Towards the Security Analysis of the Five Most Prominent IPv4aaS Technologies

Ameen Al-Azzawi

doi:10.14513/actatechjaur.v13.n2.530

Authors

Ameen Al-Azzawi Department of Networked Systems and Services, Budapest University of Technology and Economics, Magyar tudósok körútja 2, H-1117 Budapest, Hungary

DOI:

https://doi.org/10.14513/actatechjaur.v13.n2.530

Keywords:

IPv6 transition technologies, DNS64, NAT64, security analysis, STRIDE, 464XLAT

Abstract

This paper surveys the five most important technologies for IPv4aaS (IPv4-as-a-Service), namely 464XLAT, DS-Lite (Dual-Stack Lite), lw4o6 (Lightweight 4over6), MAP-E and MAP-T. The aim of our effort is to identify the potential security issues within these technologies. We plan to perform their security analysis following the STRIDE approach, which stands for spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege. We give a short introduction for the method. Within the five IPv4aaS technologies, we focus on 464XLAT, its architecture and operation. We construct a DFD diagram suitable for its security analysis according to the STRIDE methodology, thus making the first steps towards finding its potential vulnerabilities and seeking for their mitigations.

Downloads

Download data is not yet available.

References

A. Al-Azzawi, Plans for the security analysis of IPv4aaS technologies, 14th International Symposium on Applied Informatics and Related Areas, University of Óbuda, Székesfehérvár, Hungary (2019) pp. 101–105.

G. Huston, The changing foundation of the internet: Confronting ipv4 address exhaustion, The Internet Protocol Journal 11 (3) (2008) pp. 19–36.

S. Deering, R. Hinden, Internet protocol, version 6 (IPv6) specification, IETF RFC 2460 (1998). doi: https://doi.org/10.17487/RFC2460

M. Nikkhah, R. Guerin, Migrating the Internet to IPv6: An exploration of the when and why, IEEE/ACM Transactions on Networking 24 (4), (2016) pp. 2291-2304. doi: https://doi.org/10.1109/TNET.2015.2453338

G. Lencse, Y. Kadobayashi, Methodology for the identification of potential security issues of different IPv6 transition technologies: Threat analysis of DNS64 and stateful NAT64, Computers & Security 77 (1) (2018) pp. 397-411. doi: https://doi.org/10.1016/j.cose.2018.04.012

A. Shostack, Threat Modeling: Designing for Security, 1st Edition, Wiley, Indaiana, 2014.

G. Lencse, Y. Kadobayashi, Comprehensive survey of IPv6 transition technologies: A subjective classification for security analysis, IEICE Transactions on Communications E102-B (10) (2019) pp. 2021–2035. doi: https://doi.org/10.1587/transcom.2018EBR0002

M. Georgescu, L. Pislaru and G. Lencse, Benchmarking methodology for IPv6 transition technologies, IETF RFC 8219 (2017). doi: https://doi.org/10.17487/RFC8219

E. Nordmark, R. Gilligan, Basic transition mechanisms for IPv6 hosts and routers, IETF RFC 4213 (2005) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc4213

D. Schinazi, P. Pauly, Happy eyeballs version 2: Better connectivity using concurrency, IETF RFC 8305 (2017) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc8305

S. Classroom, IPv4 to IPv6 transition – dual stack [cited 2019-11-15]. URL https://www.youtube.com/watch?v=s0TNGC9GP48

G. Lencse, A. G. Soós, Design of a tiny multi-threaded dns64 server, 38th International Conference on Telecommunications and Signal Processing, Prague (2015) pp. 27–32. doi: https://doi.org/10.1109/TSP.2015.7296218

S. Répás, T. Hajas, G. Lencse, Application compatibility of the NAT64 IPv6 transition technology, 37th International Conference on Telecommunications and Signal Processing, Berlin (2014) pp. 49-55. doi: https://doi.org/10.1109/TSP.2015.7296383

G. Lencse, J. Palet Martinez, L. Howard, R. Patterson, I. Farrer, Pros and cons of IPv6 transition technologies for IPv4aaS, active Internet Draft, 2020. [cited 2019-11-15] URL https://tools.ietf.org/id/draft-lmhp-v6ops-transition-comparison-02.html

T. Anderson, SIIT-DC: Stateless IP/ICMP translation for IPv6 data center environments, IETF RFC 7755 (2016) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc7755

M. Mawatari, M. Kawashima, C. Byrne, 464XLAT: Combination of stateful and stateless translation, IETF RFC 6877 (2013) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc6877

X. Li, C. Bao,W. Dec (ed), O. Troan, S.Matsushima, T.Murakami, Mapping of address and port using translation (MAP-T), IETF RFC 7599 (2015) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc7599

A. Conta, S. Deering, Generic packet tunneling in IPv6 specification, IETF RFC 2473 (1998) [cited 2019-11-15]. URL https://tools.ietf.org/html/rfc2473

O. D’yab, An overview of the most important implementations of IPv4aaS technologies, 14th International Symposium on Applied Informatics and Related Areas, University of Óbuda, Székesfehérvár, Hungary (2019) pp. 143-146.