Denial-of-service, address ownership, and early authentication in the IPv6 world

Pekka Nikander*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

12 Citations (Scopus)

Abstract

In the IPv6 world, the IP protocol itself, i.e., IPv6, is used for a number of functions that currently fall beyond the scope of the IPv4 protocol. These functions include address configuration, neighbour detection, router discovery, and others. It is either suggested to or required that IPsec is used to secure these functions. Furthermore, IPsec is used to protect a number of functions that are considered dangerous in the IPv4 world, including mobility management and source routing. Now, the currently prominent method for creating IPsec Security Associations, the Internet Key Exchange (IKE) protocol, is both relatively heavy and requires that the underlying IP stacks are already fully functional, at least to the point that UDP may be used. As a result, the combination of the widened responsibility of IPsec and the relative heavy weight of IKE creates a vicious cycle that is a potential source of various denial-of-service attacks. Additionally, if we want to use IPsec to secure IPv6 autoconfiguration, a chicken-and-egg problem is created: fully configured IPsec is needed to configure IP, and fully configured IP is needed to configure IPsec. In this paper, we describe these problems in detail.

Original languageEnglish
Title of host publicationSecurity Protocols - 9th International Workshop, Revised Papers
PublisherSpringer Verlag
Pages12-21
Number of pages10
ISBN (Print)3540442634, 9783540442639
DOIs
Publication statusPublished - 1 Jan 2002
MoE publication typeA4 Article in a conference publication
EventInternational Workshop on Security Protocols - Cambridge, United Kingdom
Duration: 25 Apr 200127 Apr 2001
Conference number: 9

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2467
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Workshop

WorkshopInternational Workshop on Security Protocols
Country/TerritoryUnited Kingdom
CityCambridge
Period25/04/200127/04/2001

Fingerprint

Dive into the research topics of 'Denial-of-service, address ownership, and early authentication in the IPv6 world'. Together they form a unique fingerprint.

Cite this