1. UKM Learning and Research Repository
2. Master Thesis / Tesis Master
3. Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Title:	Avoiding spoofing threat in IPv6 tunnelling by enhancing IPsec transport mode
Authors:	Amjed Sid Ahmed Mohamed Sid Ahmed (P59647)
Supervisor:	Prof. Madya Dr. Rosilah Hassan
Keywords:	TCP/IP (Computer network protocol)
Issue Date:	5-May-2013
Description:	A considerable amount of time will be needed before each system in the Internet can convert from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6). Three strategies have been proposed by the Internet Engineer Task Force (IETF) to help the transition from IPv4 to IPv6 which are Dual Stack, Header Translation and Tunneling. Tunneling is used when two computers using IPv6 want to communicate with each other and the packet will travel through a region that uses IPv4. To pass through this region, IPv6 packet must be encapsulated in IPv4 datagram to have an IPv4 address in order to make it IPv4 routing compatible. Internet protocol security (IPsec) in transport mode carries the payload of the encapsulating packet as a plain data without any mean of protection. That is, two nodes using IPsec in transport mode to secure the tunnel can spoof the inner payload; the packet will be de-capsulated successfully and it will be accepted. The research intends to propose a new spoofing defense mechanism based on IPsec’s protocol encapsulated security payload (ESP). ESP’s padding area had been used to write the source address of the encapsulated packet. Simulation is conducted based on three scenarios, the first one represents the real implementation of currently in use IPsec transport mode to secure IPv6 tunnel. While the second scenario represents the first case implementation of our proposed defense mechanism, in which packets sent and received are clean packets. Finally the third scenario represents the second case implementation of our proposed defense mechanism, in which packets sent and received are spoofed packets. As a results the first scenario showed that all the sent packets have been received successfuly regardless of the IPv6 source address of the encapsulated packet, in other words there is no means of authentication for the source address of the payload. The results of the second scenario showed that all packets which have IPv6 source address of the encapsulated packet match the IPv6 source address in padding area were successfully delivered, meaning that all the clean packets were received successfuly. On the other hand, the results of the third scenario showed that all packets which have mismatch between IPv6 source address of encapsulated packet and IPv6 source address in the padding area were dropped, in other words all spoofed packets are not received. Comparing the results of the first and third scenarios, we found that Enhancing ESP protocol to secure IPv6 over IPv4 tunnel managed to eliminate spoofing threat. The simulation results showed that the proposed mechanism is working well where none of the spoofed packets were delivered to it’s destination.,Banyak masa diperlukan sebelum setiap sistem di Internet boleh beralih daripada protokol IPv4 kepada protokol IPv6. Tiga strategi telah dicadangkan oleh Pasukan Petugas Jurutera Internet (IETF) untuk membantu peralihan daripada IPv4 kepada IPv6 iaitu Dwitindanan, Terjemahan Pengepala dan Penerowongan. Penerowongan digunakan apabila dua komputer yang menggunakan IPv6 berkomunikasi satu sama lain dan paket akan melalui rangkaian IPv4. Untuk melalui kawasan rangkaian IPv4 ini, paket IPv6 itu mesti dikurung dalam datagram IPv4 supaya mempunyai alamat IPv4 untuk membolehkannya serasi dengan penghalaan IPv4. Protokol keselamatan Internet (IPSec) dalam mod pengangkutan membawa muatan paket terkurung sebagai data biasa tanpa sebarang perlindungan. Dua nod yang menggunakan IPSec dalam mod pengangkutan untuk menjamin keselamatan terowong boleh menipu muatan dalaman; kemudian paket akan dikeluarkan dari kurungan dengan jaya dan diterima. Kajian ini mencadangkan mekanisme pertahanan penipuan baru berdasarkan protokol IPSec mengurung muatan keselamatan (ESP). Ruang Padding ESP digunakan untuk menuliskan alamat sumber paket yang dikurung. Simulasi dijalankan berdasarkan tiga senario, yang pertama mewakili pelaksanaan sebenar pada masa ini dalam penggunaan mod pengangkutan IPSec untuk menjamin terowong IPv6. Walaupun senario kedua mewakili pelaksanaan kes pertama mekanisme pertahanan yang dicadangkan, di mana paket yang dihantar dan diterima adalah paket bersih. Akhirnya senario ketiga mewakili pelaksanaan kes kedua daripada mekanisme pertahanan yang dicadangkan, di mana paket yang dihantar dan diterima adalah paket penyamaran. Sebagai hasil senario pertama menunjukkan bahawa semua paket dihantar telah diterima dengan jayanya tanpa mengira alamat sumber IPv6 paket terkandung, dalam erti kata lain tanpa sebarang makna pengesahan untuk alamat sumber muatan itu. Keputusan senario kedua menunjukkan bahawa semua paket yang mempunyai alamat sumber IPv6 paket terkandung sepadan dengan alamat sumber IPv6 di kawasan Padding telah berjaya dihantar, dalam erti kata lain semua paket bersih diterima dengan jayanya. Sebaliknya, keputusan senario ketiga menunjukkan bahawa semua paket yang mempunyai alamat tidak sepadan antara sumber IPv6 paket terkandung dan alamat sumber IPv6 di kawasan Padding digugurkan, dalam erti kata lain semua paket penyamaran tidak diterima. Perbandingan keputusan senario yang pertama dan ketiga mendapati bahawa meningkatkan ESP protokol untuk mendapatkan lebih IPv4 IPv6 terowong telah sepenuhnya menghapuskan ancaman menipu sepenuhnya. Keputusan simulasi menunjukkan bahawa mekanisme yang dicadangkan adalah bekerja dengan baik dimana tiada daripada paket penyamaran telah dihantar kepada destinasinya.,Master/Sarjana
Pages:	104
Call Number:	TK5105.585.S566 2013 3 tesis
Publisher:	UKM, Bangi
URI:	https://ptsldigital.ukm.my/jspui/handle/123456789/476375
Appears in Collections:	Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.