Measuring IPv6 Resilience and Security

Luuk Hendriks

    Research output: ThesisPhD Thesis - Research UT, graduation UT

    204 Downloads (Pure)

    Abstract

    The Internet Protocol (IP) is the most used protocol on the planet. The specific version of IP that we have used already for decades, is version 4 (IPv4 for short). To counter some of its shortcomings, like the small address space, the successor to IPv4 was defined already 20 years ago: IP version 6, or IPv6.
    With attacks on the Internet becoming a common item on the evening news, naturally the question rises, where are we with IPv6 in terms of security? As the adoption of IPv6 is finally taking off we can now measure which problems IPv6 has in reality. Many possible IPv6-specific threats have been described over the years, but measurements to find out which of these threats are real problems in the Internet have not been conducted. In this thesis, we focus on measuring the actual state and severeness of these problems, and propose solutions on how to prevent and avoid them.
    First, we found a fraction of IPv6 network goes unnoticed in measurement systems, giving networking operators an incomplete and incorrect view of what is going over their networks. A second problem are firewalls, which can be evaded when so-called Extension Headers are present in IPv6 traffic. Third, we found a vast number of Ipv6-specific misconfigurations in the DNS, rendering services unreachable over Ipv6. Last, we show that abusable hosts can be found without scanning the entire Ipv6 address space.
    Summarising, we found that misconfigurations and unawareness are the significant problem in IPv6 deployments. In this thesis, we show what traffic goes unnoticed, present actionable solutions for operators to prevent misconfigurations, and provide tools to verify their network setups. With these, we aim to improve the overall resilience and security in our IPv6 Internet.
    Original languageEnglish
    QualificationDoctor of Philosophy
    Awarding Institution
    • University of Twente
    Supervisors/Advisors
    • Pras, Aiko , Supervisor
    • de Boer, Pieter-Tjerk , Co-Supervisor
    Award date18 Jan 2019
    Place of PublicationEnschede
    Publisher
    Print ISBNs978-90-365-4710-9
    Electronic ISBNs978-90-365-4710-9
    DOIs
    Publication statusPublished - 18 Jan 2019

      Fingerprint

    Keywords

    • IPv6
    • Network measurements
    • Network Security

    Cite this

    Hendriks, L. (2019). Measuring IPv6 Resilience and Security. Enschede: University of Twente. https://doi.org/10.3990/1.9789036547109