IPv6 Security Attacks and Countermeasures in a Nutshell

Mar 30, 2015 · 3 min read · IPv6 insecurities ·

IPv6 Security Attacks and Countermeasures in a Nutshell

Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and Edgar Weippl

published in Magdeburger Journal zur Sicherheitsforschung (2015, #9, p. 514-529)

Info

The history of computers is full of underestimation: 640 kilobyte, 2-digit years, and 32-bit Internet addresses. IPv6 was invented to overcome the latter as well as to revise other drawbacks and security vulnerabilities of its predecessor IPv4. Initially considered the savior in terms of security because of its mandatory IPsec support, it turned out not to be the panacea it was thought to be. Outsourcing security to IPsec but eventually removing it as well as other design decisions led to a number of vulnerabilities. They range from the already known spoofing of answers to link-layer address requests to novel possibilities regarding node tracking. In an effort to fix them, a vast amount of updates have been introduced. In this paper, we discuss security and privacy vulnerabilities with regard to IPv6 and their current counter-measures. In a second step, vulnerabilities and countermeasures are systematized by the appliance of an extendible common language for computer security incidents. Our evaluation shows that a large part of vulnerabilities can be mitigated but several security challenges remain. We deduce three main research challenges for IPv6 security, namely address assignment and structure, securing local network discovery, and address selection for reconnaissance. This is a reprint of the authors’ article published in the 8th USENIX Workshop on Offensive Technologies (WOOT), 2014. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer

Downloads

Download: https://d-nb.info/1074038347/34
Mirror at Codeberg: https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS_035_Ullrich_IPv6.pdf

BibTeX-Entry für mjs:Ullrich:IPv6

 1@article{mjs:Ullrich:IPv6,
 2  author = {Johanna Ullrich and Katharina Krombholz and Heidelinde Hobel and Adrian Dabrowski and Edgar Weippl},
 3  title = {IPv6 Security},
 4  subtitle = {Attacks and Countermeasures in a Nutshell},
 5  pages = {514-529},
 6  year = {2015},
 7  journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
 8  issn = {2192-4260},
 9  url = {https://d-nb.info/1074038347/34},
10  codeberg = {https://codeberg.org/0xKaishakunin/Publikationen/src/branch/main/MagdeburgerJournalSicherheitsforschung/MJS_035_Ullrich_IPv6.pdf},
11  issue = {1},
12  volume = {9},
13  urldate = {2015-03-30},
14  keywords = {mjsarticle,ds15,IPv6,insecurities},
15  abstract = {The history of computers is full of underestimation: 640 kilobyte, 2-digit years, and 32-bit Internet addresses. IPv6 was invented to overcome the latter as well as to revise other drawbacks and security vulnerabilities of its predecessor IPv4. Initially considered the savior in terms of security because of its mandatory IPsec support, it turned out not to be the panacea it was thought to be. Outsourcing security to IPsec but eventually removing it as well as other design decisions led to a number of vulnerabilities. They range from the already known spoofing of answers to link-layer address requests to novel possibilities regarding node tracking. In an effort to fix them, a vast amount of updates have been introduced. In this paper, we discuss security and privacy vulnerabilities with regard to IPv6 and their current counter-measures. In a second step, vulnerabilities and countermeasures are systematized by the appliance of an extendible common language for computer security incidents. Our evaluation shows that a large part of vulnerabilities can be mitigated but several security challenges remain. We deduce three main research challenges for IPv6 security, namely address assignment and structure, securing local network discovery, and address selection for reconnaissance. This is a reprint of the authors’ article published in the 8th USENIX Workshop on Offensive Technologies (WOOT), 2014. This article appears in the special edition „In Depth Security – Proceedings of the DeepSec Conferences“. Edited by Stefan Schumacher and René Pfeiffer},
16}

AsciiDoc citation commands

1. citenp:[mjs:Ullrich:IPv6]
2. cite:[mjs:Ullrich:IPv6]
3. bibitem[mjs:Ullrich:IPv6]

LaTeX citation commands

1. \textcite{mjs:Ullrich:IPv6}
2. \parencite{mjs:Ullrich:IPv6}
3. \cite{mjs:Ullrich:IPv6}

generated at Mon May 12 10:48:34 2025