... one of the research topics of the team of Prof. Dr. Christoph Meinel

Introduction

Internet Protocol version 6 (IPv6) has been developed to enhance the Internet's future . It is intended to replace IPv4, as the main Internet communication protocol, primarily because of the lack of available IP addresses with IPv4. In addition to a large address space (128-bits), IPv6 comes with new features and mechanisms, such as StateLess Address AutoConfiguration (SLAAC), Neighbor Discovery (ND), header extension, enhanced mobility, etc., which will facilitate a user's ability to communicate.
Despite the fact that IPv6 still maintains much of IPv4's semantics and that two of its protocols have similar functionalities, IPv6 is incompatible with IPv4. IPv6 has its own addressing scheme, so it poses new challenges for routers concerning, for instance, the growth of the forwarding table or the integration of routing algorithms. Moreover, IPv6 and IPv4 headers are mutually exclusive since some fields have been removed, changed, added or expanded for their use in IPv6. Therefore, along with others, the Internet Engineering Task Force (IETF) has been working on several transition mechanisms in an attempt to ensure a smooth migration to IPv6.
Since security and privacy are two of the top priorities in today's networks, the research team of Prof. Dr. Christoph Meinel has focused on identifying, mitigating, and protecting against possible risks during IPv6 deployments. In doing this, the research team hopes to contribute to a more reliable and trustworthy network and Internet environment.

IPv6 Security Concerns

In IPv6 networks vulnerabilities may arise for two main reasons: new protocol features and the need to coexist with the existing IPv4 protocol. IPv6 introduces new functionalities in order to facilitate network configuration and management. However, they have also exposed the network to new security threats. For instance, the Neighbor Discovery (ND) and Stateless Address Autoconfiguration (SLAAC) are vulnerable to spoofing and Denial of Service (DoS) attacks. Another example is the randomly generated addresses, which need to keep changing over time in order to protect a users' privacy. This implies, however, new challenges for network administrators, as it also complicates the management of user identities. Finally, although IPv6 and IPv4 have incompatible protocols, they do compete for the same computing resources. Therefore, running these two protocols, in parallel, poses new deployment and security challenges.

Research topics:

Privacy and Security in IPv6 networks

Recently, security and privacy have become important issues when dealing with IPv6 networks. It is for this reason that nodes need to change their IP addresses frequently, in order to prevent other nodes within the network from being able to track them. By doing this nodes thus help prevent privacy related attacks. Changing IP addresses, though, will have an effect on application layer services such as DNS, email, web and etc.

The purpose of our research is to diminish the security and privacy risks that are now present in IPv6 networks. As vendors need to move to and make use of IPv6, we will shortly have an Internet network that totally encompasses the use of IPv6. Therefore there is a need to detect the security flaws in this network, and o find a solution for them, before this protocol becomes even more widely used.

Securing IPv6 Addressing Mechanisms

IPv6 Stateless Address Auto-Configuration (SLAAC) and Neighbor Discovery (ND) are used for autoconfiguring addresses (without the use of a server) and to discover other nodes on the IPv6 link. Although the autoconfiguration mechanism greatly improves the efficiency of network management, it does have security and privacy issues. Secure Neighbor Discovery (SeND) was designed as a first line of defense against spoofing and Denial of Service (DoS) attacks. It assures the integrity and authenticity of ND messages. SeND is based on the use of RSA Key pairs, Cryptographically Generated Addresses (CGA), digital signatures, and X.509 certificates. Unfortunately, the SeND deployment remains a challenge for several reasons. First, SeND is compute-intensive. Second, its deployment is not trivial and so the SeND Authorization Delegation Discovery (ADD) is, so far, mostly theoretical rather than practical in nature. Third, operating systems lack the sophisticated implementations needed for SeND. The objective of this research topic is to find and develop an efficient and easy model for the optimization of CGA and SeND to make it usable in different IPv6 networks, mainly for use in limited resource devices.

  • Research Project Implementation: “WinSEND: Windows SEcure Neighbor Discovery”. This is an implementation consisting of the following RFCs:

    - RFC 3971: Secure Neighbor Discovery (SeND)

    - RFC 3972: Cryptographically Generated Addresses (CGA)

    - RFC3779: X.509 Extensions for IP Addresses and AS Identifiers

Master Thesis

  • Konrad-Felix Krentz : Securing 6LoWPAN Neighbor Discovery, November 2012 - September 2013 - Master Project

Former Colleagues

  • Dr. rer. nat. Ahmad AlSadeh, PhD student, June 2009 - May 2013
  • Tayo Arulogun, PhD, June 2012 - November 2012
  • Tacio Santos, PhD student, May 2011 - June 2012

Other Networking Research projects

Publications

Journals & Magazines

  • Hosnieh Rafiee, Martin von Löwis, and Christoph Meinel, “IPv6 Deployment and Spam Challenges”, the IEEE Internet Computing magazine, Future Internet Protocols, vol. 16, no. 6, pp. 22 –29, Nov.-Dec. 2012

Book Chapters

  • Hosnieh Rafiee, Martin von Löwis and Christoph Meinel, "Challenges and Solutions for DNS Security in IPv6". Prof. Dr. Martinez and el.  (editors), Architectures and Protocols for secure Information Technology. (to be) Published by IGI Global .

  • Hosnieh Rafiee, Martin von Löwis and Christoph Meinel, "Cryptography in Electronic Mail". In Atilla Elçi et al. (editors), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS). (to be) Published by IGI Global, May 2013. ISBN13: 9781466640306.
  • Ahmad AlSa'deh, Hosnieh Rafiee, and Christoph Meinel, SEcure Neighbor Discovery Review: a Cryptographic Solution for Securing IPv6 Local Link Operations. In In Atilla Elçi et al. (editors), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS), pp. 178 -198, IGI Global, May 2013. ISBN13: 9781466640306
  • Tayo Arulogun, Ahmad AlSa’deh, and Christoph Meinel. Mobile IPv6: Mobility Management and Security Aspects. In Antonio Ruiz Martínez, Fernando Pereñíguez García, and Rafael Marín López (editors), Architectures and Protocols for Secure Information Technology , IGI Global.

Selected Conference Papers

  • Hosnieh Rafiee, Christoph Mueller, Lukas Niemeier, Jannik Streek, Christoph Sterz and Christoph Meinel. "A Flexible Framework For Detecting IPv6 Vulnerabilities". The 6th International Conference on Security of Information and Networks (SIN2013), ACM, November 26 - 28, 2013 Aksaray, Turkey
  • Konrad-Felix Krentz, Hosnieh Rafiee, and Christoph Meinel, "6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer". The 1th ACM International Workshop International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013). September 8th 2013, Zurich, Switzerland.
  • Hosnieh Rafiee and Christoph Meinel. "'SSAS: a Simple Secure Addressing Scheme for IPv6 AutoConfiguration".  The 11th IEEE International Conference on Privacy, Security and Trust (PST), IEEE, July 10 - 13, 2013 Tarragona, Spain.
  • Hosnieh Rafiee, Martin von Löwis and Christoph Meinel. "'DNS Update Extension to IPv6 Secure Addressing". The 9th International Symposium on Frontiers of Information Systems and Network Applications (FINA2013), IEEE. March 26 — 28, 2013 Barcelona, Spain. 
  • Ahmad Alsa’deh, Hosnieh Rafiee, and Christoph Meinel, "IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability" in 5th International Symposium on Foundations and Practice of Security, FPS 2012, 2012, LNCS 7743, pp. 149–161, 2013.
  • T. Arulogun, A. AlSa’deh, and C. Meinel. "IPv6 Private Networks: security Consideration and Recommendations."  In the Proceedings of the 4th International Conference on Mobile e-Services (ICOMeS) Oct. 16 – 17, 2012. Volume 4, ISBN: 978-2902-43-8.
  • T. Arulogun, C. Meinel and J. Emuoyibofarhe. “IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System”. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS) Oct. 16 – 17, 2012. Volume 4, ISBN: 978-2902-43-8

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.