For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Data Spoofing Attacks by IPv6 Tunnels
Yu CUI Zhi-Hong TIAN Bin-Xing FANG Hong-Li ZHANG Wei-Zhe ZHANG
IEICE TRANSACTIONS on Communications
Publication Date: 2013/11/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: PAPER
IPv6, tunnel, IDS, spoofing attacks, tunnel interference,
Full Text: PDF>>
Tunneling is one of the main methods for the transition from IPv4 to IPv6 networks. By encapsulating IPv6 packets in IPv4 or UDP packets, tunnels like 6to4, Isatap and Teredo provide a feasible way for IPv4 hosts to establish IPv6 connections to hosts in IPv6 internet or IPv6 islands. For IPv4 internet, the use of tunnels varies the traffic and increases the type of packets, making the network environment more complex. In addition to common tunnels, various types of tunnels with more layers are tested in this paper. The results of successful connections prove the usefulness of multi-layer packets with diverse layer-count and type on the internet. To ensure the security of internal networks, the influence on traffic analysis in dual-stack IDS devices caused by the diversity is studied. Three spoofing attacks of “data insertion”, “data evasion” and “attacks using UDP” are proposed to show the influence on IDS caused by tunnels. Compared to the attacks without tunnels, some constraining factors are eliminated, which may increase the security risk of IDS and decrease the attacker's difficulties. To summarize this kind of problem, the concept of “Tunnel Interference” is revealed. And as solutions to this problem, two methods, RA (Record All) and HEH (Hash for Each Header), are presented in this paper which theoretically solve these problems to a great extent. RA records all headers and compares from the outermost to innermost layer. HEH is hash-based and accumulates hash values of each header. Both of them have linear time and space complexity. Experimental results show that RA and HEH will lead to minor space increase and up to 1.2% time increment in each layer compared to the original dual-stack.