schließen

... one of the research topics of the team of Prof. Dr. Christoph Meinel

Introduction

Internet Protocol version 6 (IPv6) has been developed to enhance the Internet's future . It is intended to replace IPv4, as the main Internet communication protocol, primarily because of the lack of available IP addresses with IPv4. In addition to a large address space (128-bits), IPv6 comes with new features and mechanisms, such as StateLess Address AutoConfiguration (SLAAC), Neighbor Discovery (ND), header extension, enhanced mobility, etc., which will facilitate a user's ability to communicate.
Despite the fact that IPv6 still maintains much of IPv4's semantics and that two of its protocols have similar functionalities, IPv6 is incompatible with IPv4. IPv6 has its own addressing scheme, so it poses new challenges for routers concerning, for instance, the growth of the forwarding table or the integration of routing algorithms. Moreover, IPv6 and IPv4 headers are mutually exclusive since some fields have been removed, changed, added or expanded for their use in IPv6. Therefore, along with others, the Internet Engineering Task Force (IETF) has been working on several transition mechanisms in an attempt to ensure a smooth migration to IPv6.
Since security and privacy are two of the top priorities in today's networks, the research team of Prof. Dr. Christoph Meinel has focused on identifying, mitigating, and protecting against possible risks during IPv6 deployments. In doing this, the research team hopes to contribute to a more reliable and trustworthy network and Internet environment.

IPv6 Security Concerns

In IPv6 networks vulnerabilities may arise for two main reasons: new protocol features and the need to coexist with the existing IPv4 protocol. IPv6 introduces new functionalities in order to facilitate network configuration and management. However, they have also exposed the network to new security threats. For instance, the Neighbor Discovery (ND) and Stateless Address Autoconfiguration (SLAAC) are vulnerable to spoofing and Denial of Service (DoS) attacks. Another example is the randomly generated addresses, which need to keep changing over time in order to protect a users' privacy. This implies, however, new challenges for network administrators, as it also complicates the management of user identities. Finally, although IPv6 and IPv4 have incompatible protocols, they do compete for the same computing resources. Therefore, running these two protocols, in parallel, poses new deployment and security challenges.

Research topics:

Privacy and Security in IPv6 networks

Recently, security and privacy have become important issues when dealing with IPv6 networks. It is for this reason that nodes need to change their IP addresses frequently, in order to prevent other nodes within the network from being able to track them. By doing this nodes thus help prevent privacy related attacks. Changing IP addresses, though, will have an effect on application layer services such as DNS, email, web and etc.

The purpose of our research is to diminish the security and privacy risks that are now present in IPv6 networks. As vendors need to move to and make use of IPv6, we will shortly have an Internet network that totally encompasses the use of IPv6. Therefore there is a need to detect the security flaws in this network, and o find a solution for them, before this protocol becomes even more widely used.

IPv6 Security Solution Lab (IPv6SSL)

There is currently an IPv6 Research Lab, calledIPv6SSL, where work is being done to create a flexible framework for use as a basic security consulting system.

Securing IPv6 Addressing Mechanisms

IPv6 Stateless Address Auto-Configuration (SLAAC) and Neighbor Discovery (ND) are used for autoconfiguring addresses (without the use of a server) and to discover other nodes on the IPv6 link. Although the autoconfiguration mechanism greatly improves the efficiency of network management, it does have security and privacy issues. Secure Neighbor Discovery (SeND) was designed as a first line of defense against spoofing and Denial of Service (DoS) attacks. It assures the integrity and authenticity of ND messages. SeND is based on the use of RSA Key pairs, Cryptographically Generated Addresses (CGA), digital signatures, and X.509 certificates. Unfortunately, the SeND deployment remains a challenge for several reasons. First, SeND is compute-intensive. Second, its deployment is not trivial and so the SeND Authorization Delegation Discovery (ADD) is, so far, mostly theoretical rather than practical in nature. Third, operating systems lack the sophisticated implementations needed for SeND. The objective of this research topic is to find and develop an efficient and easy model for the optimization of CGA and SeND to make it usable in different IPv6 networks, mainly for use in limited resource devices.

Research Project Implementation: “WinSEND: Windows SEcure Neighbor Discovery”. This is an implementation consisting of the following RFCs:
- RFC 3971: Secure Neighbor Discovery (SeND)
- RFC 3972: Cryptographically Generated Addresses (CGA)
- RFC3779: X.509 Extensions for IP Addresses and AS Identifiers

IPv6 Security Team

Master Thesis

Konrad-Felix Krentz : Securing 6LoWPAN Neighbor Discovery, November 2012 - September 2013 - Master Project

Former Colleagues

Dr. rer. nat. Ahmad AlSadeh, PhD student, June 2009 - May 2013
Tayo Arulogun, PhD, June 2012 - November 2012
Tacio Santos, PhD student, May 2011 - June 2012

Other Networking Research projects

IT-Security Engeering Team from Dr. rer. nat. Feng Cheng

Events

German IPv6 Summits

Publications

Journals & Magazines

Hosnieh Rafiee, Martin von Löwis, and Christoph Meinel, “IPv6 Deployment and Spam Challenges”, the IEEE Internet Computing magazine, Future Internet Protocols, vol. 16, no. 6, pp. 22 –29, Nov.-Dec. 2012

Ahmad AlSa’deh and Christoph Meinel, “Secure Neighbor Discovery: Review, Challenges, Perspectives, and Recommendations,” IEEE Security & Privacy Magazine, vol. 10, no. 4, pp. 26 –34, Aug. 2012.

Book Chapters

Hosnieh Rafiee, Martin von Löwis and Christoph Meinel, "Challenges and Solutions for DNS Security in IPv6". Prof. Dr. Martinez and el. (editors), Architectures and Protocols for secure Information Technology. (to be) Published by IGI Global .
Hosnieh Rafiee, Martin von Löwis and Christoph Meinel, "Cryptography in Electronic Mail". In Atilla Elçi et al. (editors), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS). (to be) Published by IGI Global, May 2013. ISBN13: 9781466640306.

Ahmad AlSa'deh, Hosnieh Rafiee, and Christoph Meinel, SEcure Neighbor Discovery Review: a Cryptographic Solution for Securing IPv6 Local Link Operations. In In Atilla Elçi et al. (editors), Theory and Practice of Cryptography Solutions for Secure Information Systems (CRYPSIS), pp. 178 -198, IGI Global, May 2013. ISBN13: 9781466640306

Tayo Arulogun, Ahmad AlSa’deh, and Christoph Meinel. Mobile IPv6: Mobility Management and Security Aspects. In Antonio Ruiz Martínez, Fernando Pereñíguez García, and Rafael Marín López (editors), Architectures and Protocols for Secure Information Technology , IGI Global.

Selected Conference Papers

Hosnieh Rafiee, Christoph Mueller, Lukas Niemeier, Jannik Streek, Christoph Sterz and Christoph Meinel. "A Flexible Framework For Detecting IPv6 Vulnerabilities". The 6th International Conference on Security of Information and Networks (SIN2013), ACM, November 26 - 28, 2013 Aksaray, Turkey

Hosnieh Rafiee, and Christoph Meinel, "Privacy and Security in IPv6 Networks: Challenges and Possible Solution". The 6th International Conference on Security of Information and Networks (SIN2013), ACM, November 26 - 28, 2013 Aksaray, Turkey

Konrad-Felix Krentz, Hosnieh Rafiee, and Christoph Meinel, "6LoWPAN Security: Adding Compromise Resilience to the 802.15.4 Security Sublayer". The 1th ACM International Workshop International Workshop on Adaptive Security & Privacy Management for the Internet of Things (ASPI 2013). September 8th 2013, Zurich, Switzerland.

Hosnieh Rafiee and Christoph Meinel. "A Secure, Flexible Framework for DNS Authentication in IPv6 Autoconfiguration". The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13), IEEE, August 22 - 24, 2013 Cambridge, MA USA.

Hosnieh Rafiee and Christoph Meinel. "'SSAS: a Simple Secure Addressing Scheme for IPv6 AutoConfiguration". The 11th IEEE International Conference on Privacy, Security and Trust (PST), IEEE, July 10 - 13, 2013 Tarragona, Spain.

Hosnieh Rafiee, Martin von Löwis and Christoph Meinel. "'DNS Update Extension to IPv6 Secure Addressing". The 9th International Symposium on Frontiers of Information Systems and Network Applications (FINA2013), IEEE. March 26 — 28, 2013 Barcelona, Spain.

Ahmad Alsa’deh, Hosnieh Rafiee, and Christoph Meinel, "IPv6 Stateless Address Autoconfiguration: Balancing between Security, Privacy and Usability" in 5th International Symposium on Foundations and Practice of Security, FPS 2012, 2012, LNCS 7743, pp. 149–161, 2013.

T. Arulogun, A. AlSa’deh, and C. Meinel. "IPv6 Private Networks: security Consideration and Recommendations." In the Proceedings of the 4th International Conference on Mobile e-Services (ICOMeS) Oct. 16 – 17, 2012. Volume 4, ISBN: 978-2902-43-8.

T. Arulogun, C. Meinel and J. Emuoyibofarhe. “IPv6 Based Wireless Sensor Networks Electronic Health Monitoring System”. Proceedings of the Fourth International Conference on Mobile e-Services (ICOMeS) Oct. 16 – 17, 2012. Volume 4, ISBN: 978-2902-43-8

Ahmad Alsa’deh, Hosnieh Rafiee, and Christoph Meinel, “Cryptographically Generated Addresses (CGAs): Possible Attacks and Proposed Mitigation Approaches,” in 12th IEEE International Conference on Computer and Information Technology (IEEE CIT’12), pp.332-339, 2012.

Ahmad AlSa'deh, Hosnieh Rafiee and Christoph Meinel, “Stopping Time Condition for Practical IPv6 Cryptographically Generated Addresses”, 26th IEEE International Conference on Information Networking (ICOIN), Bali, Indonesia, February 1 - 3, 2012.
Hosnieh Rafiee, Ahmad AlSa'deh and Christoph Meinel “Multicore-Based Auto-Scaling SEcure Neighbor Discovery for Windows Operating Systems” , 26th IEEE International Conference on Information Networking (ICOIN), Bali, Indonesia, February 1 - 3, 2012.
Ahmad AlSa'deh, Feng Cheng, and Christoph Meinel,"CS-CGA: Compact and More Secure CGA", 17th IEEE International Conference on Networks (ICON2011), Singapore, pages: 299-304, December 14 - 16, 2011.
Hosnieh Rafiee, Ahmad AlSa’deh, and Christoph Meinel, “WinSEND: Windows SEcure Neighbor Discovery”, 4th International Conference on Security of Information and Networks (SIN 2011), 14-19 November 2011, Sydney, Australia, pages: 243-246, November 2011.
Ahmad AlSa'deh, Feng Cheng, Sebastian Roschke, and Christoph Meinel, "IPv4/IPv6 Handoff on Lock-Keeper for High Flexibility and Security", in Proceedings of 4th IFIP/IEEE International Conference on Network Technologies, Mobility and Security (NTMS'11), IEEE Press, Paris, France, pages: 1-6, February 7-10, 2011.

Other Links

... to our Research:
  Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching:
  Tele-Lectures - MOOCs - Labs - Systems
... to our Publications:
  Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.

Kontakt

Du möchtest mit uns in Austausch treten, oder hast andere Fragen? Schicke uns gern eine Mail an sec-eng-webadmin(at)hpi.de

News!

Juli 2022

HPI Cybersicherheitskurse für deutsch-chinesische Sommerschule der Universität Nanjing

Das HPI unterhält seit mehr als zwei Jahrzehnten enge Beziehungen zu bekannten chinesischen Universitäten und hat bereits 2011 eine eigene HPI Research School an der Universität Nanjing eröffnet. Im Rahmen einer interdisziplinären Sommerschule der Universität Nanjng bot das HPI vom 5. bis 7. Juli 2022 speziell eine Lecture Series zum Thema Cybersicherheit an.

Juni 2022

Ankündigung: Kostenloser Onlinekurs "Tatort Internet: Auflage 2022" startet im Oktober! im Kurs stellen Prof. Dr. Ch. Meinel und das Security-Team aktuelle und grundlegende Themen der Internetsicherheit vor! Melden Sie sich bereits heute an, um den Kursstart nicht zu verpassen!

Mai 2022

openHPI-Kurs: Cloud Computing durchgeführt von Prof. Meinel, Hendrik Steinbeck und Daniel Köhler. Neben der grundlegenden Funktionsweise des Cloud-Computings und der Enabler-Technologien steigt der Kurs auch in Risiken und Verantwortungen beim CC ein.

Nachtrag: Der Kurs ist abgeschlossen, aber die Lehrinhalte sind weiterhin im Selbststudium verfügbar!

März 2022

DDoS-Angriffe: Was sie sind und wie sie funktionieren

Der Krieg zwischen Russland und der Ukraine findet nicht mehr nur im physischen Raum statt. Die Cyberkriegsführung mit Angriffen auf gegnerische Systeme spielt für beide Seiten eine wichtige Rolle. Um der Ukraine zu helfen, startete die Online-Aktivisten-Gruppe Anonymous im Februar 2022 einen Aufruf, sich an DDos-Attacken gegen Russland zu beteiligen. Im Interview erklärt Daniel Köhler, was DDoS-Attacken sind, was ihr Ziel ist und ob man gegen sie vorgehen kann.

Januar 2022

Im Januar ist eine Wiederholung unserer englischsprachigen Cybersicherheits-Reihe auf openHPI mit dem Kurs Confidential Communication in the Internet gestartet.

Werde Teil unseres Teams!

Lehre

Sommersemester 2022

Bachelor Seminar: Cops and Robbers
Master Seminar: Behavioral Authentication and Physical Access Management
Master Project
- Schwachstellen-Datenbank für Cyber Threat Intelligence

Team

Supervisor: Prof. Dr. sc. nat., Dr. rer. nat. Christoph Meinel
Senior Researcher: Dr. rer. nat. Feng Cheng
PostDoc/PhD Students/Research Assistants:
- Eric Klieme, M.Sc.
- Alexander Mühle, M.Sc.
- Dr.-Ing. Pejman Najafi
- Daniel Köhler, M.Eng.
- Mehryar Majd, M.Sc.
- Farzad Motlagh, M.Sc.
- Jonas Schmitz, B.Sc. (Master Student)
External PhD Students:
- Kennedy Torkura, M.Sc. (with Resility GmbH)
- Hendrik Graupner M.Sc. (with Bundesdruckerei GmbH)
- Kaja Schmidt, M.Sc. (with European Commision)
Former Team Members