Data Spoofing Attacks by IPv6 Tunnels
Summary :
Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E96-B No.11 pp.2875-2882
- Publication Date
- 2013/11/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.E96.B.2875
- Type of Manuscript
- PAPER
- Category
- Internet
Authors
Yu CUI
Harbin Institute of Technology
Zhi-Hong TIAN
Harbin Institute of Technology
Bin-Xing FANG
Harbin Institute of Technology
Hong-Li ZHANG
Harbin Institute of Technology
Wei-Zhe ZHANG
Harbin Institute of Technology
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Yu CUI, Zhi-Hong TIAN, Bin-Xing FANG, Hong-Li ZHANG, Wei-Zhe ZHANG, "Data Spoofing Attacks by IPv6 Tunnels" in IEICE TRANSACTIONS on Communications,
vol. E96-B, no. 11, pp. 2875-2882, November 2013, doi: 10.1587/transcom.E96.B.2875.
Abstract: Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.E96.B.2875/_p
Copy
@ARTICLE{e96-b_11_2875,
author={Yu CUI, Zhi-Hong TIAN, Bin-Xing FANG, Hong-Li ZHANG, Wei-Zhe ZHANG, },
journal={IEICE TRANSACTIONS on Communications},
title={Data Spoofing Attacks by IPv6 Tunnels},
year={2013},
volume={E96-B},
number={11},
pages={2875-2882},
abstract={Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.},
keywords={},
doi={10.1587/transcom.E96.B.2875},
ISSN={1745-1345},
month={November},}
Copy
TY - JOUR
TI - Data Spoofing Attacks by IPv6 Tunnels
T2 - IEICE TRANSACTIONS on Communications
SP - 2875
EP - 2882
AU - Yu CUI
AU - Zhi-Hong TIAN
AU - Bin-Xing FANG
AU - Hong-Li ZHANG
AU - Wei-Zhe ZHANG
PY - 2013
DO - 10.1587/transcom.E96.B.2875
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E96-B
IS - 11
JA - IEICE TRANSACTIONS on Communications
Y1 - November 2013
AB - Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
