Mohit wadhwa et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 056 - 061

Vulnerability Of IPv6 Type 0 Routing Header And It’s Prevention Algorithm Student CSE-Department Ambedkar Institute of Technology New Delhi, India [email protected]

Assistant Professor CSE- Department Ambedkar Institute of Technology New Delhi, India [email protected] IPv6 provides various improvements over IPv4 like large address space, simple routing header format, flow labelling capabilities, quality of services (Qos) and security at IP level. In addition, through auto configuration and mobility feature of IPv6, nodes on the Internet can communicate in simpler way. However, IPv6 with new features will likely generate newer protocol attacks like reconnaissance attack is caused by increased address space, Dos attack to the router , firewall caused by new features that is neighbor discovery and auto configuration emerging in IPv6 and also IPv4 related attack would morph into new form. Although the IPv6 protocol is still developing, it is fully functional and its implementation and usage in the real network is possible [2].

ES

Abstract— The next generation internet protocol version 6 was developed to extend and eventually replace Ipv4 capabilities. Ipv4 which was introduced in 1980’s and has been in use for more than 20years. Ipv4 has proven to be robust, interoperable and easily implemented. But due to limited address space , lack of security at Ip level , complex configuration in Ipv4 it does not fulfil the requirement of the rapidly growing internet. Therefore Ipv6 was proposed by the network working group of the Internet Engineering Task Force (IETF), brings many new features over Ipv4 like large address space, flow labeling capabilities, expended address capabilities, extension for authentication and privacy, security at Ip level and so on. However, there are various security holes reported in contrast to the new features emerging in Ipv6. One of the serious issue concerns with the routing header of Ipv6. Routing header is a kind of extension header of Ipv6 and it’s used by an IPv6 source to list one or more intermediate nodes to be visited on the way to a packet destination. But routing header has serious vulnerability and by using this vulnerability attacker can by-pass the security principles at packet filtering system of Ipv6 such as firewall and than he can access the protected internal network by using routing header. This paper suggests an algorithm that solves the vulnerability caused by routing header.

Manju Khari

T

Mohit wadhwa

IJ A

Keywords: IPv4, Ipv6, routing header, Ipv6 packet filtering, network security

I. INTRODUCTION The current generation of internet protocol Ipv4 which was developed in the mid 1980’s and has been in use for more than 20 years. Ipv4 has proven to be robust, interoperable and easily implemented. However there are some problems with ipv4 like too large routing tables, limited address space and lack of security which does not fulfil the requirement of the exponential growth of internet. Demand for real time data transfer, security and large address space are the requirement of the next generation internet, therefore the requirement of the new internet protocol was realised and in 1992 it was clear itself that the replacement for the Ipv4 would be necessary. To eliminate some of the mention imperfection above in IPv4 , Network-working group of the Internet engineering task force (IETF) proposed a new suite of protocols called the Internet protocol version (IPv6) [1]. IPv6 was proposed with 128-bit address space field which provides large address space and improve security by using Ipsec as a part of packet header.

ISSN: 2230-7818

In IPV4, options were integrated into the basic IPV4 header whereas in IPV6 they are handled as extension header [3]. Extension header included into the IPV6 header whenever they are necessary. This way packet became flexible and transmitting of packet is much more efficient but there are various attack on this extension header, one of the serious attack that we discuss here is the type 0 routing header. Routing header is a kind of extension header of Ipv6 and it’s used by an IPv6 source list one or more intermediate nodes to be visited on the way to a packet destination [1]. This paper suggest an algorithm that can solve the vulnerability which occurs due to the routing header of IPv6 and this algorithm can be used with IPv6 packet filtering system such as router, firewall to prevent attacks that can occur due to routing header of IPv6. When routing header is used for transmitting a packet from source to destination than destination address in the IPv6 packet header is not the final destination address but just the address of the next node. In previous models routing header was not checked by packet filtering system through this way attacker can gain access of the internal system by by-passing the security principal at packet filtering system and successful in achieving the attacks into the internal system. In section 2, we will discuss the routing header in IPv6. In section 3 vulnerability of routing header will be discussed. In Section 4 suggestive algorithm is given for routing header prevention. Finally the conclusion will be given with future work in section 5.

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 57

Mohit wadhwa et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 056 - 061

II.

TYPE 0 ROUTING HEADER

A. Routing header format[1][4] Routing header is identified by the next header value of 43 in the preceding header of next header field. Below is the format of type 0 routing header.

In this way address processed from one node to other node with routing header. Segment field in the routing header plays a very important rule that defines the intermediate nodes still to be visited before reaching the final destination. If segment left field in the routing header is non zero than there must exist intermediate node that still to be visited If segment left field in the routing header is zero on some node than that node is the final destination

Figure 1 Routing header for Routing Type 0 [4]

Next Header - 8-bit selector which identifies the type of header immediately following the Routing header. Hdr Ext Len - 8-bit unsigned integer that defines the length of the Routing header in 8-octet units, not including the first 8 octets. For the Type 0 Routing header, Hdr Ext Len is equal to two times the number of addresses in the header.

Source- S node1--->

A node2-->

B node3-->

Segments Left - 8-bit unsigned integer that defines the number of listed intermediate nodes still to be visited before reaching the final destination. Reserved- 32-bit reserved field which is initialized to zero for transmission and ignored on reception.

Address - [1..n] Vector of 128-bit addresses which numbered from 1 to n.

IJ A

In Ipv6 header there is one field defined i.e. next header field which describe the next header in the extension header by using predefined values. Value 43 is defined for routing header.

B. Processing of routing header[1] We discussed earlier, Routing header is a kind of extension header of Ipv6 and it’s used by an IPv6 source list one or more intermediate nodes to be visited on the way to a packet destination [1]. When routing header is used for transmitting a packet from source to destination than destination address in the IPv6 packet header is not the final destination address but just the address of the next node. See below figure 2 how routing header works from node to node. src: A dest: B RH: C, D

A

src: A dest: C RH: D

B

src: A dest: D

C

Figure 2 Routing header defines from node to node

ISSN: 2230-7818

D

C node4-->

Destination D Node 5

Figure 3 processing of routing header

ES

Routing Type - Routing type is 0 for type 0 routing header.

T

See the below figure 3 for routing header processing, that defines how packet travels from source to destination through intermediate nodes.

As the packet travels from S to A: Source Address = S Destination Address = A

As the packet travels from A to B: Source Address = S Destination Address = B

Segments Left = 3 Address1 = B Address2 = C Address3 = D

Segments Left = 2 Address 1 = A Address 2 = C Address 3 = D

As the packet travels from B to C: Source Address = S Destination Address = C

As the packet travels from C to D: Source Address = S Destination Address = D

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Segments Left = 1 Address 1 = A Address 2 = B Address 3 = D

Segments Left = 0 Address 1 = A Address 2 = B Address 3 = C

Page 58

Mohit wadhwa et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 056 - 061

This way packet travels from source to destination and segment left field decreased as packet traverse from node to node. III. VULNERABILITY OF TYPE 0 ROUTING HEADER Some of the packet filtering system does not have the capability of processing routing header, therefore attacker first access the packet filtering system and gather all the related and secret information and later by using these information attacker use routing header and generated malicious packet, than by using routing header attacker perform attack on internal network.

destination address in the IPv6 packet header is not the final destination address but just the address of the next node. So routing header identifies the destination address for intermediate nodes therefore IPv6 based packet filtering system prevent an internal system by checking the address of routing header as a destination address. In this algorithm we check the routing header address by using the concept of segment field left in the routing header. Segment field left in the routing header defines the intermediate nodes still to be visited before reaching to final destination. Segment field rules are defined as follows: 

If segment left field in the routing header is non zero than there must exist intermediate node that still to be visited



If segment left field in the routing header is zero on some node than that node is the final destination

Src – source address of Ipv6 header dest IP – destination address of IPv6 header destRH – the address of the routing header destRH-Next – next address of the routing header if there exist number of addresses

ES

Figure 4 security holes of routing header [5]

T

The algorithm is divided into two parts i.e. when rules are defined at packet filtering system for received packet and when there are no defined rules at packet filtering system for received packet. The symbol use in figure means as follows:

IJ A

See figure 4 there are two packets, packet 1 and packet 2. Packet filtering access list is applied at router and firewall before internal network to block the malicious packets. Packet 2 can easily blocked at firewall because access to the internal network is blocked in the access list, therefore an attacker can generate a malicious packet packet1 with routing header that containing victim address and then sends a packet to publicly address HOST B shown in figure 4 further HOST B check the routing header and find that the packet1 is not for HOST B and then HOST B forwards the packet 1 to HOST C i.e. internal network. Through this way malicious packet will reach into the internal network without breaking the security rules. By using this vulnerability attacker can bypass the packet filtering mechanism and create the opportunity for denial of service attack [6]. To solve this security holes, it is proposed that the packet filtering rules for routing header is defined and than packet is filtered based on this defined rules [7]. But it is difficult to modify the packet filtering rules for routing header. If packet filtering rules are modified than it requires modification of user interfaces, therefore it is not so efficient and also not a good choice to update the existing system. So in this paper we suggest an algorithm that can prevent the internal network from attacker without modifying user interface and packet filtering rule format. IV. PREVENTION ALGORITHM AGAINST ROUTING HEADER This protection algorithm provides a suggestive approach to resolve the security issues that are caused by routing header. The behind the protection algorithm is that the checking area of the packet filtering system expands in such a way that it checks the address of the routing header. When routing header is used for transmitting a packet from source to destination than

ISSN: 2230-7818

Considered two cases here when rule is matched to the received packet or not matched to the received packet. Case 1: when rules are matched to the packet than algorithm is processed as follows: See figure 5 when packet is received at packet filtering system, it checks for defined rules with source and destination address. If the rules are matched than the packet will accept or reject according to the defined rules in packet filtering system. If the packet is accept than check for the routing header i.e. routing header is exist or not. If not exist than simply accept packet. But if routing header exist than the destination address in the IPv6 header is not the final address but it is the address of the next node and the final address is identified by routing header. So it is necessary to check the routing header for protecting the internal network. So if routing header exist than check the rules for source and destination routing header address. If the rules with routing header not matched than simply reject packet and if the rules are match than take simple decision i.e. accept or reject. If the packet was accepted than check for the segment left field which defines the intermediate nodes still to be visited before reaching to final destination. Now check rules for the segment left field. If segment left field > 0 than there must exit one or more intermediate nodes that still to be visited and that was defined by next routing header. So configure source and destination routing header

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 59

Mohit wadhwa et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 056 - 061

pair by replacing destination address routing header with next address of the routing header. Case 2: when rules are not matched to the packet than the algorithm is processed as follows: See figure 6 when packet is received at packet filtering system, the algorithm is processed as follows. If routing header is not existed than packet is applied to default rules and take the decision accordingly i.e. accept or reject the packet. But if routing header exist than the address of the routing header must be checked before accepting the packet and the left processing is similar that was defined in case 1 and in figure 5.

ES

T

This algorithm can be used with packet filtering system and there is no need to modify the user interface and packet filtering rules for checking the routing header addresses.

IJ A

Figure 5 protection algorithm when rules are defined

Figure 6 protection algorithm when there are no defined rule

ISSN: 2230-7818

V.

CONCLUSIONS

IPV6 is the new version of the internet protocol will replace the IPV4 protocol. In the present scenario, Due to prevailing security problems occur in IPV4 day by day the acceptance of the IPV6 on the internet is grown at the very fastest rate. The new version of the internet protocol provides numerous features over IPV4 which directly or indirectly improve security for devices that are connected to the internet. Beside these improvements some of the security issues are still exists and needs thorough attention. One of the serious security issue concern with the routing header of Ipv6. This paper suggests a protection algorithm that can solve the security issue caused by routing header of Ipv6. The idea behind the protection algorithm is that the checking area of packet filtering system expands in such a way that it will also checks the addresses of routing header because routing header plays a role of destination address for the intermediate nodes. This algorithm can be used with existing Ipv6 based packet filtering system that protect the internal system such as firewall so there is no need to modify the user interface and packet filtering rule

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 60

Mohit wadhwa et al. / (IJAEST) INTERNATIONAL JOURNAL OF ADVANCED ENGINEERING SCIENCES AND TECHNOLOGIES Vol No. 5, Issue No. 1, 056 - 061

format. This algorithm can solve the security issue caused by routing header without the need of much modification and it makes the configuration easy for administrator because the algorithm can apply on existing system. REFERENCES [1]

[6] [7]

O’ Rielly, IPv6 Essentials Microsoft Corporation, Introduction to IP version 6, January 2008 Jeodeok lim, youngki kim, protection algorith against security holes of ipv6 routing header, ICACT 2006 Mohit wadhwa, Suresh kumar: Security Flaws Common in IPV4/IPV6 & Security Issues in IPV6: A Study, ICSE 2011 P.Savola, “ Security of IPv6 routing header and Home address Options” Internet draft, draft-salvola-rh-ha-security-03.txt,December 2002

IJ A

ES

T

[2]

S.deering and R.hinden, Internet protocol version 6 (Ipv6) specification, RFC 2460, December 1998 Cooper M and Yen DC, IPV6 business application and implementation concern standards and interfaces, vol. 28, Elsevier science 2005

[3] [4] [5]

ISSN: 2230-7818

@ 2011 http://www.ijaest.iserp.org. All rights Reserved.

Page 61