Professional Documents
Culture Documents
Abstract:In this paper we consider the use of recently sanctioned An IPv6-in-IPv4 Tunnel T=<A,B>is a point to point link
project “Design Tool of IPv6 Mobility for 4G- between two dual stack interfaces A(the tunnel source) and
Networks(DTMIPv6)”.It describes one of our major research
project work sponsored by UGC,New Delhi to study how the B(the tunnel destination)or routers.We denote respectively
IPv6 in IPv4 Static tunneling works in 4G networks,how to avoid with A4 and B4 and with A6 and B6 the IPv4 and IPv6 addresses
the various threat issues by an IPv6 in IPv4 Static tunneling.One of A and B and we represent bidirectional tunnels as two
of the terms used to describe 4G networks is MAGIC-Mobile
tunnels with the same end points in inverted order and thus if a
Multimedia,AnytimeAnywhere,Global mobility
support,Integrated wireless solution,and Customized personal tunnel T=<A,B>is bidirectional then T1=<B,A>also exists.A
service.The main important approach of 4G mobile Tunnel operates as follows:When an IPv6 is sent through a
communication system is projected to solve still-all the tunnel exists from a node A to B then a source node creates an
remaining problems of 3G and to provide a wide variety of
new services,from high-quality voice to high-definition video and IPv4 packet with source addresses A4 and the destination
to high-data rate wireless channels. addresses B4 whose pay load packet is IPv6 packet where as in
GRE or Teredo tunnels no extra headers are added and the
Keywords:Automatic tunnels,IPv6 in IPv4 Static tunnels,4G
packet is marked as an encapsulating IPv6 packet by setting
Networks etc.
I.Introduction: the IPv4 protocol field to 41.The IPv6 packet is then sent to B
a. Introduction to Tunnels in 4G networks. over the IPv4 network.When the destination workstation
Tunnel is a bidirectional point–to-point link between two receives the packet it checks the IPv4 source address to predict
network endpoints.The term “tunneling” refers to a means to whether it belongs to a known tunnel and if so it decapsulates
encapsulate one version of IP in another so the packets can be the packet and processes it smoothly as it had arrived on any
sent over a backbone that does not support the encapsulated IP other IPv6 workstation.Suppose if the IPv6 packet is
version.The various examples of the former include IPX-in-IP
forwarded then the hop-limit field header is decremented by
encapsulation[15],IPv6-in-IPv4 encapsulation[12],and other
examples of the latter include IPSec[13] and Virtual private 1.IPv6 in IPv4 tunnels are also called as single workstation
networks[14].Tunnels are an important part of the IPv4 to tunnels i.e they appear to the IPv6 as a single point to point
IPv6 transition strategy,and the IPv6 specifications define path which hides the complexity of IPv4 network[12].
many different types of tunnels.Their discovery is essential for
studying the topology and the evolution of the IPv6 network
and is useful for troubleshooting and performance Fig.1.The IPv6 in IPv4 Tunnel.
optimization.Tunnelling consists the encapsulation of the The research on IPv6 tunneling can be classified as
packets of a network-layer protocol within the packets of a follows:
second protocol,such that the former regards the latter as its (1)Research on basic IPv6 Tunneling mechanisms:A
data link layer[19].Because of the flexibility it provides(any number of different tunneling mechanisms(e.g.Automatic
protocol can be transported,including the encapsulating tunneling,Manually Configured tunneling,6–to-4 Tunnel
protocol itself),tunneling is widely used both to expand broker,Automatic 6 to 4 tunnel,Automatic 4 to 6
networks without having to deploy native infrastructure and to Tunnel,IPv6 over IPv4 GRE Tunnel etc)have been
improve security.Similarly to other network discovery proposed for varied tunneling requirements.These
problems,its importance derives from the need for up-to-date tunneling mechanisms provide tools for the whole
information about network topology and from the impact that transition process.Data is carried through the tunnel using
topology is known to have on crucial aspects of network a process called encapsulation in which IPv6 packet is
behavior such as the dynamics of routing protocols,the carried inside an IPv4 packet which makes IPv4 as a Data
scalability of multicast,the efficacy of denial-of-service counter Link layer with respect to IPv6 packet transport.The term
measures[15][16]and other aspects of protocol tunneling refers to a means to encapsulate one version of
performance[17]. IP in another so the packets can be sent over a backbone
b. General Working procedure for the operation of Tunnels that does not support the encapsulated IP version.It is
process by which information from one protocol is
encapsulated inside the packet of protocol brokers,6-to-4[12],ISATAP[13]and Teredo[14].IPv6 also
architecture,thus enabling the original data to be carried supports for GRE tunnels over IPv4,our results suggest that
over the second protocol.This mechanism can be used tunnels are very common in the today’s internet and the
when two nodes that use same protocol wants to transition to IPv6 occurs smoothly and slowly.So tunnels to
communicate over a network that uses another network continue to play an important role in IPv6 networks,as IPv4
protocol.The tunneling process involves three network infrastructure will remain widely deployed for many
steps:encapsulation,decapsulation,and tunnel years.
management.It also requires two tunnel end-points,which a.Types of Tunneling in 4G Networks.
in general case are dual-stack IPv4/IPv6 nodes,to handle Tunneling techniques are broadly divided into two types,first
the encapsulation and decapsulation.Tunneling is one of one is an automatic tunneling and second one is configuration
the key deployment strategies for both service providers
tunneling.The tunneling technique we can use the compatible
and enterprises during the period of IPv4 and IPv6
coexistence. addresses discussed as shown in the below figure-6.A
Tunneling allows service providers to offer an end-to-end compatible address is an address of 96 bits of zero followed by
IPv6 service without major upgrades to the infrastructure 32 bits of IPv4 address.It is used when a computer using IPv6
and without impacting current IPv4 services.Tunneling wants to send a message to another computer using
allows enterprises to interconnect isolated IPv6 domains IPv6.However suppose the packet passes through a region
over their existing IPv4 infrastructures,or to connect to where the networks are still using IPv4.The sender must use
remote IPv6 networks such as the 6bone.The IETF has the IPv4-compatible address to facilitate the passage of the
made a great contribution on this topic. packet through the IPv4 region.For example the IPv4 address
(2)Research on analyzing the typical tunneling 2.13.17.14 becomes 0::020D:110E.The IPv4 is pre pended
scenarios and how to provide relevant tunneling with 96 zeros to create a 128–bit address(See figure-3)[10].
schemes:As there are a variety of different scenarios
during IPv6 tunneling the typical scenarios need to be
emphasized about IPv6 deployment and applying suitable
Fig3.The IPv6 Compatible Address.
transition mechanisms.
b.Representation of IPv6 Tunneling types in 4G Networks
This paper presents a comprehensive explanation about the with Class-Diagrams and Instance Diagrams.
current status of research on IPv6 in IPv4 Static Tunneling
mechanisms with Automatic 6 to 4 Tunneling.This paper is
organized as follows:We briefly described Introduction to
tunnels in 4G networks,Preliminary Definitions of
Tunneling Techniques,General Working procedure for the Fig 4.The Tunneling types with Class-Diagram.
operation of Tunnels,Research on IPv6 tunneling issues in As we know that tunneling types are broadly divided into
Section 2.We described,4G and IPv6 networks,desirable Automatic,Manually configured tunneling,GRE
characteristics of 4G networks,the characteristics of IPv6 tunneling,Tunnel brokers etc.In Fig.4.we have represented the
4G,Initiatives on the 4G in section 3.Basic IPv6 Tunneling tunneling types by using Class-Diagrams.A Class digram is a
Mechanisms,Role of IPv6 tunnels in 4G,Types of tunneling type of Object diagram.A Class diagram is a
in 4G networks,representation of IPv6 Tunneling types in Schema,pattern,or template for describing many possible
4G Networks with Class-Diagrams and Instance Diagrams instances of data.A Class diagram describes Classes[16].A
and a Static tunneling in 4G networks,limitations of IPv6 Class diagram represents either bidirectional or ternary
static tunneling.in section 4.The prototype,threat analysis relationship.In Fig.4.a Class Diagram may be traversed either
due to transition mechanism,IPv6 tunneling,IPv6 from Left to Right or from Right to Left.In the Fig.4.5+
threats,Security issues in IPv6 tunneling has explained in represents the value of multiplicity(Multiplicity specifies how
section 5,The future innovative challenges of IPv6 threats many instances of one class may relate to a single instance of
has covered in section 6.Finally we concluded the whole an associated class.Or Multiplicity constrains the number of
paper in section 7. related objects.) i.e.IPv6 Tunneling has broadly divided into
I. IPv6 Tunneling Methods in 4G networks. more than 5 types.A Solid ball is the OMT symbol for “many”
This section presents a number of tunneling techniques we meaning zero or more.A hollow ball indicates “optional”
have studied and analyzed to tackle the tunneling meaning zero or more[16].has-divided represents the Binary
mechanisms/strategies.Depending on their objective tunneling association between IPv6-Tunneling and Tunneling
types are broadly divided into different types depending upon type.Instance Diagram is also another type of Object diagram
the IPv6 specifications.The IPv6 specification defines several which represents objects or instances.The Fig.5.specifies an
types of IPv6-in-IPv4 tunnels,including Manually configured Instance diagram for Tunneling types[16][17][18].The lines
tunneling,Automatic tunneling,Generic routing encapsulation between the objects or instances represents the links[16][17].
(GRE), Semiautomatic tunneling mechanisms such as tunnel
Threat modeling (or analysis) is essential in order to help us to
develop a security model than can focus or protecting against
certain threats and manage the related assumptions. One
Fig.5.The Tunneling types with Instance-Diagram. methodology to discover and list all possible security attacks
against a system is known as attack trees.To create an attack
d. Static Tunneling in 4G Networks. tree we represent attacks against a system in a tree structure,
Static tunneling is also called as Configured tunneling.Static the attack goals as root nodes and the different sub goals
tunneling can be used to link isolated islands of IPv6, in which necessary to achieve them as their leaf nodes.Figure-7
the network domains are well known and unlikely to change represents the general threat categories we have identified
against network convergence architectures namely attack on
without notice.A static configured tunneling is equal to a
the network processes are responsible for IPv6 transition,Dual
permanent link of two IPv6 domains with the permanent stack,Automatic tunneling and Configuration tunneling
connectivity provided over an IPv4 backbone.Static tunneling threats.Dual Stack threats are totally different from the IPv6
assigned IPv4 addresses are manually configured to the tunnel Tunneling techniques like an automatic tunneling and
source and the tunnel destination.The identification of which Configuration tunneling,manually configured tunneling,Static
packets has to send through a tunnel via a routing table in the tunneling etc.As we have discussed there are large number of
tunnel end points,the table direct packets based on their transition mechanisms to deploy IPv6 but broadly be
categorized into,Dual Stack,Tunneling(Automatic,Manual
destination address using prefix mask and match technique.In
Configuration),and Translation Header.The problems are
a static tunneling the host or router at each end of a static identified when IPv6 is tunneled over IPv4 encapsulated in
configured tunnel must support both IPv4 and IPv6 protocol UDP as UDP is usually allowed to pass through NATS and
stacks.The static tunneling in 4G networks was most Firewalls [59].Consequently allowing an attacker to punch
preferred when the necessary of a few tunnels to forward a holes with in the security infrastructure.The First and Second
packets from source host to the destination host via tunnel end authors of this paper recommends that if the necessary security
points.The below figure-6.shows the IPv6 static tunneling in measures cannot be taken ,tunneled traffic should be used with
caution if not completely blocked.To provide ingress and
4G networks.The requirements of IPv6 Static tunneling are
egress filtering of known IPv6 tunneled traffic, perimeter
R1,R2 are dual stack.R1 has a reachable address from R2 and firewalls should block all inbound and outbound IPv4 protocol
vice versa.In IPv6 static tunneling static configuration is 41 traffic.For circumstances where Protocol 41 is not blocked
possible on both the ends.The IPv6 static tunneling has it can easily be detected and monitored by the open-source
dependency on the 4 pararmeters like IPv6,IPv4,R1,R2. IPv4 IDS Snort.During the development of the IP6-to-IPv4
threat model we have identified that several attacks lead to
other attacks which we have previously included and
analyzed.These are represented in the tree as identical nodes in
Fig.6.IPv6 Static tunneling in 4G networks. different locations.
The below Table-1 shows the configuration of IPv6 Static tunneling in 4G b. IPv6-Tunneling-IPv6 Threats.
networks. In Tunneling based methods,when a tunnel end point receives
Configuration Parameter Router R2 Router R1 an encapsulated data packet,it decapsulates the packet and
IPv6 Source address 3ffe:b00:1:1:: 3ffe:b00:1:1::2 sends it to the other local forwarding scheme.The security
1 threats in tunneling mechanisms,take IPv6 over IPv4 tunnel
IPV6 Destination 3ffe:b00:1:1:: 3ffe:b00:1:1:1 are mostly caused by the spoofed encapsulated packet sent by
address 2 the attackers in an IPv4 networks.(Refer-Fig.7).As shown in
IPv4 Source address 192.0.2.1 192.0.3.1 Fig.7.the target of attacks can be either a normal IPv6 node, or
IPv4 Destination address 192.0.3.1 192.0.2.1 the tunnel end point.