Nie, Leyao, He, Lin, Song, Guanglei, Gao, Hao, Li, Chenglong, Wang, Zhiliang, Yang, Jiahai.
2022.
Towards a Behavioral and Privacy Analysis of ECS for IPv6 DNS Resolvers. 2022 18th International Conference on Network and Service Management (CNSM). :303—309.
The Domain Name System (DNS) is critical to Internet communications. EDNS Client Subnet (ECS), a DNS extension, allows recursive resolvers to include client subnet information in DNS queries to improve CDN end-user mapping, extending the visibility of client information to a broader range. Major content delivery network (CDN) vendors, content providers (CP), and public DNS service providers (PDNS) are accelerating their IPv6 infrastructure development. With the increasing deployment of IPv6-enabled services and DNS being the most foundational system of the Internet, it becomes important to analyze the behavioral and privacy status of IPv6 resolvers. However, there is a lack of research on ECS for IPv6 DNS resolvers.In this paper, we study the ECS deployment and compliance status of IPv6 resolvers. Our measurement shows that 11.12% IPv6 open resolvers implement ECS. We discuss abnormal noncompliant scenarios that exist in both IPv6 and IPv4 that raise privacy and performance issues. Additionally, we measured if the sacrifice of clients’ privacy can enhance IPv6 CDN performance. We find that in some cases ECS helps end-user mapping but with an unnecessary privacy loss. And even worse, the exposure of client address information can sometimes backfire, which deserves attention from both Internet users and PDNSes.
Goto, Ren, Matama, Kazushige, Nishiwaki, Chihiro, Naito, Katsuhiro.
2022.
Proposal of an extended CYPHONIC adapter supporting general nodes using virtual IPv6 addresses. 2022 IEEE 11th Global Conference on Consumer Electronics (GCCE). :257—261.
The spread of the Internet of Things (IoT) and cloud services leads to a request for secure communication between devices, known as zero-trust security. The authors have been developing CYber PHysical Overlay Network over Internet Communication (CYPHONIC) to realize secure end-to-end communication among devices. A device requires installing the client program into the devices to realize secure communication over our overlay network. However, some devices refuse additional installation of external programs due to the limitation of system and hardware resources or the effect on system reliability. We proposed new technology, a CYPHONIC adapter, to support these devices. Currently, the CYPHONIC adapter supports only IPv4 virtual addresses and needs to be compatible with general devices that use IPv6. This paper proposes the dual-stack CYPHONIC adapter supporting IPv4/IPv6 virtual addresses for general devices. The prototype implementation shows that the general device can communicate over our overlay network using both IP versions through the proposed CYPHONIC adapter.
Ali, Maytham Hakim, Al-Alak, Saif.
2022.
Node Protection using Hiding Identity for IPv6 Based Network. 2022 Muthanna International Conference on Engineering Science and Technology (MICEST). :111—117.
Protecting an identity of IPv6 packet against Denial-of-Service (DoS) attack, depend on the proposed methods of cryptography and steganography. Reliable communication using the security aspect is the most visible issue, particularly in IPv6 network applications. Problems such as DoS attacks, IP spoofing and other kinds of passive attacks are common. This paper suggests an approach based on generating a randomly unique identities for every node. The generated identity is encrypted and hided in the transmitted packets of the sender side. In the receiver side, the received packet verified to identify the source before processed. Also, the paper involves implementing nine experiments that are used to test the proposed scheme. The scheme is based on creating the address of IPv6, then passing it to the logistics map then encrypted by RSA and authenticated by SHA2. In addition, network performance is computed by OPNET modular. The results showed better computation power consumption in case of lost packet, average events, memory and time, and the better results as total memory is 35,523 KB, average events/sec is 250,52, traffic sent is 30,324 packets/sec, traffic received is 27,227 packets/sec, and lose packets is 3,097 packets/sec.
Sha, Feng, Wei, Ying.
2022.
The Design of Campus Security Early Warning System based on IPv6 Wireless Sensing. 2022 3rd International Conference on Electronic Communication and Artificial Intelligence (IWECAI). :103—106.
Based on the campus wireless IPv6 network system, using WiFi contactless sensing and positioning technology and action recognition technology, this paper designs a new campus security early warning system. The characteristic is that there is no need to add new monitoring equipment. As long as it is the location covered by the wireless IPv6 network, personnel quantity statistics and personnel body action status display can be realized. It plays an effective monitoring supplement to the places that cannot be covered by video surveillance in the past, and can effectively prevent campus violence or other emergencies.
Lu, Ke, Yan, Wenjuan, Wang, Shuyi.
2022.
Testing and Analysis of IPv6-Based Internet of Things Products for Mission-Critical Network Applications. MILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM). :66—71.
This paper uses the test tool provided by the Internet Protocol Version 6 (IPv6) Forum to test the protocol conformance of IPv6 devices. The installation and testing process of IPv6 Ready Logo protocol conformance test suite developed by TAHI PROJECT team is described in detail. This section describes the test content and evaluation criteria of the suite, analyzes the problems encountered during the installation and use of the suite, describes the method of analyzing the test results of the suite, and describes the test content added to the latest version of the test suite. The test suite can realize automatic testing, the test cases accurately reflect the requirements of the IPv6 protocol specification, can be used to judge whether IPv6-based Internet of Things(IoT) devices meets the relevant protocol standards.
Zhang, Guangya, Xu, Xiang.
2022.
Design and Practice of Campus Network Based on IPv6 Convergence Access in Guangdong Ocean University. 2022 International Conference on Computation, Big-Data and Engineering (ICCBE). :1—4.
For the smart campus of Guangdong Ocean University, we analyze the current situation of the university's network construction, as well as the problems in infrastructure, equipment, operation management, and network security. We focus on the construction objectives and design scheme of the smart campus, including the design of network structure and basic network services. The followings are considered in this study: optimization of network structure simplification, business integration, multi-operator access environment, operation and maintenance guarantee system, organic integration of production, and teaching and research after network leveling transformation.
Kadusic, Esad, Zivic, Natasa, Hadzajlic, Narcisa, Ruland, Christoph.
2022.
The transitional phase of Boost.Asio and POCO C++ networking libraries towards IPv6 and IoT networking security. 2022 IEEE International Conference on Smart Internet of Things (SmartIoT). :80—85.
With the global transition to the IPv6 (Internet Protocol version 6), IP (Internet Protocol) validation efficiency and IPv6 support from the aspect of network programming are gaining more importance. As global computer networks grow in the era of IoT (Internet of Things), IP address validation is an inevitable process for assuring strong network privacy and security. The complexity of IP validation has been increased due to the rather drastic change in the memory architecture needed for storing IPv6 addresses. Low-level programming languages like C/C++ are a great choice for handling memory spaces and working with simple devices connected in an IoT (Internet of Things) network. This paper analyzes some user-defined and open-source implementations of IP validation codes in Boost. Asio and POCO C++ networking libraries, as well as the IP security support provided for general networking purposes and IoT. Considering a couple of sample codes, the paper gives a conclusion on whether these C++ implementations answer the needs for flexibility and security of the upcoming era of IPv6 addressed computers.
Li, Yubing, Yang, Wei, Zhou, Zhou, Liu, Qingyun, Li, Zhao, Li, Shu.
2022.
P4-NSAF: defending IPv6 networks against ICMPv6 DoS and DDoS attacks with P4. ICC 2022 - IEEE International Conference on Communications. :5005—5010.
Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.