Testbed for the Security Analysis of the 464XLAT IPv6 Transition Technology in a Virtual Environment

Al-Azzawi, Ameen; Lencse, Gábor

doi:10.1109/tsp52935.2021.9522598

Cited by 2 publications

(5 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The first step in applying the STRIDE method is to build the DFD of the examined system and specify the potential attacking points at each element. Therefore, the DFD for DS-Lite was built as shown in Figure 5, which shows the spots (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11). The security analysis is divided into several groups such as the traffic between the client and B4, then between B4 and the AFTR, etc.…”

Section: Applying Stride To Ds-litementioning

confidence: 99%

“…In [6], a security analysis for 464XLAT using the STRIDE method was presented, which highlighted the vulnerabilities and potential security threats of the technology. In [7], a testbed of 464XLAT was built using Debian-based virtual machines to evaluate the performance of the PLAT under a DoS (Denial of Service) attack, specifically testing the CPU performance and the pool of source port numbers. In a subsequent paper [8], the previous work was extended using a more powerful computer, allowing for an increase in the number of attacking clients (virtual machines) from 1 to 8.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

Al-Azzawi

Lencse

2023

Electronics

Self Cite

View full text Add to dashboard Cite

This paper focuses on one of the most prominent IPv6 transition technologies named DS-Lite (Dual-Stack Lite). The aim was to analyze the security threats to which this technology might be vulnerable. The analysis is based on the STRIDE method, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege. A testbed was built for the DS-Lite topology using several virtual machines, which were created using CentOS Linux images. The testbed was used to perform several types of attacks against the infrastructure of DS-Lite, especially against the B4 (Basic Bridging Broadband) and the AFTR (Address Family Transition Router) elements, where it was shown that the pool of source ports can be exhausted in 14 s. Eventually, the most common attacks that DS-Lite is susceptible to were summarized, and methods for mitigating such attacks were proposed.

show abstract

Section: Applying Stride To Ds-litementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

Al-Azzawi

Lencse

2023

Electronics

Self Cite

View full text Add to dashboard Cite

show abstract

“…Therefore, we built the DFD for DS-Lite in Fig. 5, where it shows the spots (1)(2)(3)(4)(5)(6)(7)(8)(9)(10)(11). The security analysis will be divided into several groups such as the tra c between the client and B4, then between B4 and the AFTR, etc.…”

Section: Applying Stride On Ds-litementioning

confidence: 99%

“…In [6], we presented the DFD (Data Flow Diagram) of 464XLAT and the security analysis of it by applying STRIDE method, where we showed the vulnerabilities and the potential security threats of this technology. In our next paper [7], we took it one step further when we built a testbed of 464XLAT using Debian based virtual machines and tested the performance of the PLAT under DoS (Denial of Service) attack to test the CPU performance and the pool of the source port numbers. In the latest one [8], we extended the previous paper [7] using a more powerful computer.…”

Section: Introductionmentioning

confidence: 99%

“…In our next paper [7], we took it one step further when we built a testbed of 464XLAT using Debian based virtual machines and tested the performance of the PLAT under DoS (Denial of Service) attack to test the CPU performance and the pool of the source port numbers. In the latest one [8], we extended the previous paper [7] using a more powerful computer. Therefore, we were able to increase the number of attacking clients (virtual machines) from 1 to 8 clients and test the AFTR performance after attacking it using hping3 command.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

Al-Azzawi

Lencse

2022

Preprint

Self Cite

View full text Add to dashboard Cite

This paper focuses on one of the most prominent IPv6 transition technologies named DS-Lite (Dual Stack Lite). The aim is to analyze the security threats that this technology might be vulnerable to. The analysis is based on the STRIDE method that stands for Spoofing, Tampering, Repudiation, Information disclosure and Elevation of privilege. Using the DFD (Data Flow Diagram) of a DS-Lite system, we summarized the potential security vulnerabilities and potential attack points within this infrastructure. We have also built a testbed for DS-Lite topology using several virtual machines, which were created using CentOS Linux images. We used our testbed to perform MitM (Man in the Middle) attack and other type of attacks against the B4 (border gateway) and the AFTR (Address Family Transition Router) and then to monitor their performance and the number of packets being translated under attack by different number of clients using several attacking toolkits.

show abstract

Testbed for the Security Analysis of the 464XLAT IPv6 Transition Technology in a Virtual Environment

Cited by 2 publications

References 7 publications

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

The Possible Security Issues of the DS-Lite IPv6 Transition Technology

Contact Info

Product

Resources

About