Copyright
-
World
Automation
Congress
(WAC)
2006,
July
24-26,
Budapest,
Hungary
IPv6
SECURITY
THREATS
AND
POSSIBLE
SOLUTIONS
DRAGO
ZAGAR,
FACULTY
OF
ELECTRICAL
ENGINEERING,
UNIVERSITY
OF
OSIJEK,
CROATIA
drai!o.zagar(&)etfos.hr
KRESIMIR
GRGIC,
FACULTY
OF
ELECTRICAL
ENGINEERING,
UNIVERSITY
OF
OSIJEK,
CROATIA
kresimir.2r2ic(&)etfos.hr
ABSTRACT
In
comparison
to
IPv4,
IPv6
provides
many
improvements
considering
simplicity,
routing
speed,
quality
of
service
and
security.
IPv6
brings
significant
improvements
in
mechanisms
for
assuring
a
higher
level
of
security
and
confidentiality
of
the
transmitted
information.
Nevertheless,
it
is
still
necessary
to
take
care
of
network
security.
This
paper
analyzes
how
actual
security
threats
and
different
types
of
attacks
affect
IPv6
networks.
IPv6
specific
security
issues
and
issues
due
to
different transition
mechanisms
are
also
analyzed.
Certain
security
tests
have
been
done
and
their
comments
have
been
given.
Finally,
some
possible
solutions
for
a
number
of
security
threats
in
IPv6
networks
have
been
given.
KEYWORDS:
IPv6,
Network
security,
Firewall,
Intrusion
detection
1.
INTRODUCTION
It
could
be
expected
that
a
new
version
of
the
Internet
protocol,
IPv6,
will
replace
an
old
IPv4
during
the
next
few
years.
IPv6
brings
many
new
features,
possibilities
and
improvements,
especially
considering
simplicity,
routing
speed,
quality
of
service
and
security
[1].
Although
IPv6
security
mechanisms
are
much
improved
comparing
to
IPv4,
their
evasion
and
misuse
is
unfortunately
still
possible.
Considering
security
issues,
especially
problematic
is
the
transition
period
of
coexistence
of
both
IPv4
and
IPv6.
It
is
because
transition
mechanisms
provide
new,
previously
unknown,
possibilities
of
intrusion
and
misuse
of
computer
systems.
Security
threats
due
to
transition
mechanisms
should
be
seriously
taken
into
consideration,
because
it
is
expected
that
IPv4
to
IPv6
transition
will
not
be
quick
(it
could
last
for
years).
Presence
of
the
IPv6
protocol
brings
new
demands
for
typical
network
protecting
mechanisms
such
as
firewalls
and
intrusion
detection
systems
that
need
to
be
upgraded
to
support
IPv6
correctly.
Some
security
threats
against
IPv4
networks
might
also
affect
an
IPv6
network.
Fortunately,
IPv6
is
more
resistant
to
some
threats
than
IPv4.
But,
there
are
some
new
threats
specific
to
IPv6.
IPv6
security
issues
can
be
observed
from
different
standpoints:
issues
due
to
the
IPv6
protocol
and
its
deployment
and
issues
due
to
transition
mechanisms.
2.
SECURITY
THREATS
SIMILAR
IN
IPv4
AND
IPv6
NETWORKS
Some
types
of
attacks
have
not
fundamentally
changed
by
appearance
of
the
IPv6
protocol.
A
typical
example
is
a
sniffing
attack.
The
sniffing
attack
refers
to
an
attack
that
involves
capturing
data
being
transmitted
through
the
network.
The
sniffing
attack
can
easily
compromise
confidential
data
if
they
are
transmitted
in
a
plaintext
protocol.
Sniffing
attacks
can
be
avoided
by
a
proper
use
of
security
architecture,
which
is
used
in
IPv4
as
an
option
and
in
IPv6
as
an
obligation.
Authorized licensed use limited to: Wuhan University. Downloaded on March 15,2010 at 09:46:31 EDT from IEEE Xplore. Restrictions apply.