IPv6 is the next generation Internet protocol that is aimed atreplacing the current IPv4 implementation that exists in TCP/IP based networks and the Internet. IPv6 offers a larger address space than that of IPv4, mechanisms for stateless auto configuration, fixed header size and support for quality of service among many other features.
Although IPv6 adoption has been slow, countries in Asia and Europe have already taken several steps towards its deployment. In the US, the Department of Defense and Office of Management and Budget have taken the lead on IPv6 adoption. In the 3rd generation mobile communication systems, IPv6 has been incorporated as one of the protocols of choice for carrying the data of several mobile network functions
Researchers in this area investigate the inner-workings of the IPv6 protocol with a focus on its security vulnerabilities. IPv6 is the updated version of one of the main protocols that makes the internet work. They have configured a small IPv6 network in which they perform several security attacks in order to characterize their impact on a network and their possible countermeasures. The study of similar issues on Mobile IPv6 networks is under way this semester. This work will also result in the creation of demos and lab exercises about the IPv6 protocol.
Vulnerabilities in IPv6
Sniffing and reconnaissance attacks such as port scanning are still possible in IPv6. However, the large address space of IPv6 makes ping sweep and port scan more difficult to complete.
The auto-configuration capabilities that are built into IPv6 open the door for several security attacks such as Denial of Service (DoS) and Man-in-the-middle.
Routers use the Neighbor Discovery (ND) protocol to discover each other’s presence, determine their link layer addresses and prefix information.
Man in the middle attack: Lack of proper authentication mechanism in IPv6 allows the attacker to intercept and relay messages of legitimate users.
Mobile IPv6 has been designed to enable mobile devices to migrate seamlessly between networks whilst keeping the same IPv6 address, regardless of the local subnet addressing scheme.