Recent Advances in IPv6 Security

Video thumbnail (Frame 0) Video thumbnail (Frame 1128) Video thumbnail (Frame 2481) Video thumbnail (Frame 4090) Video thumbnail (Frame 7266) Video thumbnail (Frame 11803) Video thumbnail (Frame 20327) Video thumbnail (Frame 27747) Video thumbnail (Frame 30348) Video thumbnail (Frame 31436) Video thumbnail (Frame 32803) Video thumbnail (Frame 35997) Video thumbnail (Frame 40513) Video thumbnail (Frame 43033) Video thumbnail (Frame 44959) Video thumbnail (Frame 47667) Video thumbnail (Frame 52301) Video thumbnail (Frame 54897) Video thumbnail (Frame 58242) Video thumbnail (Frame 60465) Video thumbnail (Frame 64236) Video thumbnail (Frame 67497) Video thumbnail (Frame 69356) Video thumbnail (Frame 71278) Video thumbnail (Frame 75365) Video thumbnail (Frame 76690) Video thumbnail (Frame 78227) Video thumbnail (Frame 79902) Video thumbnail (Frame 81409) Video thumbnail (Frame 82914) Video thumbnail (Frame 84333)
Video in TIB AV-Portal: Recent Advances in IPv6 Security

Formal Metadata

Recent Advances in IPv6 Security
Title of Series
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
During the last few years, the UK CPNI (Centre for the Protection of National Infrastructure) carried out the first comprehensive security assessment of the Internet Protocol version 6 (IPv6) and related technologies (such as transition/co-existence mechanisms). The result of the aforementioned project is a series of documents that provide advice both to programmers implementing the IPv6 protocol suite and to network engineers and security administrators deploying or operating the protocols. Part of the results of the aforementioned project have been recently published, leading to a number of improvements in many IPv6 implementations. Fernando Gont will discuss the results of the aforementioned project, introducing the attendees to the "state of the art" in IPv6 security, and providing advice on how to deploy the IPv6 protocols securely. Gont will also discusss recent advances in IPv6 security areas such as Denial of Service attacks, firewall circumvention, and Network Reconnaissance, and will describe other IPv6 security areas in which further work is needed. Additionally, he will demonstrate the use of some attack/assessment tools that implement new network reconnaissance techniques or that exploit a number of vulnerabilities found in popular IPv6 implementations. The IPv6 protocol suite was designed to accommodate the present and future growth of the Internet, and is expected to be the successor of the original IPv4 protocol suite. It has already been deployed in a number of production environments, and many organizations have already scheduled or planned its deployment in the next few years. Additionally, a number of activities such as the World IPv6 Day in 2011 and the upcoming World IPv6 Launch Day (scheduled for June 2012) have led to an improvement in IPv6 awareness and an increase in the number of IPv6 deployments. There are a number of factors that make the IPv6 protocol suite interesting from a security standpoint. Firstly, being a new technology, technical personnel has much less confidence with the IPv6 protocols than with their IPv4 counterpart, and thus it is more likely that the security implications of the protocols be overlooked when the protocols are deployed. Secondly, IPv6 implementations are much less mature than their IPv4 counterparts, and thus it is very likely that a number of vulnerabilities will be discovered in them before their robustness matches that of the existing IPv4 implementations. Thirdly, security products such as firewalls and NIDS's (Network Intrusion Detection Systems) usually have less support for the IPv6 protocols than for their IPv4 counterparts, either in terms of features or in terms of performance. Fourthly, the security implications of IPv6 transition/co-existence technologies on existing IPv4 networks are usually overlooked, potentially enabling attackers to leverage these technologies to circumvent IPv4 security measures in unexpected ways.
Presentation of a group Type theory Presentation of a group Key (cryptography) Ranking Videoconferencing output Information security Information security
Presentation of a group Stapeldatei Forcing (mathematics) Online help Mereology Number Computer configuration Computer configuration Internetworking Personal digital assistant Telecommunication Information security Physical system
Presentation of a group Implementation Presentation of a group Multiplication sign Projective plane Density of states Staff (military) Mereology Mereology Latent heat Computer configuration Computer configuration Personal digital assistant Information security System identification Information security
Mobile app Group action Observational study File format Mereology Rule of inference Rechentafel Facebook Mathematics IRIS-T Different (Kate Ryan album) Position operator Address space Physical system Interface (computing) Unicastingverfahren Bit 3 (number) Demoscene Subject indexing Embedded system Software Intrusion detection system Personal digital assistant Interface (computing) Configuration space Address space
Computer virus Presentation of a group Weight Mountain pass Multiplication sign System administrator 1 (number) Information privacy Mereology Neuroinformatik Measurement Web 2.0 Mathematics Sign (mathematics) Bit rate Lattice (group) Computer network Square number Cuboid Physical system Shared memory Electronic mailing list Menu (computing) Bit Measurement Sequence Type theory Configuration space Self-organization Right angle Figurate number Resultant Router (computing) Spacetime Slide rule Server (computing) Implementation Statistics Service (economics) Level of measurement Observational study Open source Network operating system Transport Layer Security Student's t-test Number Internetworking Spacetime Selectivity (electronic) Address space Form (programming) Self-organization Information Interface (computing) Physical law State observer Computer network Feasibility study Line (geometry) Interprozesskommunikation Software maintenance System call Information privacy Loop (music) Software Personal digital assistant Table (information) Window Address space
Beat (acoustics) Presentation of a group Service (economics) Ripping State of matter Range (statistics) Workstation <Musikinstrument> Range (statistics) Bit VMware ESX Server Word Personal digital assistant Visualization (computer graphics) Cuboid Configuration space Spacetime Spacetime Address space
Mathematics Scaling (geometry) Software Personal digital assistant Self-organization Spacetime Right angle Heuristic Line (geometry) Spacetime Address space
Point (geometry) Trail Random number Server (computing) Inheritance (object-oriented programming) Service (economics) Addition Multiplication sign Information privacy Food energy Rule of inference Computer icon Leak Web 2.0 HTTP cookie Address space Identity management Physical system Covering space Addition Interface (computing) Uniqueness quantification Video tracking Fitness function Mathematical analysis Client (computing) Demoscene Data management Software Personal digital assistant Interface (computing) Configuration space Right angle HTTP cookie Information security Identity management Address space
Slide rule Server (computing) Service (economics) Multiplication sign Orthogonality Information privacy Mathematics Type theory Lattice (group) Hypermedia Different (Kate Ryan album) Personal digital assistant Configuration space Address space Physical system Stability theory Predictability Algorithm Logical constant Uniqueness quantification Video tracking Information privacy Software Video game Text editor Window Address space
Multiplication sign View (database) Numbering scheme Parameter (computer programming) Mechanism design Mathematics Lattice (group) Semiconductor memory Hash function Computer network Endliche Modelltheorie Local ring Information security Stability theory Physical system Predictability Algorithm Link (knot theory) Pulse repetition frequency Connected space Arithmetic mean Hash function Cost curve Interface (computing) Right angle Resultant Point (geometry) Functional (mathematics) Implementation Mobile app Hypothesis Power (physics) Goodness of fit Default (computer science) Standard deviation Key (cryptography) Interface (computing) Mathematical analysis Computer network Line (geometry) Information privacy Film editing Software Intrusion detection system Personal digital assistant Function (mathematics) Funknetz Collision Game theory Address space
Predictability Email Implementation Assembly language Assembly language Sheaf (mathematics) Computer network Bit Price index Density of states Field (computer science) Information privacy Number Personal digital assistant Different (Kate Ryan album) Function (mathematics) Right angle Whiteboard System identification Information security Communications protocol Router (computing) Address space
Standard deviation Random number Implementation Freeware Algorithm Dependent and independent variables Execution unit 1 (number) Theory Latent heat Different (Kate Ryan album) Computer configuration Single-precision floating-point format Lie group Physical system Predictability Algorithm Patch (Unix) Sampling (statistics) Open set Arithmetic mean Personal digital assistant Different (Kate Ryan album) Linearization System identification Information security Physical system Active contour model Resultant Window Electric current
Standard deviation Implementation Beat (acoustics) Real number Translation (relic) System call Inclusion map Arithmetic mean Latent heat Message passing Envelope (mathematics) Mixed reality Personal digital assistant Atomic number Programmable read-only memory Different (Kate Ryan album) Atomic number Cuboid Information security Normal (geometry) Table (information) Family
Pay television Implementation Freeware Dependent and independent variables Patch (Unix) Multiplication sign Electronic program guide 1 (number) Open set Open set Revision control Particle system Message passing Process (computing) Atomic number Core dump Right angle Information security Information security Electric current Physical system Windows Vista
Server (computing) Information Inheritance (object-oriented programming) Kolmogorov complexity Multiplication sign Mögliche-Welten-Semantik Computer network Water vapor Parity (mathematics) Evolute Theory Dynamic Host Configuration Protocol Word Message passing Computer configuration Personal digital assistant Energy level Right angle Information security Information security Reading (process) Fundamental theorem of algebra
Email Implementation Information Public key certificate Symbol table Goodness of fit Mechanism design Message passing Software Different (Kate Ryan album) Personal digital assistant Computer configuration Term (mathematics) Configuration space Energy level Authorization Whiteboard Block (periodic table) Remote Access Service Extension (kinesiology)
Email Implementation Group action Kolmogorov complexity Multiplication sign Set (mathematics) Thermal expansion Rule of inference System call Vector potential Mechanism design Data management Operator (mathematics) Right angle Information security Conditional-access module Position operator God Form (programming) Fundamental theorem of algebra Extension (kinesiology)
Email Chain Latent heat Presentation of a group Personal digital assistant Firewall (computing) Sound effect Authorization Statement (computer science) Block (periodic table) Remote Access Service
Email Dependent and independent variables View (database) Entire function Area Number Type theory Chain Mathematics Message passing Computer configuration Error message Personal digital assistant Computer configuration Chain Finite-state machine Block (periodic table) Extension (kinesiology) Multiplication Computer worm Address space
Particle system Presentation of a group Latent heat Implementation Personal digital assistant Internetworking Mixed reality Information security Implementation Information security
Electronic mailing list Hacker (term)
so this claim for this presentation it assumes that you know the basics before security and all the basics of follow the basic type is that security on the reason for which I included this as there is usually when you when you come watch the 6 of us a key to presentations half of the presentation if he set of IP 6 introduction so there's nothing like this in here or shouldn't be much about and now they call 1 is that these is again work-in-progress so if you have comments criticisms and that kind of stuff it's all come so what's the motivation for this
presentation I will tell later you
will be deploying I 6 and in practice and I you will most likely you have already at least to be deployed in because in most in the case of most general corpus of written systems they are a ship that might be this is 604 enabled by default than if you cannot use it to the access the global Internet and that support is still there at least for local communications and we all know that there are a number of other inches security challenges and also operational challenges that come with I P 6 so the question here is what you can do about them and I will kind of like growth through the festival on possible options and even when some of them may some funny only look funny but they are different communities that adopt each of the different options so after 1 is
essentially to ignore those challenges even when these may to URI pieces stupid but you may see that many of the but then fell 5 here 6 but in some cases the this is kind of like the case in some by forces to my experience but the thing that discuss an idealistic security issues goals-against IPB 6 deployment for the most part they try to ignore them and try to help prevent discussions of though things from going on batch and June
it's essentially bald sometimes he said the consequence of of optional 1 please knowing the basic security issues but eventually you find out about them and it doesn't look ordered on nice and option 3 is the part that we're trying to follow which is about discuss acute implications of the 6 and trying to do something about them affirmation
before I think teams 2007 our so had been working in most of the time on my Pusic security research also further work has been about for the project has been about analyze and they IPB 6 specifications I had tried before and and trying to find out ways in which you could actually break up and IP 6 implementations we didn't just look on the specifications themselves because usually there are many things that are listed implementations so in many cases we also know what implementation of we're doing and when we actually from the things that could break I we produce tools to actually asses those issues and and in both cases in which we were able to confirm that their wearable near or or there were things that could be you post to for the OS or or or yeah even complete DOS of some implementations we tried then there's then much the around implementations and kind the cultural but when this executed on our part of the staff has already been taken to 80 so not all of this stuff not all of the world that we have that produced so far because in some cases there will never does that have not yet been parched so we have no trying to take most of the stuff to the the idea from the idea is that during this year we'll complete the rest of the stuff that we have not yet submitted their our well this talk is about and what our own work to improve Q. 6 security again these presentation shouldn't be taken us a lecture but but actually as a way of proposing ideas of of fixing things so if you have a different idea already different an approach on how to approach many of Asia's I will be discussed and so go piece of speaker so
the first one is a lot of cysteine I Sunderson is the only slight that I have
for the kind of introduction to the topic this is this index of of global like utterances essentially are the same as before abacists you have it will be a global rule in graphics which is the part that is assigned by your apps thing then you have a few bits 4 of the 7 it ID which is the same thing that you for before already and finally brought the only difference is that in IBM's if you have an society which is another articles to the whole study part in the in the I P 4 addresses the only thing that changes of in the case of fy B 6 is that they're in the free city is much larger than there are actually different ways in which you considered that knowledge of course completely in the case of before us is the others is hot stars and usually select them make sequentially whereas in the case of 66 scenes you have 64 bits you have several options of for selecting the interface so that was really this well the first one which is the traditional stateless out the configuration is to include them market is in the interface the there's some bit of some bits that are changes some bits that are flipped but essentially include that of the Michael is there the other possibility is to included or others in the in the face city that's usually done for example in the infested to assist devices are in which for example if you know if you recall but if you remember the the IP for others of the system then it's kind of like stride for what they're reading the free city in that way so that the I'd BBC salaries is also easy to remember then in the 3rd molar by artist essentially it's so when have low by others as you said being the to all zeros and then you just change the last byte that's usually the was of minor configuration if we if you're going to fear and others you don oscillate that so many bytes randomly but you just sit them all to serious and then you just change the last 1 but they have 1 or the other is is that I'm not that usual but I still there in them and in real networks in this case for example the iris includes the war dead beef I for example last year in a the war like these 6 they are I think Facebook's art at Facebook's by artists was included in a similar way to this there are some others is like this and when it may some funny on and finally the last ballot talks about the transition and coexistence knowledge for example if you have 6 2 4 you have to read or all the position the knowledge is in some cases the Monday the way in which you have to selecting the phrase 80 so that looks at they look at the
at some of the problems that these of these possibilities have you may have here there you volition that passing through the increase I cyberspace the IPC schools can X are impossible actually this in this western just a call that I randomly produce but actually a loop I Pusic scanning all the work and this is 1 of the ones that came out there gross numbers these guys say that you can't should take something like 500 million years to produce a score Skynet acts but they are all the guy that produce like even larger numbers so there the erased to try to analyze these what a thing he said jubilation and try to find out whether this is true or whether it is so as a kind of introduction to the problem usually the guys that they come up with these numbers assumed that if you have to stand of an 6 7 work you have to go through the entire a slash C in 64 so the question here is whether the other 1 in which you want to know what's gone on IP 6 7 that they its search space is really 64 bits or not so this is the only study that I could find up in which some guy did alone measure hollow IPC services are assigned in practice there so a a couple of problems with the study of the first one is that in this that dates back to 2008 which means that it's a bit all since the way we'd share the 6 services are generated each over time for example of time has passed by other are more systems that implement them wary other cities and all the things so probably you could argue that these results are obsolete or a little bit of solid nowadays but so far this is the only other work the only research work that I have that have been able to find that the 1st step of taking care of of of measuring coal utterances are are selected in maintenance told what this guy did essentially was sit up I think was a server had different lines connect them to to their to the server and he just loved the abacists and try to analyze the different ways in which those services were select tool for decades of course which of course where the seasons that connected to the to he's web or FTP server whatever use diphone that 50 per cent of the utterances were the result of status of the configuration which means that the more obvious is that way including the much others in the interface city then there was a 20 per cent of viruses that included an iPad for addressed in the interface setting then a 10 per cent of the legal this is for the most part they are usually the result legal systems even when they are out there are in open-source implementations of I'd say that the that deal provides like very pure the be the poor the user experience here I and then we have a person of low byte addresses on a 6 per cent of privacy others is which are the what are usually called ordinal nothing Bride'' versus again if you look at the table there you can sort of feel that the beasts that the stakes have probably changes over time and 1 of the reasons are for example that in the last few years privacy others have been incorporated into more implementations so for example Windows safe previously all same thing that opened is the implemented that not that long ago so these numbers are supposed to be changes changing if they have not change rating and another thing that could be a sign that the use of our study the than actually initial like like a broke population of of is that in the form out at 20 per cent of IPD for base Iris's I you can usually all the money reconfigure costs have that 20 per cent had IP before based viruses so it's very likely that most of the users that we're accessing their web server if the or FTP server were kind of like a technical users that have come for your IPB 6 of minor league so these numbers should change now if you take a look at the 2nd table that provides this in them statistics for our will assist you a you can see that very stiff 70 per cent of law by Abbas' which means that in most cases on the student come up as a surprise said in the person of the others it's my legal figure so that's why they are by the the facilities set to all zeroes and that the administrator shows change in the last night then you have a 5 per cent of fighting for base it addresses and then the rest of the numbers are mostly marginal of these like contains the URL of the study I find it like when interesting and important to full because it was 1 of the few guys that actually care to measure the 6 Internet so I have been chosen this guy who bread pudding is the same study again and hopefully needed this year or next year he will repeat this study so that we get more up-to-date numbers so let's take a
look at the other both his types that have a larger presentation am of the Aristide's that aII right was there was no services that whistle from of slack or optical Asian and essentially those utterances include the much in the interface B so this slide this slide describes or illustrates the syntax of just being the free city not big law would imperfect from the submitted but just the interface so what you can see is that essentially what you do is you splits the mark others into a new stuff to rights which are like fix it in the middle OK there's actually an additional change that you know which is flipping 1 of the bits in they I. E. all you right which is a universal and the universal and but essentially what you do is you spread them like others into understaffed those 4 bytes in the middle so let's see for example that you think all this list list so let's assume that you know or you can get there and there the 1st advice and where the reason for which you could know all those 3 look both for a 3 bytes it say that an occur is trying to perform idealistic and of the target network on this just assume that that that in their work is that of of being the of computer vendor and it could be that crazy to assume that all of the systems for most of the systems that have been deployed on that network are a manufacturer by that vendor itself so if you work too was gone let's say and H being net work all the most likely the case that there are HPE servers and in in in that they were I and you could tell not the 1st 3 bytes off 18 interface heavy or put another way without their were the I T E L all you I for that then the so if you assume that you can get sperm long the 1st 3 bytes then this sick on that day then there the to fix it bites of course long and then you're left with only 24 bits of which means that you have to reduce the search space from the original slash 64 to only 24 bits that doesn't necessarily mean that it's going to take a couple of minutes to scan IP 6 work but it's certainly a big change when compared to the slash 64 bits that was assumed or that is usually assume now there are all things that should be taken into account for example l and if it's a LaRouche organization they usually the usually don't barges just a single system but the usually porches systems in a bunch of them and the 1 thing that we have found out what that we have found is that the last 3 bytes of their like others even when they could be like randomly selected there usually spell sequentially selected so this safe I by 100 boxes from the same then the chances are that they might policies sequential right so if that you have that kind of information of the target network rather than just trying random lattices in the in there in that I P 6 that are you could just buy random places in the other space lately I don't know flights of obligate gave you Nobel bottle will you know they have a ship that that has 4 squares so you don't need to shut up to that 2 should like every square but if I know that the ship is missing 2 squares I should here and here and there so that's 1 possible approach to actually stand idly 6 Net work if you know for example that that a target then were has purchased equipment's on over or boxes in their sponges I think that we have found and we are actually working on on some into 2 bodies these results is that even if the same doesn't own good the consider the might is usually because it could be my is within the same our my jaw radically growth because usually there were some company or some provided that brought those bunch of boxes so then usually they sold those boxes to places so companies organization that that enjoy close cations right so that means that for example you have any kind of information about the the the like this is sort of binaural all of some in the in the region and if you know that there is some organization that has watches equipment from the same vendor recently then a that information can be useful to actually perform on IP receipts on on the target network so my
mother of society seeks out is that in the end they had been my utterances another interesting case is that both of the police station for example if you take a look at beautiful what they always send day in and they might have C is from the same I people by so in this case it's a 0 0 CEO 27 which means that if you are a RIP 6 stunning that is targeting neutral boxes then value you don't even have to guess their their 1st of 3 bytes of the market is the actually no IBM word is even a more interesting case because for example if you use all automatic my cavities which means that you need to manually configure them either use a fixed and of the I. triple you're all right and then the next 16 beats bits are taken from the RIP before of others of the real fast the only bits that change and all the all the aid but 8 bits which means that the search space is reduced in that case to only admits but in the case of manually configure or my other cities in the world the use of different I to believe your light which is 0 0 5 0 5 6 and for the rest of that it's being done really randomize them but said them from the range that it's a specify this light I mean the randomized the rain they have a value but the values the whole space that is available OK so in that all the cases manually configure my assists Indian work this search space is reduced to a 22 bits they can look
at all the other people you look at the the other states that have like kind of like you're sh a presentation you get I B V 6 services that in bed at night before this are the can begin you as than others in the sick about it well I actually I missed that should there but essentially the idea is that US is the embedded and I'd be before this but the search space is the same us in the IP 4 K so if you know the missing the before range that they are using essentially you just scan this news just search through this before range but not just randomly in
the case of low right utterances of course this is trivial so usually what you find is that the city in the visiting Bulls heroes and they just changed the last night around so in that case the search space would be for example just 8 bits but they're all the cases for example we have formed that some organizations they don't change just the last just the last byte but for example the change the of the this this 2nd by starting from the right or the differ by starting from the right so the are if you all the variance but in any case you could if if you were to it kind of of network you could probably tried the 1st 1st few bodies in the last byte then the 1st the values in the sickle last by an and so on so in the worst case scenario usually the search space it's all 60 minutes so this was the
1st problem under the bottom line is that I believe is for spending habits are really feasible I'd say that the only thing that will probably change when compared to IP before is that the night before at the scale of the problem was so small that even doing a poor job but good enough now in the case of B 6 if you just try to st to go through the entire slash 64 yes you're not going to be able to find anything there but if you were to implement like heuristics in your scanning but then my duties that these are standing at that's our possible there is another
issue with of Iberia 6 other system but if you look at the traditional at at the way in which this is a basic services are generated with slack RC said before the the beginning to the market is indeed the 1st IT so what's the problem with that they the fit they had been marked out as you signal globally unique value which means that you're including like a kind of supercookie in their interface city which means that even as you move from 1 network to another the in the phrase that is going to be constant by connect to peace web server and an iconic through that orbits around in moved to 1 other men were an iconic to the same 2 servers become don't that I'm the same system that was access and in the other network but the so this is just 1 example our in the 1st the these valid you go see very is and all that generates an artist in which the 780 if you want is just 1 then in the 2nd case they some energy could be cheaper too but in the 2 cases the interface saving is the same because again if these including the mock others in the in the vicinity so this introduces a problem that we have a 94 which is a problem with privacy you our that of like disclosing the identity of your own device so I I will
just go through to mitigation there have been around for these 2 problems are then we'll have a comment on why they are not really effective and then I will try to describe what we have suggested on this topic so when it comes to the problem off cross are they solution that the idea of produce years ago most of what is usually known as privacy Abbas' sought temporary of assist essentially they are obvious is that our randomized so our the idea is that if you use 1 the this is of course is not going to be possible to track you love me is it just looking at the at the at the interface the the problem is that I got in the way in which the TA this is where a specified they require you to have not just privacy utterances but also the traditional slack addresses so that the ways that you use these don't worry this is in addition to the traditional altered ovulation overseas but not the replacement of those services so the premise of of that approach 1st of all don't worry analysis are difficult to manage our many I know of many many of people that are disabling the services because the if the services are enabled a that some system gets infected and then they they they they notice that this is a couple of days later so so OK what was the system that was using these Butler I be 6 artist sees others it seems these ideas It's Alice's Jaysh over time is not possible to tell right and scenes are the configuration doesn't require like central management you don't have any kind of central all that but there's you are which system was using which others at which point in time so this is 1 of the reasons for which many people out of the sick the saving them another uproar with this is that a society for the services I used in addition to this lack of he's so even when the tracking a cost that employs the services the but it's not really impossible this say that he's connect and Language server when he connects to I was I could about obtained he's sparse slack others and then at some other day and die when he got from some other network I can always actually forcible Senate being was something kind of rule brood pocket to that stabilize this to the traditional slack and find out whether in that system is there or not so the idea is that the problem with that that the right of privacy is is that the only place there the other system including my covers but I used in addition and as long as there is some kind of others that uses a globally unique value of course using those services will still be possible to track and there are some things
that have been done in the industry to mitigate the problem of course scanning I should take a look for example I think is from Windows Vista on on what they do is they have replaced the IPTC Saros' that include a mark rescinding the facility and well they do is they just want the mice being the facility but essentially the use the same algorithm for temporary others is the only difference that the boat that others doesn't change over time so what's a minor or even under user tries once for the stable this was for the temporary others with the only difference being that for the temporary addresses the the editors of the weighted over time Of course these are all these mitigates the problem of striking because the idea or partially media is there the sorry indeed it is the problem of our the costs scanning because they're it there if you generate the others is randomly the services will not formal any specific button so you can actually mediate of cost-cutting cutting out that this way but nation before I since these others here's our steel stable they're going to there's going to be a unique ID value that is used all over time so if it is still possible to track systems even if they implement these these so these this feature so these mitigates Christkind not that's bad but it still makes possible the though of course trucking either so this slide this slide
try to summarize that the bible in the face these that that we have for optical curation so I think I've made took various stable and temporary unpredictable unpredictable so for example if you take a look at the addresses that include their my is indeed the facility the of course stable and predictable but the did in the sense that of course they follow apart if you if you take a look at that but you don't worry your privacy addresses and they are unpredictable because of course the other a the randomized and the also been bright and the thing that we are missing is odyssey that our stable to others is that for example you want to use for a server for example that up again are stable but not predictable so that the idea is that if I have for example 1 headed north connected to the net or and I wanted boson also have stable lattices I I I I still the 1 the that is is to settle apparent but I still want to be able to sort of make the life of I'm not occur from it and how the when it comes to discussing that network this
is this this scheme that we have proposed ESA they strive for work and he has actually been model about odyssey 1948 essentially the idea is to produce the interface setting up as a result of a half allusion over a prefix interfacing that's no way the and the secret key of course the the I is that the function the function F is it has to be a cryptographically secure so I of course that the security of these mechanisms realized only cost functions be secure and also on the secret key been actually secret right so they realize that as long as you are it connected to the same no or whether you go out of that they will buy you reconnect to the same and we're getting all the parameters that you include or you sent to the to the hash function are going to remain the same you don't change the secret key the perfect is going to be the same the interface in this is going to be the same the ID is going to be the same so of being the cut fusion the same thing I mean all the parameters the same thing going to produce the interface of the all the time so that the earliest I connect the where I get 100 as I go somewhere else come back to the net work exactly the same others so it's status is stable within that they were willing just 1 lower now let's say that I'm on to a different work and he's the preference is going to change so if the present it is the breath exchanges then the resulting in the facility is going to change so that we get with this function is that we get that I
at stable within each network which means that it's a it's something good for for from an operational point of view but at the same time the end the facility changes when they move from 1 work to another OK so this is kind of like they're having the the best of both worlds so that in the case of artists that included in like is the good thing was that I the lattices is where stable so they were easy to to manage but they were predictable so there was a problem then on the other hand you have don't worry analysis which were not predictable but since they were buying over time they were have to manage so what we want here is to cut out is is there again our stable within each were so we don't know where the others is our stable but when you move from 1 network to another the and they change this proposal was sent to the idea of a few months ago and it has already been accepted by their six month looking up is the only mean or comment here is that from my fictive of some standard should have been formally evaded the UN for reasons that are not our own they want to standardize this but without apps formerly updating some of the standards that we have for for producing the facilities so bottom line is that on the eve even when we were even when we parted thesis on out at sea you go still the company and even if you producing predictable interface ideas but again I think that even then it's a good to have some kind of standard ISO algorithm of for producing the phrase cities that don't suffer from the problem I was described before well in the lecture for that in the current IT they had that the then I think these by dates back to a month ago so I didn't is that point because it's not even address in the in any other case right so I imagine actually that I didn't want to address that but I was asking the world should we address this problem in all the documents already this is something that is kind of like the if 2 implementations when I'm probably going to doing now and mission of this document is to include a condo here so the idea is that if you find a Galician you just increase the counter now on in that in that case is that if you were on the obvious to be stable then you should somehow recalled the others in a stable memory right because let's say that I connected and work OK so that was some system using the same others so I funny collision so I need to generate another artist knowlesi AI disconnect but when I come back to that system is not there so I you become figuring that systems so the power and the gaze is that you should record the others of summer but role There's no other way to look for game so could comments
about of fragmentation and reassembly of this is the IP 6 of fragment here essentially it includes all the things that you already have in the in the fix it I before here but in this case it's do just included in an optional here so far we have come mostly of concern about only these 2 fields fine enough that any indication so our 1st of all
this start talking a little bit about the fragmented in deification value of this acute implications of predictable from entities have been known for so many years the the implications are denial-of-service adults use guns and and so on and in the case of of of of I 6 I mean if we were to have a problem with this the problem could potentially be worse because of 2 problems are more now essentially departed said 1 to be larger so it's more likely that going to be using fragmentation so we should really get these right all with their own or we were supposed to to get this right before actually looking at implementations I found that I you find any implementations that have problems with within the facility because it was so long that our body was fixed it already and actually we kind of like a facing the same problem for different kinds of ideas in the TCP IP protocols from board numbers to the the Anniston Section ideas' and all the values but the thing is that not in all cases but they were
using unpredictable values so the 2 the Serbia the resources that I got lessons in some some implementations for example there was so our windows and notes and ancillaries that have predictable and of a predictable and finally the deification values have Of course the worst options were the ones being employed by Windows on units because they were using a global contour and there was again the come there and was initialized to 0 so if you could sample just a single fragment identification value you could tell the feminine deification that those and we're going to use in the future then you have for example the case of Solaris and we are predictable but it's not so bad a because they use that but this nation quanta rather than a global counter so it's not as bad as it is not as bad as it is so far off of lenience or Windows island the defendant algorithms in use by different implementations of these the less than they have checked a for example the was using of was randomized I think was a linear congressional Coalition generator for about 3 billion Oracle it but then for example we find out that in all the Musee they were used in a more interesting algorithm based on their skin check algorithm said Sunday where we produce tools to actually a eye-poppingly assess whether an implementation was was generating a that interval values on on whether they were using an upper this nation contour go work on there and so on and will use with this is that there were a few systems that were patched as a result of this work for example I don't recall which is diversion of lies that fits in this that they have already but should this 1 wall there's a problem here I I think Galliano so I think was in November last year they botched their funding in deification I with him and they are now doing unpredictable feminine deification by I'm not really has to do with
of overlapping fragments the pros with all 11 fragments again have been known for so many years so there's the of it but does sick and use any from Babar that was published in their late nineties about how you can invade and it went often detection system by by means of overlapping fragments and so the idea here is exactly the same with the only difference being that in the case of IP before that's a legitimate reason for overlapping fragments because you know before you there would there's fragment packets and then but can be deprecated followed different paths and so on so there is is in theory and issue to make case for overlapping fragments in the case of I. 6 there is not and you make it for them but all of them up and fragments were still unknown in there by by the idea of a specifications I think this last year a couple of years ago and i've seen as a 57 22 was published and essentially the they say that the use of overlapping fragments awards for being so if you were to receive a all 11 fragments you had to just drop the 2 fragments and their implementation that we checked so far most of the current once all really implement IIsi 57 22 master them I don't know if we OK so to this it will here but
if you look at our about other recent big table of all the that we need with different implementations have to try to assess the Defragmenter defragments reassembly policy that implement meaning in the world and is not just about whether the unbearable overlapping fragments or not but also in the case that the envelope of the overlapping fragments whether they use the 1st could be the last call the or or whatever so I there is a
special case of overlapping fragments would has to do with what we ended up calling upcoming fragment atomic fragments which are more idealistic I meant that the think it it's packets that include a friendly here I had that had a fragment of sit up here but that have more fragmented beats since you essentially it's the 1st fragment without any following fragments OK I and the reason for which those packets can be generated in practice is going soft on translating devices at a at least as far as the ideas specifications will they say that the hour these translation boxes that are require a packets to have a fragment here if the need to a friend in that bucket in day IP for world don't if for example you were to receive a packet to being message advertising on into smaller than 1 and 280 which is the I P 6 and you have not required to actually fragment but you still need to include a fragment here and that we were sold it into an atomic fragment the prom although the special the special thing with this atomic fragments is that if you want to proceed to receive 1 of these fragments you don't need to mix these fragments with real fragments right because the whole thing the whole package is included in the same fragment is just a 1st fragment without any or all the fragments following which is on our way to say that the packet is not really fragmented it just contains a family me here as the moon so I don't think there's always every use very aware that if you were to receive a pocket that have a fine to the the running more for and the more fun and beats of Sciences here you have to process that bucket without actually mixing it with a with fragment the traffic so this is an a 7 assessment that we
did for with some implementations Our some of them were really implemented these improved processing of atomic fragments but even before we actually worked on this and there were a few other ones that implemented these behavior when we when we publish a lawyer and in in our in the red rock I think I don't recall if it was I think all open Waubun B is the patch OK yeah yeah OK but that he again is that well if you were this is something that is so it shouldn't be hard to implement and that at the same time can prevent the temperament of fragmentation of X to be performed against any system 1 thing is you should have in mind is that in IPB 6 you could actually Of course the system to include a fragment he just by sending a bucket of big message so other do start to a fragmentation here I you can start forming all you can and you can start exploding fragmentation and so I think it's very important to get the atomic fragmenting air right and also the fragment in deification thing right I did but we use about this is that I was lucky enough to have I know if you know a guy calling on us in his from core secure Technologies a company that does a lot of whenever you do research on the guide the they're very they're very good review of the document would be dead too many many improvements and then when I partition revision of written all his comments I we I I made a I I noted that on the relevant IETF missed on some guys are that we we have to nothing about this so essentially some people who seem to think that we can go wrong with that but if the role of from 180 Europe it predictable in the fires of particles Our goal with them
around what is sometimes referred to us as IP 6 1st what it really all that yeah we 1st what securities that
it is that all to substitute the art security measures that you can employed in your local no word you in your horse you in your of levels which on in the 1st of water own is it this concept the snow reading you from the idealistic swirl of it's something that is there already so we don't be before for example in that IP before World a you can monitor our IC with tools such as watch and there are little things that you can do such as the ACP snooping which means for example that you have a switch here and say OK I'm going to our run that idiot should be surrendered to connect the DHCP server 1 so the other ports shouldn't be able to send DHCP server packets right and so that can efficiently the evolution theory allows you to block all at that's based on on on DHCP server packets I have that here is a further we like to have a sound bite you features our with IP before in 6 all this is so well and
that you usually find when you tried to actually achieve that feat and that by idea of features the parent is really that the United States for example although I of all the traffic for others a solution for example is is said bond with IBM 6 packets rather than linear pockets us in the case of of of art in Davie for a long time so for example as an ICA could produce a world of ties message that includes for example a couple of this nation options here and then the actual world whatever tidesman but before actually sending in the back in the ICA could fragment that pocket into 2 pieces so you end up with these 2 buckets and it's impossible to actually find out what information is inside a bucket of unused you the pocket right but the idea is that you implement kind of mediation at the switch so you should be really crazy and to actually think about from that fragment we assembly of the switch right or if you ever to try to do that did you open the door to a bunch of fallen out of that you don't really 1 there ceremony well then then
proposes that we have full of for bringing some level of sanity to their neighbor discovery traffic so 1 of the proposal is essentially as a tool of forbid the use of fragmentation for neighbor discovering of impact is you don't really need to fragment bucketing they were discovery and for example for example if you wanted to include a lot of configuration information in a world of Ivan you could just that information in different in different buckets you don't need to include all that in the same bucket the only legitimate case that there could be for for a for fragmented and neighbor discovery traffic but is the use of self so essentially needs to include certificates in those packets so this certificate this notion of you have no option than to speed the bucket with fragmentation but the thing is that if you were lucky enough to it it's centered blown-in right we've probably will want to our rely on a flat relying on fragmentation will then be a good idea because you have spent all this affirming the players and and then another good will just be stable sent by sending fragmented traffic so if we for example you're going to send them out certificates yieldable fragments and I will send out of the connected to your network I can I you just send fragments that collide with your own fragments and I do I could be a lesson so there is that I don't think it's a good idea at all to actually use fragmentation even for science yet yeah accept it I actually I seem to recall that there we go the actually the the the actual implementation I think you know playing with some implementation they're really do that I have on because the I don't I don't know whether the the meant to do that but that's the way they work in practice so symbol would also was sending of this it the world of the divan but fragmented into 2 pieces and they were ignoring the bucket so that's a good thing to do another banning which you actually forbid the use of the fragmentation festival do actually money don't they enable discovery traffic or anything because you have all the information in a single packet so you don't need to do like a stateful inspection but we send their proposal and to the idea of up and down U.S. support for it but they didn't want to talk about adoption of this document at the last idea in in pairs and a 6 month will be supposed to be proud about in the short term I mechanism that we have in
I 6 since what is food or Moldova diving got essentially it's kind of like the same thing that we have in 94 4 of you to be here to be something but in this case what we want is to feed the world over Desmon messages I have this for example on the board on which they are received the BIO with the with the other the diving got is essentially the same or very similar to the 1 that we discussed before so for example if I was a
manager I could do at this in my pockets in right this include the different expansion here and in fact them and scenes with over a dozen God so this is this is a stateless mechanism that I can't to leave the about whether but should be passed or not and 1 of the problem with this is that of the idea of
Polish to our sees about whatever dozen got I think they were all they wouldn't then got was was proposed by the rather than the and that being with the those implementation was trivial to circumvent and not just that by when we came up with a problem and and when we actually reported the problem of the answer was that while we don't need to fix that because the solution to this problem is to use it or if you could deploy right of draft the quantity that a form we ended up getting our idea of a set of I 1 of the idea of working groups the 6 operations and that government has just paid past there the working group last call they realize that we we are we specify a set of rules to feed the ruled over time and pockets trying to minimize the potential for false positives right and just finishing
them there that this presentation of a couple of comments on about IP basic firewalling I mean there's some lot of work to weed IPC firewalling this is just like a single great effect is this the very related we will I discussed before the United States the I mean the here chamber than I can span across multiple fragments right so that's not something that would have been unite before night before you could have fragments but you will always have at least the trumpet transport heater for example in the case of B 6 you could have a situation such as this in would you were saying you receive this bargain I you can really tell what's inside a park the same thing with the 2nd 1 so that essentially means that if you don't want to implement status filtering in practice you cannot so the only way in which you could actually know fy 1 in 6 if you all everything that they specifications if the those they fulfill free so what we propose here is to actually forbid this case and actually require all packets to have been
dire here a change in the 1st fine and so you find pockets you going into all the here chain in the 1st fragment OK I want the best was originally do required the whole theater the chain to be included within their 1 thousand 280 bytes which is the extend you but there's some guys spot again is that and say that all the probably a better number the to use their but in view in practice if I'd never seen as it back in the real world that has 1 thousand something the extension here's right and if you want to have such a packet then you have more theaters them payloads so you there really won the case in any case there was people argue against this so this is something that was presented at the last ideas meaning and it's supposed there they they 6 working be supposed to be all about optional of of this document city of
I mean the rot yeah a proposal but it has not been publishers on on our CIA on London town has to do with amplification and that's all you may have read that's all and you may have yet you may have read that you know do this if you cannot have worth like out act because for example costs are required to EU nor for example being buckets and toward the that's that resist but there are cases in there so specific packets that can generate responses even once and do will because this is 1 of the cases is to send packets will I recognize options of type 1 C 1 in whatever and so on but also in this case is essentially to ignore the packet and not to react by sending a wrong messages I mean really goes to an amplification not that you don't care what's the response that you get but as long as you get responses to something that isn't a lot because as you did amplification so that's a proposal that that was sent to
social conventions of many 1 and it is that I have been 40 94 have been reimplemented in Iberia 6 in some cases and in black in their specifications in that in some cases and implementations the best of all reasons for which then may have happened 1 is that we didn't in a learned their lesson from that before along on other possible reason is that different people was working on was stuck on all the other they in some cases the specification destined don't really make it stride forward to implement the particles so I think that there is room for improvement there are none of them maybe like a mix of all these reasons of all the conclusion of this presentation is that there is still a lot of work to do when it comes to I 6 security and is we need to deploy this 6 in the on the internet are we need to work to improve it so
if there's any questions so all of this I might
even though is found we have it at the list I discuss in this of this executed things