End to End Security and IPv6, 2014

 
SoS Logo

End to End Security and IPv6, 2014

 

Protocols are an important element in developing end to end security.  In 2014, much research was done on protocols in general and in IPv6 in particular, as they relate to security. 

 

Sahraoui, S.; Bilami, A., "Compressed And Distributed Host Identity Protocol For End-To-End Security In The Iot," Next Generation Networks and Services (NGNS), 2014 Fifth International Conference on, pp. 295, 301, 28-30 May 2014. doi: 10.1109/NGNS.2014.6990267
Abstract: Wireless Sensor Networks (WSNs), as a key part of the Internet of Things (IoT), allow the representation of the dynamic characteristics of the physical world in the Internet's virtual world. Thus, sensor nodes are henceforth considered as Internet hosts and may act freely as web clients or servers. Undoubtedly, security and end-users privacy issues rise and become more severe in the IoT, due to the asymmetric nature of the communications between sensor nodes and the ordinary Internet hosts. Many solutions propose to use the classical IP-based security protocols for IoT, after adapting them to WSN's constraints by either messages compression or computational-load distribution techniques. In this paper we propose a 6LoWPAN (IPv6 over Low power Wireless Personal Area Networks) compression model for HIP (Host Identity Protocol) header, as well as, an adapted distribution scheme of the computational load in HIP's key agreement process. For an extreme lightweight end-to-end security, we propose to combine both compression and distribution models for HIP in WSNs side, in the IoT. The partial evaluation results show that the proposed protocol, named compressed and distributed HIP (CD-HIP), is more adapted than the standard HIP, while introducing minor header communication overhead.
Keywords: IP networks; Internet; Internet of Things; file servers; personal area networks; protocols; telecommunication security; wireless sensor networks; 6LoWPAN;CD-HIP; IP-based security protocols;IPv6 over low power wireless personal area networks; Internet of Things; IoT; WSN; Web clients; Web servers; communication overhead; compressed and distributed HIP; computational-load distribution techniques; distribution scheme; end-to-end security; host identity protocol; messages compression; wireless sensor networks; Hip; IP networks; Internet; Peer-to-peer computing; Protocols; Security; Wireless sensor networks;6LoWPAN compression; Host Identity Protocol; Internet of Things; IoT; Wireless Sensor Networks; distributed HIP Base Exchange; end-to-end security (ID#: 15-5215)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6990267&isnumber=6990210

 

Kasraoui, M.; Cabani, A.; Chafouk, H., "IKEv2 Authentication Exchange Model in NS-2," Computer, Consumer and Control (IS3C), 2014 International Symposium on, pp. 1074, 1077, 10-12 June 2014. doi: 10.1109/IS3C.2014.280
Abstract: Wireless Sensor Network (WSN)communications has become one of the most emerging fields in the area of wireless communication technologies. Integration of WSN with internet technologies has been enhanced because of the use of 6LowPAN standard. This leads to the challenges and significance of end-to-end security in 6LoWPAN communication between IPv6 enabled sensor networks and the Internet hosts. Many researchers have proposed the use of IPsec/IKE to WSNs for reinforcing the end-to-end security communication. Till now IKE module have not been implemented or added in a network simulator. In the proposed paper we have implemented the IKE module in Network Simulator-2 (NS2) simulator. This new module will helps to study in detail about the end-to-end security in wireless communication. In this paper we have also discussed and compared the pros and cons of network simulators like OMNET++, TOSSIM and COOJA with NS2.
Keywords: IP networks; computer network security; cryptographic protocols; personal area networks; wireless sensor networks;6LoWPAN communication standard; COOJA; IKE module; IKEv2 authentication exchange model;IPsec-IKE;IPv6 enabled sensor networks; Internet hosts; NS2 simulator; Network Simulator-2; OMNET++; TOSSIM; WSN communications; end-to-end security; wireless communication technologies; wireless sensor networks; Authentication; Delays; Energy consumption; Internet; Protocols; Wireless sensor networks; 6LoWPAN; IKEv2; IPSec; NS2 (ID#: 15-5216)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6846072&isnumber=6845429

 

Naito, K.; Mori, K.; Kobayashi, H.; Kamienoo, K.; Suzuki, H.; Watanabe, A., "End-To-End IP Mobility Platform In Application Layer For Ios And Android OS," Consumer Communications and Networking Conference (CCNC), 2014 IEEE 11th, pp.92,97, 10-13 Jan. 2014. doi: 10.1109/CCNC.2014.6866554
Abstract: Smartphones are a new type of mobile devices that users can install additional mobile software easily. In the almost all smartphone applications, client-server model is used because end-to-end communication is prevented by NAT routers. Recently, some smartphone applications provide real time services such as voice and video communication, online games etc. In these applications, end-to-end communication is suitable to reduce transmission delay and achieve efficient network usage. Also, IP mobility and security are important matters. However, the conventional IP mobility mechanisms are not suitable for these applications because most mechanisms are assumed to be installed in OS kernel. We have developed a novel IP mobility mechanism called NTMobile (Network Traversal with Mobility). NTMobile supports end-to-end IP mobility in IPv4 and IPv6 networks, however, it is assumed to be installed in Linux kernel as with other technologies. In this paper, we propose a new type of end-to-end mobility platform that provides end-to-end communication, mobility, and also secure data exchange functions in the application layer for smartphone applications. In the platform, we use NTMobile, which is ported as the application program. Then, we extend NTMobile to be suitable for smartphone devices and to provide secure data exchange. Client applications can achieve secure end-to-end communication and secure data exchange by sharing an encryption key between clients. Users also enjoy IP mobility which is the main function of NTMobile in each application. Finally, we confirmed that the developed module can work on Android system and iOS system.
Keywords: Android (operating system);IP networks; client-server systems; cryptography; electronic data interchange; iOS (operating system);real-time systems; smart phones; Android OS;IPv4 networks;IPv6 networks; Linux kernel; NAT routers; NTMobile; OS kernel; application layer; client-server model; encryption key; end-to-end IP mobility platform; end-to-end communication; iOS system; network traversal with mobility; network usage; real time services; secure data exchange; smartphones; transmission delay; Authentication; Encryption; IP networks; Manganese; Relays; Servers (ID#: 15-5217)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866554&isnumber=6866537

 

Varadarajan, P.; Crosby, G., "Implementing IPsec in Wireless Sensor Networks," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp. 1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814024
Abstract: There is an increasing need for wireless sensor networks (WSNs) to be more tightly integrated with the Internet. Several real world deployment of stand-alone wireless sensor networks exists. A number of solutions have been proposed to address the security threats in these WSNs. However, integrating WSNs with the Internet in such a way as to ensure a secure End-to-End (E2E) communication path between IPv6 enabled sensor networks and the Internet remains an open research issue. In this paper, the 6LoWPAN adaptation layer was extended to support both IPsec's Authentication Header (AH) and Encapsulation Security Payload (ESP). Thus, the communication endpoints in WSNs are able to communicate securely using encryption and authentication. The proposed AH and ESP compressed headers performance are evaluated via test-bed implementation in 6LoWPAN for IPv6 communications on IEEE 802.15.4 networks. The results confirm the possibility of implementing E2E security in IPv6 enabled WSNs to create a smooth transition between WSNs and the Internet. This can potentially play a big role in the emerging "Internet of Things" paradigm.
Keywords: IP networks; Internet; Zigbee; computer network security; cryptography; wireless sensor networks; 6LoWPAN adaptation layer; AH; E2E security; ESP compressed header performance; IEEE 802.15.4 networks; IPsec authentication header;IPv6 enabled sensor networks; Internet; Internet of Things paradigm; WSNs; communication endpoints; encapsulation security payload; encryption; end-to-end communication path; security threats; stand-alone wireless sensor networks; Authentication; IEEE 802.15 Standards; IP networks; Internet; Payloads; Wireless sensor networks (ID#: 15-5218)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814024&isnumber=6813963

 

Ahmed, A.S.; Hassan, R.; Othman, N.E., "Security Threats For IPv6 Transition Strategies: A Review," Engineering Technology and Technopreneuship (ICE2T), 2014 4th International Conference on, pp.83,88, 27-29 Aug. 2014. doi: 10.1109/ICE2T.2014.7006224
Abstract: There is a growing perception among communications experts that IPv6 and its associated protocols is set to soon replace the current IP version. This is somewhat interesting given that general adoption of IPv6 has been slow. Perhaps this can be explained by the short-term fixes to IPv4 address including classless addressing and NAT. Because of these short-term solutions in addition that IPv4 is not capable to manage the growth of information systems, particularly the growth of internet technologies and services including cloud computing, mobile IP, IP telephony, and IP-capable mobile telephony, all of which necessitate the use of IPv6. There is however a realization that the transformation must be gradual and properly guided and managed. To this end, the Internet Engineering Task Force (IETF) was formed to assist in the transition from IPv4 to IPv6 Dual Stack, Header Translation and Tunneling. The mechanisms employed in this transition consist of changes to protocol mechanisms affecting hosts and routers, addressing and deployment, that are designed to avoid mishap and facilitate a smooth transition from IPv4 to IPv6. Given the inevitability of adopting IPv6, this paper focuses on a detailed examination of the transition techniques and its associated benefits and possible shortcomings. Furthermore, the security threats for each transition technique are overviewed.
Keywords: Internet; information systems; security of data; transport protocols; IETF; IP-capable mobile telephony;IPv4;IPv6 transition strategy; Internet engineering task force; NAT; classless addressing; cloud computing; dual stack; header translation; information system; internet technology; mobile IP; protocol mechanism; security threat; tunneling; Encapsulation; Firewalls (computing); IP networks; Internet; Protocols; Tunneling; Dual Stack; IPv4 ;IPv6; Translation; Tunneling (ID#: 15-5219)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7006224&isnumber=7006204

 

Goswami, S.; Misra, S.; Taneja, C.; Mukherjee, A., "Securing Intra-Communication in 6lowpan: A PKI Integrated Scheme," Advanced Networks and Telecommuncations Systems (ANTS), 2014 IEEE International Conference on, pp. 1, 5, 14-17 Dec. 2014. doi: 10.1109/ANTS.2014.7057265
Abstract: 6LoWPAN standard enables efficient integration of low power wireless networks with IPv6. However the security requirements of 6LoWPANs are high due to undefined deployment scenarios and constrained capabilities of sensor nodes. A number of schemes have been devised for secure communication over the Internet, PKI being the most widely used of them. It provides authentication, non-repudiation, confidentiality and integrity. PKI does not qualify for use in 6LoWPAN as it is not streamlined for these networks and creates a communication and processing overhead which cannot be borne by a simple wireless sensor node. We provide a scheme to integrate PKI and 6LoWPAN by essentially delegating a major portion of key management activity to the edge routers (gateway) of the LoWPAN and limiting the involvement of the end nodes to minimum communication with the edge router. The edge router maintains a Local Key Database (LKDB) by remaining in constant contact with the certification authority (CA) server and oversees all related keying functions in the LoWPAN. A request packet format and algorithm to acquire keys of the destination from edge router is proposed. Performance evaluation of the proposed scheme using a protocol analyzer indicated a time and increased packet count tradeoff for the enhanced level of security. An increase in packet payload during evaluation led to a significant increase in transmitted message count. The proposed scheme did not alter the nature of the packets transmitted and performed well at scalable loads.
Keywords: IP networks; performance evaluation; personal area networks; public key cryptography; telecommunication security; 6LoWPAN standard; IPv6;LKDB;PKI integrated scheme; certification authority server; edge routers; local key database; low power wireless networks; security requirements; wireless sensor node; Erbium; Payloads; Protocols; Public key; Servers; Wireless sensor networks (ID#: 15-5220)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057265&isnumber=7057217

 

Chia-Wei Tseng; Sheue-Ji Chen; Yao-Tsung Yang; Li-Der Chou; Ce-Kuen Shieh; Sheng-Wei Huang, "IPv6 Operations And Deployment Scenarios Over SDN," Network Operations and Management Symposium (APNOMS), 2014 16th Asia-Pacific, pp. 1, 6, 17-19 Sept. 2014. doi: 10.1109/APNOMS.2014.6996530
Abstract: IPv6 is a technology that provides enormous address space and end-to-end communication, features that are required in the context of the device automation integration for future network. The transition to IPv6 holds the future of the internet infrastructure. Software-defined networking (SDN) defines a new concept for computer networks that can separate and provide abstract elements of network devices. IPv6 SDN has the potential to revolutionize the network design, construct and operate networks to achieve more efficient business network agility. In this paper, we will discuss the main architectures of SDN and illustrate how IPv6 can be deployed and integrated in SDN technologies using OpenFlow mechanisms. We will also discuss the IPv6 impact on link performance and deployment scenarios.
Keywords: IP networks; Internet; next generation networks; software defined networking;IPv6;Internet infrastructure; OpenFlow mechanisms; SDN; device automation integration; end-to-end communication; software-defined networking; Broadband communication; Computer architecture; IP networks; Internet; Performance evaluation;Security;Switches;IPv6;Network deployment; OpenFlow; SDN (ID#: 15-5221)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6996530&isnumber=6996102

 

Bhatti, S.N.; Phoomikiattisak, D.; Atkinson, R.J., "Fast, Secure Failover for IP," Military Communications Conference (MILCOM), 2014 IEEE, pp. 274, 281, 6-8 Oct. 2014. doi: 10.1109/MILCOM.2014.50
Abstract: We describe a mechanism for fast, secure failover for IP. The mechanism is invisible to end-systems: sessions are maintained during failover. Our novel approach is to model the failover as a mobility problem, and use a mobility solution in order to implement change in connectivity. Our system is based on the Identity Locator Network Protocol (ILNP), an Experimental IRTF protocol which is realised as superset of IPv6. Our empirical results from a test bed emulation show that there is almost zero gratuitous loss during failover.
Keywords: IP networks; transport protocols; ILNP; IP network; IPv6; experimental IRTF protocol; identity locator network protocol; mobility problem; secure failover; test bed emulation; IP networks; Middleboxes; Mobile communication; Mobile computing; Protocols; Routing; Security (ID#: 15-5222)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6956771&isnumber=6956719

 

Baddi, Y.; Ech-Chrif El Kettani, M.D., "A Fast Dynamic Multicast Tree Adjustment Protocol For Mobile Ipv6," Next Generation Networks and Services (NGNS), 2014 Fifth International Conference on, pp. 106, 113, 28-30 May 2014. doi: 10.1109/NGNS.2014.6990237
Abstract: Internet research community has proposed many Different multicast routing protocols to support efficient multimedia application such as, IPTV, videoconferencing, group games. Nevertheless, these protocols have not been designed for mobile roaming members and sources, and has not been tested in wireless and mobile environment since they were developed for multicast parties whose members and sources are topologically stationary. Recently, as the performance of mobile hosts rapidly improves and the bandwidth of wireless access networks grows up, the expectation for mobile multimedia communication services including many-to-many communications such as video-conferencing begins a big necessary. Studying and solving multicast issues in the stationary multicast infrastructure has been largely studied in the literature. However, fewer efforts have been spent in the specific problems of mobile members and sources caused by the frequent change of membership and point of attachment. This paper addresses the issue of mobile Multicast routing by presenting a Fast Dynamic Multicast Tree Adjustment Protocol for Mobile IPv6 (FDMTA-MIPv6), an optimized multicast tree protocol is proposed to transform multicast tree into an optimal shared multicast tree routed at a selected RP. To estimate and evaluate our scheme, we implement simulation based in many metrics, simulation results show that good performance is achieved in terms of handoff latency, end-to-end delay, tree construction delay and others metrics.
Keywords: IP networks; IPTV; Internet; computer games; mobile computing; mobility management (mobile radio);multicast protocols; multimedia communication; radio access networks; routing protocols; telecommunication network topology; teleconferencing; video communication;FDMTA-MIPv6;IPTV;Internet research community; end-to-end delay; fast dynamic multicast tree adjustment protocol; frequent membership change; group games; handoff latency; many-to-many communications; mobile IPv6;mobile hosts; mobile members; mobile multimedia communication services; mobile sources; multicast routing protocols; multimedia application; point-of-attachment; tree construction delay; videoconferencing; wireless access networks; Delays; IP networks; Mobile communication; Mobile computing; Receivers; Routing protocols; CBT; Mobile IPv6; Multicast Routing;PIM-SM; RP (ID#: 15-5223)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6990237&isnumber=6990210

 

Baddi, Y.; El Kettani, M.D.E.-C., "Multiple Active Cores-Based Shared Multicast Tree For Mobile Ipv6 Environment," Information Science and Technology (CIST), 2014 Third IEEE International Colloquium in, pp.378,383, 20-22 Oct. 2014. doi: 10.1109/CIST.2014.7016650
Abstract: Due to the progress of network multimedia technology, internet research community proposed many different multicast routing protocols to support efficient realtime multimedia application such as, IPTV, videoconferencing, group games. These applications require a multicast routing protocol in which packets arrive to multicast receivers with minimum delay and delay variation. These applications are more important with arrival of mobile IPv6 protocol with mobile receivers and sources with continuous access. Nevertheless, the design of multicast protocols does not take into account that group members may be mobile. Dynamic group members and sources can rapidly affect quality of both routing protocol scheme and multicast tree used. The key idea of this work is to make the handover of multicast members transparent and a quick recovery mechanism to maintain an optimal multicast tree, by using MACT-MIPv6 architecture based on multicast routing protocol with Shared Multiple Active Cores Multicast Tree to hide the mobility of mobile multicast members from the main multicast delivery tree. Simulation results show that good performance is achieved in terms of handoff latency, end-to-end delay, tree construction delay and others metrics.
Keywords: IP networks; Internet; mobility management (mobile radio);multicast protocols; radio receivers; routing protocols; telecommunication network topology; Internet research community; MACT-MIPv6 architecture; delay variation; end-to-end delay; handoff latency; mobile IPv6 protocol; mobile receiver; multicast delivery tree; multicast member handover; multicast receiver; multicast routing protocol; multiple active core-based shared multicast tree; quick recovery mechanism; tree construction delay; IP networks; Mobile communication; Mobile computing; Receivers; Routing protocols;Subscriptions;CBT;MACT-MIPv6;MIPv6;Multicast tree; PIM-SM (ID#: 15-5224)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7016650&isnumber=7016576

 

Note:

 

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.