version 4

AU - Hassan, Rosilah

AU - Ahmed, Amjed Sid

AU - Othman, Nor Effendy

AU - Sami, Samer

PY - 2014

Y1 - 2014

N2 - A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec's protocol Encapsulated Security Payload (ESP). ESP's padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.

AB - A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are dual stack, header translation and tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 packet to have an IPv4 address in order to make it IPv4 routing compatible. Internet Protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and accepted. IETF mentioned this problem in many RFCs. According to RFC 3964 there is no simple way to prevent spoofing attack in IPv6 over IPv4 tunnel and longer term solutions would have to be deployed in both IPv4 and IPv6 networks to help identify the source of the attack, a total prevention is likely impossible. This study proposed a new spoofing defense mechanism based on IPsec's protocol Encapsulated Security Payload (ESP). ESP's padding area had been used to write the IPv6 source address of the encapsulated packet. Simulation is conducted based on two scenarios, one with spoofing attack and one without. The outcome proved that proposed mechanism has managed to eliminate spoofing threat in IPv6 over IPv4 tunnel.

KW - ESP

KW - IPsec

KW - IPv6

UR - http://www.scopus.com/inward/record.url?scp=84900409177&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84900409177&partnerID=8YFLogxK

U2 - 10.3844/jcssp.2014.1344.1354

DO - 10.3844/jcssp.2014.1344.1354

M3 - Article

AN - SCOPUS:84900409177

VL - 10

SP - 1344

EP - 1354

JO - Journal of Computer Science

JF - Journal of Computer Science

SN - 1549-3636

IS - 8

ER -