8/14/2019 A Study on IPv6 in IPv4 Static

1/5

8/14/2019 A Study on IPv6 in IPv4 Static

2/5

encapsulated inside the packet of protocolarchitecture,thus enabling the original data to be carried

over the second protocol.This mechanism can be used

when two nodes that use same protocol wants to

communicate over a network that uses another network

protocol.The tunneling process involves threesteps:encapsulation,decapsulation,and tunnel

management.It also requires two tunnel end-points,which

in general case are dual-stack IPv4/IPv6 nodes,to handlethe encapsulation and decapsulation.Tunneling is one of

the key deployment strategies for both service providersand enterprises during the period of IPv4 and IPv6

coexistence.

Tunneling allows service providers to offer an end-to-end

IPv6 service without major upgrades to the infrastructure

and without impacting current IPv4 services.Tunneling

allows enterprises to interconnect isolated IPv6 domains

over their existing IPv4 infrastructures,or to connect to

remote IPv6 networks such as the 6bone.The IETF has

made a great contribution on this topic.

(2)Research on analyzing the typical tunnelingscenarios and how to provide relevant tunneling

schemes:As there are a variety of different scenarios

during IPv6 tunneling the typical scenarios need to be

emphasized about IPv6 deployment and applying suitable

transition mechanisms.

This paper presents a comprehensive explanation about the

current status of research on IPv6 in IPv4 Static Tunneling

mechanisms with Automatic 6 to 4 Tunneling.This paper isorganized as follows:We briefly described Introduction to

tunnels in 4G networks,Preliminary Definitions of

Tunneling Techniques,General Working procedure for the

operation of Tunnels,Research on IPv6 tunneling issues in

Section 2.We described,4G and IPv6 networks,desirable

characteristics of 4G networks,the characteristics of IPv6

4G,Initiatives on the 4G in section 3.Basic IPv6 Tunneling

Mechanisms,Role of IPv6 tunnels in 4G,Types of tunnelingin 4G networks,representation of IPv6 Tunneling types in

4G Networks with Class-Diagrams and Instance Diagrams

and a Static tunneling in 4G networks,limitations of IPv6

static tunneling.in section 4.The prototype,threat analysis

due to transition mechanism,IPv6 tunneling,IPv6

threats,Security issues in IPv6 tunneling has explained in

section 5,The future innovative challenges of IPv6 threats

has covered in section 6.Finally we concluded the whole

paper in section 7.

I. IPv6 Tunneling Methods in 4G networks.This section presents a number of tunneling techniques we

have studied and analyzed to tackle the tunneling

mechanisms/strategies.Depending on their objective tunneling

types are broadly divided into different types depending upon

the IPv6 specifications.The IPv6 specification defines several

types of IPv6-in-IPv4 tunnels,including Manually configured

tunneling,Automatic tunneling,Generic routing encapsulation(GRE), Semiautomatic tunneling mechanisms such as tunnel

brokers,6-to-4[12],ISATAP[13]and Teredo[14].IPv6 alsosupports for GRE tunnels over IPv4,our results suggest that

tunnels are very common in the todays internet and the

transition to IPv6 occurs smoothly and slowly.So tunnels to

continue to play an important role in IPv6 networks,as IPv4

network infrastructure will remain widely deployed for many

years.

a.Types of Tunneling in 4G Networks.

Tunneling techniques are broadly divided into two types,firstone is an automatic tunneling and second one is configuration

tunneling.The tunneling technique we can use the compatible

addresses discussed as shown in the below figure-6.A

compatible address is an address of 96 bits of zero followed by

32 bits of IPv4 address.It is used when a computer using IPv6

wants to send a message to another computer using

IPv6.However suppose the packet passes through a region

where the networks are still using IPv4.The sender must use

the IPv4-compatible address to facilitate the passage of the

packet through the IPv4 region.For example the IPv4 address

2.13.17.14 becomes 0::020D:110E.The IPv4 is pre pended

with 96 zeros to create a 128bit address(See figure-3)[10].

Fig3.The IPv6 Compatible Address.

b.Representation of IPv6 Tunneling types in 4G Networks

with Class-Diagrams and Instance Diagrams.

Fig 4.The Tunneling types with Class-Diagram.

As we know that tunneling types are broadly divided intoAutomatic,Manually configured tunneling,GRE

tunneling,Tunnel brokers etc.In Fig.4.we have represented the

tunneling types by using Class-Diagrams.A Class digram is a

type of Object diagram.A Class diagram is a

Schema,pattern,or template for describing many possible

instances of data.A Class diagram describes Classes[16].AClass diagram represents either bidirectional or ternary

relationship.In Fig.4.a Class Diagram may be traversed either

from Left to Right or from Right to Left.In the Fig.4.5+

represents the value of multiplicity(Multiplicity specifies how

many instances of one class may relate to a single instance of

an associated class.Or Multiplicity constrains the number of

related objects.) i.e.IPv6 Tunneling has broadly divided intomore than 5 types.A Solid ball is the OMT symbol for manymeaning zero or more.A hollow ball indicates optional

meaning zero or more[16].has-divided represents the Binary

association between IPv6-Tunneling and Tunneling

type.Instance Diagram is also another type of Object diagram

which represents objects or instances.The Fig.5.specifies an

Instance diagram for Tunneling types[16][17][18].The lines

between the objects or instances represents the links[16][17].

8/14/2019 A Study on IPv6 in IPv4 Static

3/5

Fig.5.The Tunneling types with Instance-Diagram.

d. Static Tunneling in 4G Networks.

Static tunneling is also called as Configured tunneling.Static

tunneling can be used to link isolated islands of IPv6, in which

the network domains are well known and unlikely to change

without notice.A static configured tunneling is equal to a

permanent link of two IPv6 domains with the permanent

connectivity provided over an IPv4 backbone.Static tunneling

assigned IPv4 addresses are manually configured to the tunnel

source and the tunnel destination.The identification of which

packets has to send through a tunnel via a routing table in the

tunnel end points,the table direct packets based on their

destination address using prefix mask and match technique.In

a static tunneling the host or router at each end of a static

configured tunnel must support both IPv4 and IPv6 protocol

stacks.The static tunneling in 4G networks was mostpreferred when the necessary of a few tunnels to forward a

packets from source host to the destination host via tunnel end

points.The below figure-6.shows the IPv6 static tunneling in

4G networks.The requirements of IPv6 Static tunneling are

R1,R2 are dual stack.R1 has a reachable address from R2 and

vice versa.In IPv6 static tunneling static configuration is

possible on both the ends.The IPv6 static tunneling has

dependency on the 4 pararmeters like IPv6,IPv4,R1,R2.

Fig.6.IPv6 Static tunneling in 4G networks.The below Table-1 shows the configuration of IPv6 Static tunneling in 4G

networks.

Configuration Parameter Router R2 Router R1

IPv6 Source address 3ffe:b00:1:1::

1

3ffe:b00:1:1::2

IPV6 Destination

address

3ffe:b00:1:1::

2

3ffe:b00:1:1:1

IPv4 Source address 192.0.2.1 192.0.3.1

IPv4 Destination address 192.0.3.1 192.0.2.1

4.4.1.Limitations of IPv6 static tunneling.

Manual configuration is not manageable,ifthe number of tunnels are increasing.

If the IP addresses change,then changes in

manual configuration is also possible.

IP protocol 41 might be filtered in the path.

Does not traverse NAT.

IV.Related Work.

a.Threat Analysis due to Transition Mechanisms.

Threat modeling (or analysis) is essential in order to help us todevelop a security model than can focus or protecting against

certain threats and manage the related assumptions. One

methodology to discover and list all possible security attacks

against a system is known as attack trees.To create an attack

tree we represent attacks against a system in a tree structure,

the attack goals as root nodes and the different sub goals

necessary to achieve them as their leaf nodes.Figure-7

represents the general threat categories we have identifiedagainst network convergence architectures namely attack on

the network processes are responsible for IPv6 transition,Dualstack,Automatic tunneling and Configuration tunneling

threats.Dual Stack threats are totally different from the IPv6

Tunneling techniques like an automatic tunneling and

Configuration tunneling,manually configured tunneling,Static

tunneling etc.As we have discussed there are large number of

transition mechanisms to deploy IPv6 but broadly be

categorized into,Dual Stack,Tunneling(Automatic,Manual

Configuration),and Translation Header.The problems areidentified when IPv6 is tunneled over IPv4 encapsulated in

UDP as UDP is usually allowed to pass through NATS and

Firewalls [59].Consequently allowing an attacker to punchholes with in the security infrastructure.The First and Second

authors of this paper recommends that if the necessary security

measures cannot be taken ,tunneled traffic should be used with

caution if not completely blocked.To provide ingress and

egress filtering of known IPv6 tunneled traffic, perimeterfirewalls should block all inbound and outbound IPv4 protocol

41 traffic.For circumstances where Protocol 41 is not blocked

it can easily be detected and monitored by the open-source

IPv4 IDS Snort.During the development of the IP6-to-IPv4

threat model we have identified that several attacks lead to

other attacks which we have previously included and

analyzed.These are represented in the tree as identical nodes in

different locations.

b. IPv6-Tunneling-IPv6 Threats.

In Tunneling based methods,when a tunnel end point receives

an encapsulated data packet,it decapsulates the packet and

sends it to the other local forwarding scheme.The security

threats in tunneling mechanisms,take IPv6 over IPv4 tunnel

are mostly caused by the spoofed encapsulated packet sent by

the attackers in an IPv4 networks.(Refer-Fig.7).As shown in

Fig.7.the target of attacks can be either a normal IPv6 node, or

the tunnel end point.

Fig.9.Spoofing in an IPv4 with 6 to 4.

Fig.7.Security issues of various tunneling types.

c.The Security issues in IPv6 tunneling are as follows.

1. The hard to trace back :

8/14/2019 A Study on IPv6 in IPv4 Static

4/5

Case-1:IPv4 networking node can make an attack on IPv6

node(network):The attackers(hackers) in IPv4 networks can

make an attack on the IPv6 nodes through the 6to4

router(tunnel)end point by forwarding a spoofed encapsulated

messages(Packets).Therefore here in this situation it is very

difficult to trace back.

Case-2:IPv6 networking node can make an attack on IPv6

network (node):In this type the hacker in IPv6 networks can

make an attack on the IPv6 network through 6-to4 relay endpoint and 6-to4 router by sending a spoofed encapsulated

packets.In this case also its very difficult to trace back.(ReferFig-7)

2.Potential reflect- DoS attack on Destination Host

(Refer-Fig-7):The hackers in the IPv4 networks can make a

reflectDoS attack to a normal IPv6 network (node) through

the 6-to-4 router (tunnel) end point by sending the

encapsulated packets with the spoofed IPv6 source address as

the specific IPv6 node.

3.Cheat by a Hacker with the IPv6 Neighbor Discovery

(ND) message:Whenever IPv4 network is treated as the link

layer in tunneling technology,the hackers in the IPv4 networks

can cheat and DoS attack the tunnel end point by sendingencapsulated IPv6 neighbor discovery (ND)messages with aspoofed IPv6 link local address.The automatic tunneling

techniques like 6-to 4 and Teredo get the information ofremote tunnel end point from the certain IPv6 packets.

Distributed Reflection DoS:This type of attack can be

performed if the very large number of nodes whenever

involved in the sending spoofed traffic with same source IPv6

addresses.

1. If the Destination host generates replies by using TCPSYN ACK,TCP RST,ICMPv6 Echo reply,ICMPv6

Destination unreachable etc):In this case of attack the

victim host is used as a reflector for attacking another

victim connected to the network by using a spoofed

source(Refer Fig-7).

2.Spoofing in IPv4 with 6 to 4:In this type of attack 6 to 4

tunneling spoofed traffic can be injected from IPv4 intoIPv6.The IPv4 spoofed address acts like an IPv4 source,6 to 4

relay any cast (192.88.99.1)acts like an IPv4 destination.The

2002::spoofed source address acts like an IPv4 destination.

[Refer-Fig-9]

7.Theft of Service:During the IPv6 transition period, many

sites will use IPv6 tunnels over IPv4 infrastructure. Sometimes

we will use static or automatic tunnels.The 6 to 4 relay

administrators will often want to use some policy limit the use

of the relay to specific 6 to 4 sites or specific IPv6sites.However some users may be able to use the service

regardless of these controls by configuring the address of the

relay using its IPv4 address instead of 192.88.99.1 or using the

router header to route the IPv6 packets to reach specific 6 to 4

relays.

8.Attack with IPv4 broadcast address:In the 6 to 4

mechanisms,some packets with the destination addresses

spoofed and mapped to their broadcast addresses of the 6to4

or relay routers are sent to the target routers by the attackers inthe IPv6 network.In this case also 6 to 4 or relay routers are

attacked by the broadcast addresses.

The security issues in tunneling mechanisms can generally

limited by investigating the validness of the source/destination

address at each tunnel end point.Usually in tunneling

techniques it is easier to avoid ingress filtering

checks.Sometime it is possible to send packets having link-

local addresses and hop-limit=255,which can be used to attacksubnet hosts from the remote node,but it is very difficult to

deal with attacks with legal IP addresses now[26].Since thetunnel end points of configuration tunnels are fixed,so IPSec

can be used to avoid spoofed attacks[29].IPv6 Security issues

even though it has provided lot off features but its known that

automatic tunneling are dangerous as other end points are

unspecified because its very difficult to prevent automatic

tunneling mechanisms DoS/reflect-DoS attacks by the

attackers in IPv4 network.

V.Simulation and Results.

The following are the assumptions made in the ns-2 simulation

model.It consists of IPv6 automatic tunneling ,IPv6 manuallyconfigured tunneling,GRE tunneling,Tunnel broker etc.The

Graph shown In figure-10 is the combined graph of number ofthreats v/s tunneling types.we can observe that if we are using

static tunneling then number of threats were verysmall,otherwise if we are preferring Automatic tunneling or

manually configured tunneling then threats also increases.So

this paper shows how static tunneling is a best technique to

avoid threat issues.The Static tunneling reduces the number of

threats as compared to other IPv6 tunneling types etc.Hence

more number of threats to be avoided by using a static IPv6 to

IPv4 tunneling.The below figure-10 shows the graph of IPv6

threat v/s static tunneling in IPv6.

Fig.10.Threat V/s Tunneling types.

VI.The Current and future Innovative research

challenges of IPv6 threat issues for Researchers.

This paper has not considered the overall threat review of IPv6

for all the aspects like,IPv6 Static tunneling

mechanisms,which is a large and complex topic.To provide a

complete overview of IPv6 security this paper should be in

conjunction with the IPv6 to IPv4 threat review with IPv6

Static and Automatic tunneling considerations.The most

important area to move forward with in IPv6 security is theextension of current IPv6 Firewalls and Network tools to testthem(IPv6 packet constructors,IDSs and so on).This will

allow more users to adopt IPv6 without being paranoid about

their openness to attack.

Before formulating analysis,we have proposed(formulated)

several innovative research challenges.Presently there have

been plenty of studies done on the research about basic

security issues of IPv6, threat issues of IPv6,however there are

still so many problems not yet resolved yet,calling for great

8/14/2019 A Study on IPv6 in IPv4 Static

5/5

challenges ahead.The innovative research challenges of IPv6threat issues are as follows.

1.Notion of the system identification within an

organization:With the advent of privacy extensions and the

size of IPv6 ranges in use,identifying systems within an

organization and in particular identifying mis behaving.

2.Transition mechanisms from IPv4 to IPv6:The current

research on the basic transition mechanisms mostly focus on

the situation of IPv6 over IPv4.Due to advanced deploymentof IPv6,the IPv4 networks may also be separated by IPv6

ones.We are using only few kinds of method in this situationlike IPv4 configuration tunnel and DSTM,more research on

IPv4 over IPv6 transition methods is necessary.

3.Increased dependence on multicast addresses in IPv6 could

have some interesting implications with flooding attacks.For

example all routers and NTP servers have site specific

multicast addresses.Can we use site specific multicast

addresses to create an amplification attacks as similar as to the

smurf attacks in IPv4 4.We know that neighbor discovery is anew addition to the IPv6 to replace ARP and RARP of IPv4

and also it is an essential component of a well-run IPv6

network it should be tested from a security point like aneighbor-discovery cache fall victim to a resource starvation

attack in any of the currently deployed neighbor discovery

implementations.Can the CPU of a device be exhausted by

processing information of IPv6 neighbor discovery?

5.IPv6 is new and security information on the protocol is notwidespread,it is the opinion of all the authors that a large

number of dual stack hosts may be more exposed to attack

with IPv6 than in IPv4.6.With a new IPv6 header

configuration, new extension headers, and ICMP message

types there may be a several novel ways to deal with flooding

attacks.

7.Scenario Analysis:Typical Scenario analysis is still in

progress. Some of them are in draft mode, such as enterprisenetwork analysis along with this other possible scenarios

should also be analyzed to support for next coming future

wireless technologies.

Conclusion.

In this paper,we presented DTMIPv6 a Design tool for mobile

IPv6 to support IPv6 tunneling,IPv6 to IPv4 Static tunneling ,

Mobile IPv6 etc.Motion behind DTMIPv6 stems from the fact

that how mobility,tunneling, threats issues,as well as security

plays an important role in 4G networks.We demonstrated how

DTMIPv6 can address several issues for the future networking,research(innovation)and how it cope with complexity and

dynamic intrinsic to future environments.As for as we know

DTMIPv6 is also a system tool that offers mobility support

like other tools named such as proton for 4G mobile users.We

have also demonstrated concepts from IPv6 in IPv4 static

tunneling,threats issues,and its security issues to avoid threats

can be applied to the design of novel solutions that brings us

one more threat model and security model in open networking

challenges.This project consolidates the idea of building a

threat issues for IPv6 in IPv4 static tunneling.

References[1].Dr.Manjaiah.D.H.,Hanumanthappa.J,2009,:IPv6 and IPv4 Threat reviews

with Automatic Tunneling and Configuration Tunneling Considerations

Transitional Model:A Case Study for Universi ty of MysoreNetwork,International Journal of Computer Science and Information Security

(IJCSIS),Vol-3,Number-01,July-2009.

[2].Dr.Manjaiah.D.H.,Hanumanthappa.J,2008,:A Study on Comparison and

Contrast between IPv4 and IPv6 Feature sets.,Proceedings of

ICCNS08,2008,Pune.,pp.297-302.[3].Dr.Manjaiah.D.H.,Hanumanthappa.J.2008,:Transition of IPv4 Network

Applications to IPv6 Applications,Proceedings of ICETiC-09,2009,S.P.G.C.Nagar,VirudhaNagar-626001,TamilNadu,INDIA.,pp.35-40.

[4].Dr.Manjaiah.D.H.,Hanumanthappa.J.2009,:IPv6 over Bluetooth:Security

Aspects,Issues and its Challenges,Proceedings of NCWNT-09,2009,Nitte-574110,Karnataka,INDIA.,pp.18-22.

[5].Dr.Manjaiah.D.H.,Hanumanthappa.J.2009,:Economical and Technical costs

for the Transition of IPv4to-IPv6 Mechanisms[ETCTIPv4 to

ETCTIPv6],Proceedings of NCWNT-09,2009,Nitte-

574110,Karnataka,INDA.,pp.12-17.[6].Dr.Manjaiah.D.H.Hanumanthappa.J.2009,:An Overview of Study on

Smooth Porting process scenario during IPv6 Transition(TIPv6),Proceedings of

IEEE IACC-09,2009,Patiala,Punjab,INDIA-6-7,March-2009.,pp.2217-2222.

[7].Dr.Manjaiah.D.H.Hanumanthappa.J.2009,:IPv6 over IPv4 QoS metrics in

4GNetworks:Delay,Jitter,Packet Loss Performance,Throughput and TunnelDiscovery mechanisms.Proceedings of NCOWN-2009,RLJIT,Doddaballapur,

Bangalore,Karnataka,INDIA,August-21-22-pp.122-137.

[8].S.Deering and R.Hinden,:Internet Protocol Version 6(IPv6)Specification,RFC 2460,December 1998.

[9].S.Tanenbaum,Computer Networks,Third Edition,Prentice Hall

Inc.,1996,pp.686,413-436,437-449.

[10].Behrouz A.Forouzan,Third Edition,:TCP/IP Protocol Suite.

[11].Atul Kahate,Cryptography and Network Security,Tata McGraw-

Hill,2003,pp-8-10.

[12].R.Gilligan and E.Nordmark ,Transition mechanisms for IPv6 Hosts and

Routers,RFC 2893,Aug 2000.

[13].R.Woodburn and D.Miills,RFC1241:Scheme for an Internet

encapsulation protocol:Version 1,July 1991.

[14].R.Atkinson and S.Kent,Security architecture for the internet

protocol,RFC 2401,Nov.1998.

[15].D.Provan,RFC1234:Tunneling IPX traffic through IP networks,June

1991.

[16].Ali bahrami,Object Oriented systems development using UML,Mc-Graw-Hill Intl editions,1999.

[17].James Rumbaugh,Michael Blaha,William Premeralini,Object-Oriented

Modeling and Design,PHI,2001.

[18].Grady Booch,:Object oriented Design.

M r.Hanumanthappa.J. is Lecturer at the DoS inCS,University of Mysore,Manasagangothri,Mysore-06

and current ly pursuing Ph.D in Computer Science and

Engineering, from Mangalore University under the supervision of

Dr.Manjaiah.D.H on entitled Design and Implementation of IPv4to- IPv6 Transition

Scenarios for 4G-Networks.

Dr. Manjaiah.D.H is currently Reader and Chairman, Department

of Computer Science Mangalore University, Mangalore. He received

PhD degree from University of Mangalore, M.Tech. From NITK, Surathkal and B.E.,

from Mysore University. Dr.Manjaiah D.H has an extensive academic, Industry and

Research experience. He has worked at many technical bodies like IAENG, WASET,

ISOC, CSI, ISTE, and ACS. He has authored more than - 45 research papers in

international conferences and reputed journals. He is the recipient of the several talks for

his area of interest in many public occasions and International and National conferences.

He is an expert committee member of an AICTE and various technical bodies. Dr

.Manjaiah. D.Hs areas interest are Computer Networking & Sensor Networks, Mobile

Communication, Operations Research, E-commerce, Internet Technology and Web

Programming.