Home // ICNS 2014, The Tenth International Conference on Networking and Services // View article

New IPv6 Identification Paradigm: Spreading of Addresses Over Time

Authors:
Florent Fourcot
Stefan Köpsell
Frédéric Cuppens
Laurent Toutain
Nora Cuppens-Boulahia

Keywords: IPv6; security; flow identification; spoofing

Abstract:
The identification of packet flows is a very important feature to provide security on the Internet. This flow identification is traditionally done by the well-know five tuple source IP address, destination IP address, transport layer protocol number and the two source/destination identifiers of transport layer protocols (named ports on UDP and TCP). Unfortunately, the IP source address is not reliable at all. However, we can use new security paradigms based on new IPv6 properties. In particular, IPv6 introduces a large address space. Our solution takes the benefit of this space with a high frequency rotation of IP addresses, that we call spreading. This spreading improves the security since only the sender and the receiver are able to generate and follow this temporal sequence. An attacker will not be able to successfully insert malicious packets into a flow or to initialize a flow. It protects against session initialization flooding and against attacks on established connections. In this paper, we describe the architecture of our solution and the protocol to initiate a connection and also performance evaluation of our spreading.

Pages: 74 to 83

Copyright: Copyright (c) IARIA, 2014

Publication date: April 20, 2014

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-61208-330-8

Location: Chamonix, France

Dates: from April 20, 2014 to April 24, 2014