BITS Faculty Publications

Permanent URI for this communityhttp://localhost:4000/handle/123456789/1867

Browse

Filters

2013 - 20187

Settings

Author: search.filters.author.Mavani, MonaliSubject: search.filters.subject.IPv6 address

Search Results

Now showing 1 - 7 of 7
  • No Thumbnail Available
    Item
    Privacy Preserving IPv6 Address Auto-Configuration for Internet of Things
    (Springer, 2017-10) Mavani, Monali
    Internet of Things enables every node on a personal network to be managed and monitored remotely over the Internet. Biometric devices, used for access control or as bio-sensors, form a critical part of Internet of Things and are identified using IPv6 address. Malicious users can track activity of these devices by spoofing IPv6 addresses from unsecure wireless communication channels. Tracking device activity and identifying user behavior of the device poses a great threat to device identity and data generated by it. Such a threat can be avoided by keeping the device’s IPv6 address hidden from attacker. This study proposes a method to privacy enable IPv6 address configuration for connected devices in general and biometric devices in particular, while connected as a part of Internet of Things. It is proposed that by changing the device’s IPv6 address periodically and pseudorandomly, its identity can be kept private to a large extent. These address changes are configured on devices based on congruence classes, which generate non-repeatable integer sequence. It is proposed that the interface identification part of IPv6 address is configured with two-level hierarchy with each level level using a different congruence class. Such configuration generates different identification values to ensure conflict free address configuration. The proposition is analyzed for privacy preserving property and communication cost. The results of performance benchmarking using Cooja simulator show that the method does not impose substantial communication overhead on IPv6 address configuration process.
  • No Thumbnail Available
    Item
    Security implication and detection of threats due to manipulating IPv6 extension headers
    (IEEE, 2013) Mavani, Monali
    Use of IPv6 protocol is increasing due to lack of address space in IPv4 protocol. Along with increased address space, IPv6 also provides simplified header and additional functionality is put in the form of extension headers which can cause certain network threats, if misused. Network devices and operating systems are not at the matured stage to handle threats against IPv6 protocol. Reason being, not all network devices and operating system are fully RFC complaint. Even if they are, experience with IPv6 protocol is less, so there are possibilities of many unknown threats. This research investigates the threats due to misusing IPv6 destination option and fragmentation extension headers. Attacks addressed are fragmentation attack where upper layer protocol not present in first fragment i.e. tiny fragmentation attack, overlapping fragmentation attack, and flooding attack due to unknown option in destination option header. To verify these attacks, real test network set up is used. For each attack, detection logic is proposed and implemented in Linux environment using advanced shell scripting and C programming. To create packets with attack vectors Scapy - Python based packet manipulation tool is used. The proposed solution can run in host in order to detect these attacks and raise the alarm.
  • No Thumbnail Available
    Item
    Covert channel in IPv6 Destination option Extension header
    (IEEE, 2014) Mavani, Monali
    IPv6 is next generation Internet protocol whose market is going to increase as IPv4 addresses are exhausted and more mobile devices are attached to Internet. The experience with IPv6 protocol is less as its deployment is slow. So there are many unknown threats possible in IPv6 networks. One such threat addressed in this paper is covert communication in the network. Covert channel is way of communicating classified information. In network it is done by network protocol's control fields. Destination option Extension header of IPv6 is used to pass secret information which is shown experimentally in real test network set up. For creation of attack packets Scapy-Python based API is used. Covert channel due to unknown option and nonzero padding in PadN option is shown. Their detection is also proposed and detector logic is implemented using shell scripting and C programming.
  • No Thumbnail Available
    Item
    Privacy enabled disjoint and dynamic address auto-configuration protocol for 6Lowpan
    (Elsevier, 2018-10) Mavani, Monali
    In unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.
  • No Thumbnail Available
    Item
    Privacy Preserving IPv6 Address Auto-Configuration for Internet of Things
    (Springer, 2018) Mavani, Monali
    Internet of Things enables every node on a personal network to be managed and monitored remotely over the Internet. Biometric devices, used for access control or as bio-sensors, form a critical part of Internet of Things and are identified using IPv6 address. Malicious users can track activity of these devices by spoofing IPv6 addresses from unsecure wireless communication channels. Tracking device activity and identifying user behavior of the device poses a great threat to device identity and data generated by it. Such a threat can be avoided by keeping the device’s IPv6 address hidden from attacker. This study proposes a method to privacy enable IPv6 address configuration for connected devices in general and biometric devices in particular, while connected as a part of Internet of Things. It is proposed that by changing the device’s IPv6 address periodically and pseudorandomly, its identity can be kept private to a large extent. These address changes are configured on devices based on congruence classes, which generate non-repeatable integer sequence. It is proposed that the interface identification part of IPv6 address is configured with two-level hierarchy with each level level using a different congruence class. Such configuration generates different identification values to ensure conflict free address configuration. The proposition is analyzed for privacy preserving property and communication cost. The results of performance benchmarking using Cooja simulator show that the method does not impose substantial communication overhead on IPv6 address configuration process.
  • No Thumbnail Available
    Item
    In unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.
    (Elsevier, 2018-10) Mavani, Monali
    In unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.
  • No Thumbnail Available
    Item
    Privacy enabled disjoint and dynamic address auto-configuration protocol for 6Lowpan
    (Elsevier, 2018-10) Mavani, Monali
    In unsecured 6LoWPANs, the nodes can be easily identified by their IPv6 as well as MAC addresses. An adversary can snoop (and later, spoof) these addresses, thereby posing a major threat against the node’s identity and communication integrity. Such threats necessitate enabling privacy by obscuring the node’s addresses. This study proposes a protocol for dynamic, auto-configuring and conflict-free IPv6 addressing scheme that attempts to ensure privacy of nodes. In the proposed protocol, each node obtains a three-level hierarchical IPv6 address space which is dynamically generated on basis of congruence classes. Use of congruence classes, along with hierarchical addressing, facilitates generation of inter-leaved (and hence, disjoint) and non-fragmented address space for each node, resulting in conflict free address auto-generation. Nodes auto-configure their address sets independently with congruence seeds shared by routers, potentially reducing router complexity. To ensure the MAC address privacy, MAC address also changes when IPv6 address changes and it is derived from the interface identification (IID) part of the IPv6 address. The proposed protocol runs on Contiki operating system, simulated in Cooja. Simulated results highlight lower latency and optimal communication costs when compared with existing protocols.