Presentation is loading. Please wait.

Presentation is loading. Please wait.

Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research.

Published byLora Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research."— Presentation transcript:

1 Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research

2 Summary Derived an initial list of Requirements and Goals for the Protocol that would protect IPv6 hosts from Potential DoS(Denial of Service) and Traffic diversion attacks through discussing two major problems : 1)Chicken and Egg problem( here:Ip Ipsec) 2)Address Ownership problem And thus outlined some building blocks which could be parts of such protocol.

3 Comments +VE Good systematic way of solving a potential problem. Good technical exposure to some of the Potential security issues like DoS which we are facing. -VE Protects Verifier only.

4 Assumption The whole protocol works on the assumption that the routing infrastructure is not Compromised.

5 Protection Using Host id as crypto token. Using random numbers. Using one time password mechanism.

6 Protection(Cont.) Using Cryptographic Tokens uses lower 62bits of IPv6 address to store cryptographic hash of the Public key. host ID=HASH 62 (public key/random) dis-advantage: problem arises if host discloses random.

7 Protection(cont.) Protection (cont.) H N := HASH 160 (Public Key | random) H i := HASH 160 (Public key | H i+1 ) Host ID := HASH 62 (H 0 ) while collision occurs, both parties authenticate each other just by reveal their H 0 if not by revealing H 1.

8 Protection(cont.) Protection (cont.) Puzzles can also be used to protect oneself from DoS. Recipient Initiator Puzzle correct YES NO Deny

9 Question Question Is this enough to SAVE your computer from Potential threats Like DoS ? Is this enough to SAVE your computer from Potential threats Like DoS ?

10 Thank You

11 Queries ?

12 What’s a Denial-of-Service? It refers to a broad family of different methods that hackers use to try to prevent legitimate users from accessing web servers, mail servers networks and other systems.

13 Chicken & Egg Problem A is required to perform B and B is required to perform A Here: IPSec is needed to Configure IP and IP is needed to Configure IPSec.

14 Address Ownership Who owns an IPv6 / link-layer address? Is the owner an authorized agent? Proof??????????

Download ppt "Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Access control for IP multicast T-110.557 Petri Jokela

Access control for IP multicast T Petri Jokela
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.

Similar presentations

Ads by Google