TELKOM
NIKA
, Vol.12, No
.4, Dece
mbe
r
2014, pp. 96
9~9
7
6
ISSN: 1693-6
930,
accredited
A
by DIKTI, De
cree No: 58/DIK
T
I/Kep/2013
DOI
:
10.12928/TELKOMNIKA.v12i4.540
969
Re
cei
v
ed Se
ptem
ber 23, 2014; Revi
se
d No
vem
ber
7, 2014; Acce
pted No
vem
b
er 20, 201
4
Trusted Node-Based Algorithm to Secure Home Agent
NATed IPv4 Network from IPv6 Routing Header Attacks
Mohamed S
h
enif
y
Coll
eg
e of Co
mputer Scie
nc
e and Info
rm
ati
on T
e
chnol
og
y, Albaha U
n
iv
e
r
sit
y
P.O. Box
1988, 65431 Albaha,
Kingdom of Saudi Arabia
T
e
lp.:
+
966 7 7
27 41
11, F
a
x.: +
966 7 72
4 72
72
e-mail: ma
alsh
enif
y
@
bu.ed
u.
sa
A
b
st
r
a
ct
Providi
ng a
se
cure mo
bil
e
co
mmu
n
icati
on in
mi
x
ed IPv4/IP
v6 netw
o
rks is
a cha
lle
ngi
ng t
a
sk. One
of the
most cr
i
t
ical vu
ln
erab
ili
ties ass
o
ciate
d
w
i
th t
he IPv6
protoco
l
is t
h
e
rout
in
g
hea
de
r that p
o
tentia
ll
y
may
be ex
pl
oit
ed by attack
er
s to bypass th
e security. T
h
i
s
pap
er disc
us
ses an a
l
g
o
rith
m to sec
u
re h
o
me
age
nt netw
o
rk from the rout
i
ng he
ad
er vul
nera
b
il
ity, w
here the ho
me a
gent netw
o
rk uses IPv4 Net
w
ork
Address
T
r
anslatio
n
(NAT
) router. T
he al
g
o
rith
m als
o
ta
kes into acc
o
u
n
t mu
lti-ho
ps
destin
a
tio
n
in
the
routin
g hea
der.
Verificatio
n
w
a
s done thro
ug
h
imp
l
e
m
e
n
tati
o
n
of the algor
ithm at
the Ho
me Agent mod
u
l
in
a testbe
d net
w
o
rk. T
he experi
m
e
n
tal r
e
s
u
lts show
tha
t
the pro
pose
d
al
gorith
m
p
r
ovid
es secur
e
communic
a
tio
n
betw
e
e
n
C
o
rr
espo
nd
ent n
o
d
e
s a
n
d
Mob
ile
No
des t
hat
moved
int
o
the
NAT
ed
netw
o
rk
w
i
thout causin
g a sign
if
ica
n
ce filterin
g del
ay
.
Ke
y
w
ords
: IPv6 security, IPv6 routing head
er, m
o
bile IP,
m
i
xed IP network
1. Introduc
tion
Due to th
e di
rect in
co
mpat
ibility betwee
n
IPv4 and I
P
v6 the se
curity con
c
e
r
n
in mixed
IP networks i
s
con
s
ide
r
ed
to be on
e of the mo
st crit
ical issue
s
in
mobile Inte
rn
et Protocol (MIP)
networks
[1].
Tunneli
ng te
chni
que i
s
b
e
ing u
s
ed to
supp
ort mo
bility in mixed IP networks. Th
e
encapsulation of IPv6 packets into IP
v4 packe
t
s
may intruduce new securi
ty vulnerabilit
ies,
becau
se th
e
se
curity d
e
vices
of the
hom
e ag
ent
n
e
twork may
not b
e
abl
e to p
e
rf
orm
dee
p traf
fic
insp
ectio
n
on
the IPv6 he
ader that
con
t
ains
routin
g
head
er
(RH). The
RH ha
s two type
s:
RH
type 0 (RH0
) and type 2 (RH2).
IPv4 and IPv6 will coexi
s
t for a long pe
riod of
time [2]. During thi
s
perio
d, the movement
of the mobile node
s (M
Ns)
among n
e
two
r
ks configu
r
e
d
with differe
nt IP protocol
s is un
avoida
ble
[3],[4]. Theref
ore, mobility suppor
t in mi
xed IPv4 and IPv6 network
s has gained
vital importance.
Many re
sea
r
che
r
s h
a
ve shown intere
st
s in pro
p
o
s
in
g new me
ch
a
n
ism
s
to add
ress the
se
curity i
s
su
e of IPv4 a
nd IPv6 coe
x
istence with
mobility su
pport. Seve
ral stu
d
ies h
a
ve
investigate
d
se
curity co
ncern
s
and im
pl
ication
s
of MIP such a
s
[5]
-
[7]. Moreove
r
, authors in [8]
discu
ss
se
cu
rity issu
es
of IPv4 and IPv6 and al
so
analyze different se
cu
rity threat
s that m
a
y
emerge
due to implementation of
various transition m
e
chani
sms.
Vulnerability can occur due t
o
exploitation o
f
the IPv6 RH feature
whi
c
h ha
s
b
een
d
e
mon
s
trate
d
and a
nalyzed
in many
re
ce
nt
studie
s
[9]. All the node
s th
at sup
port IP
v6 must be
a
b
le to process IPv6 RH
s.
At the same ti
me,
such vulnerability can be
used by
attackers to
bypass
net
work
security th
rough avoiding
access
control lists o
n
destinatio
n
addre
s
se
s. In this
co
ncern, the firewall
policy must
block forwa
r
d
i
ng
packet
s
with
type 0 RHs (RH0) an
d pe
rmit other ty
pes of RHs
(RH2) to p
a
ss throu
gh. Blocking
all IPv6 packets cont
ainin
g
RHs is, ho
wever, not
a worthy soluti
on as this
co
uld have se
ri
ous
implic
ations for the IPv6 future
d
e
velop
m
ent. Re
ce
ntly, most of firewall
poli
c
ie
s block
all p
a
cket
s
contai
ning
RH0. In additi
on, the defau
lt firewall
co
n
f
iguration p
r
e
v
ents the forwarding of IPv6
traffic
with RH0.
The
RH fu
ncti
onality whi
c
h
is o
r
iginally
provided by IPv6 ca
n b
e
u
s
e
d
to list o
ne o
r
mo
re
interme
d
iate
node
s to be
visited on the
way to a pa
cket’s d
e
stin
a
t
ion. At the same time, it ca
n
be expl
oited
by the atta
ckers to
bypa
ss the traffic filt
ering
me
ch
an
ism
and
ge
ne
rate
a
Deni
al
of
Servic
e (DoS
) attack
[10],[11].
An attacke
r
can
exploit t
he RH i
n
o
r
der to
gen
erate mali
ciou
s packet
s
whi
c
h a
r
e
perfo
rmed
through
spe
c
ifying a
victim
n
ode’
s IP a
ddress in
the
RH. Th
ese
kin
d
s
of pa
ckets will
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 16
93-6
930
TELKOM
NIKA
Vol. 12, No. 4, Dece
mb
er 201
4: 969
– 976
970
be routed th
rough
a pu
blic acce
ssi
ble I
P
address
(e.
g
., netwo
rk
se
rver) a
nd
so
me intermedi
ate
node
s to
be fi
nally delivere
d
to the vi
ctim ho
st. Ce
rta
i
nly, the malicious
pa
ckets
will be
subje
c
ted
to a che
c
king
pro
c
e
ss in th
e se
rver of th
e int
ende
d ne
twork. The
se
rver forwa
r
d
s
these p
a
cket
s
based
on the
IP addresse
s
spe
c
ified
in th
e RH. Th
us
, t
he mali
cio
u
s
packet
s
will reach the vi
ctim
host
without
brea
kin
g
any
of se
curity po
licie
s a
s
sh
o
w
n in Fi
gure
1. Therefore,
all pa
cket
s
which
are received
and pa
ssed t
h
rou
gh the HA must be su
bjecte
d to an insp
ectio
n
proce
s
s.
Figure 1. Sce
nario o
n
Ro
uting He
ade
r Attacks
2. Rese
arch
Metho
d
Whe
n
a
MN
moves to
a
different IP n
e
twor
k th
e tu
nnelin
g conn
ectivity to the HA i
s
accompli
sh
ed
by u
s
ing
IP e
n
ca
psulation
mech
ani
sm.
The e
n
cap
s
ul
ated p
a
cket
consi
s
ts of IPv4-
UDP
-IPv6. The first
re
ceiver
nod
e forwa
r
ds the
pa
ck
e
t
to the fin
a
l d
e
stinatio
n b
a
s
ed
on
the
in
ne
r
IPv6 header,
and then, the
packet is
de
cap
s
ul
at
ed a
nd forwa
r
ded
to the next node
s, whe
r
e
a
s
;
the list of IP
addresse
s att
a
ch
ed in
th
e
RH j
u
stifie
s this p
r
o
c
e
s
s.
All of the re
ceived pa
cket
s that
are in en
ca
psulated form
at are su
bje
c
t to a filt
ration process to pro
t
ect the Hom
e
Network (HN)
from po
ssi
ble
spoofing att
a
cks. The p
u
r
po
se of
ch
e
cki
ng the RH is to determi
ne wheth
e
r t
h
e
type of the
RH i
s
either 0
or
2 a
nd
eith
er th
e
IPv6 a
ddre
s
se
s i
n
lcuded
in
RH2
are
valid
or n
o
t.
Figure
2 illustrate
s the algorithm to filter the in
co
ming packet
s
into the Home Agent (HA)
module.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
1693-6
930
Tru
s
ted Node
Based Algo
ri
thm
to
Secure Hom
e
Agen
t NATed IPv4
.... (Moham
ed Shenify)
971
Figure 2. The
Propo
sed Al
gorithm
A testbed ha
s bee
n set u
p
to verify th
e pro
posed a
l
gorithm. Th
e
testbed topo
logy ha
s
three comp
on
ents a
s
follows (See Fi
gure
3).
1.
IPv6 traffic emulator i
s
de
sign
ed to ge
ner
ate IPv6 packets in
cludi
ng RH0 and
RH2 use
d
to
evaluate
the perfo
rman
ce of
t
he propo
sed alg
o
rithm.
Several
CNs can
simulta
n
eou
sly se
nd
packet to a M
N
stay behi
nd
NAT route
r
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 16
93-6
930
TELKOM
NIKA
Vol. 12, No. 4, Dece
mb
er 201
4: 969
– 976
972
2.
The al
gorith
m
in hom
e n
e
twork im
ple
m
ented in
th
e HA. Thi
s
module
re
cei
v
es the p
a
ckets
sent th
rou
gh
the NAT
ro
uter a
nd th
en
pro
c
e
s
ses th
ese
pa
ckets
according
to
the propo
se
d
algorith
m
.
3.
HA
clients a
c
t as
MNs m
o
ved in i
n
to IPv4 onl
y n
e
twork with
NAT.
Thi
s
HA cli
e
nts a
r
e
havin
g
con
n
e
c
tion wi
th outside
rs a
nd obtaini
ng IPv6 addre
s
se
s from Te
red
o
serve
r
.
Figure 3. Testbed Topol
og
y for the Exp
e
rime
nt
Table
1
sh
o
w
s the
ha
rd
ware
sp
ecifications an
d t
he
config
urat
ion
setting
s
for the
unde
rtaki
ng e
x
perime
n
t.
Table 1. Ha
rd
ware Spe
c
ificati
ons a
nd Configuration
Settings
Installa
tio
n
&
confi
gura
t
io
n s
e
ttin
g
s
Sender
Recei
v
e
r
Client
s
Oper
ating S
y
ste
m
Linux Fe
dora 1
3
Linux Fe
dora 1
3
Window
s 7
PC manufacture
r
Acer® PC
Acer® PC
Dell® PC
Processor
Intel® Core
™ 2
CPU,
E4500 @ 2.20
GHz
Intel® Core
™ 2
CPU, E4500
@
2.20GHz
Intel® Core
™ 2
CPU,
E4500 @ 2.20
GHz
RAM
2 GB
2 GB
4 GB
Implementation
Scap
y
2.2.0 , P
y
t
hon
C prog
ramming
language
Configuration
Traffic Monitorin
g
tool
Scap
y
sniffing function
Wireshark, Scapy
sniffing function
Wireshark , Scapy sniffing
function
IPv6 Address
2404:a8:400:
121
0:a00
:27ff:fe84:698
e
2404:a8:400:
121
0:7
99b:8a80:11
38:e
f
02
C1.
2404:a8:400:
121
0:879a:23
c5:7858:ff84
C2.
2404:a8:400:
121
0:685c:a8
78:2239:bf22
C3.
2404:a8:400:
121
0:687a:3b
82:978:ee04
Five scena
rio
s
are u
s
e
d
in the experim
e
n
ts as follo
ws.
Scena
rio 1: multiple CNs send IPv6 packe
ts co
ntaining 50
% normal p
a
ckets an
d 50%
su
spi
c
iou
s
p
a
ckets. Ea
ch
RH type a
r
e
cond
ucte
d 1
0
run
s
in the
experime
n
t, starting
with
500
packet
s
up to
5000 pa
cket
s with 50
0 pa
ckets in
cre
a
m
ent.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
1693-6
930
Tru
s
ted Node
Based Algo
ri
thm
to
Secure Hom
e
Agen
t NATed IPv4
.... (Moham
ed Shenify)
973
Scena
rio 2: F
i
ve CNs are
emulated to
craft an
d
se
n
d
simultan
eo
usly 500
0 IPv6 packets to
the
HA. Thre
e CNs
sen
d
IPv6 packet
s
co
ntaining
RH
0
,
while the re
st se
nd pa
ckets witho
u
t RH0.
Acco
rdi
ng to [12] the majo
rity of observ
a
tions
sho
u
ld
be at least
60% of the populatio
n as
a
norm
a
l pa
cke
t
s. Hen
c
e, in
this pap
er 7
0
%
normal p
a
c
kets (i.e., pa
ckets with
out
RH0
) an
d 30%
malicio
us (p
a
c
kets th
at include
RH0)
are co
nsi
d
e
r
ed
to be the
re
pre
s
entative
of the majo
rit
y
of
the packet
s
. The pa
ckets
whi
c
h in
clude
RH0 a
r
e di
stributed a
s
foll
ows:
(1)
20% of the packets h
a
ve matche
d IP des
tinatio
n ad
dre
s
ses
with the autho
rized
list, and
(2)
10% of those
packets h
a
ve unmatched
IP
destination addresse
s
(i.e., suspicio
us pa
cket
s)
in the RH. T
he unm
atch
e
d
pa
cket
s
ca
n be divide
d
into 7% mal
i
ciou
s pa
cket
s an
d 3
%
norm
a
l pa
cke
t
s.
Experiment
s
are
con
d
u
c
te
d for this
sce
nario, a
nd th
e re
sults h
a
v
e been
sub
s
eque
ntly
use
d
to cal
c
ulate the a
c
cura
cy of the prop
osed
alg
o
rithm in terms of preven
ting the HA fro
m
RH0 vulnerab
ility using Equat
ion (1
) an
d Equation (2
).
∗
100%
(1)
∗
100%
(2)
In this pa
per,
the fal
s
e
po
sitive is d
e
fined a
s
the
sit
uation i
n
whi
c
h th
e
actu
al
no
rmal
packet is det
ected a
s
an a
ttack. False p
o
sitive
occu
rres be
cau
s
e t
he pro
p
o
s
ed
algorith
m
reje
cts
all the
su
spi
c
i
ous pa
ckets (i.e., maliciou
s
and
no
rmal
packet
s
) carrying unm
atch
ed IPv6 routi
ng
head
er ad
dre
s
ses.
Scena
rio
3:
Five CNs
are
emulate
d
to
sen
d
IPv6 p
a
ckets to HA
client
s throu
gh NAT
an
d
the
prop
osed al
g
o
rithm m
odul
e in HA. T
h
e
CNs a
r
e
di
vided into th
ree sets. Th
e
first set ha
s t
w
o
node
s which
are intend
e
d
to generate and send
su
spi
c
iou
s
p
a
ckets
with RH2 (contain
i
ng
unre
g
iste
re
d IPv6 destinati
on add
re
ss). The se
cond
set co
ntain
s
two no
de
s tha
t
generate an
d
sen
d
pa
ckets without
RH2.
The la
st
set
rep
r
e
s
ent
s a
n
autho
ri
zed
CN
whi
c
h i
n
tend
s to g
ene
rate
packet
s
cont
aining
RH2
with valid IPv6
destin
a
tion
a
ddre
s
s. Th
e
gene
rated
pa
ckets
se
nt by
the
authori
z
e
d
CN are spe
c
ified with
onl
y one RH
destin
a
tion I
P
address p
e
r pa
cket. T
he
embed
ded IP
addresse
s wi
thin the RH2
must be m
a
tched with th
e
home a
ddress of the MN t
hat
has al
rea
d
y stored in the I
P
v6CoA_
ca
che. Total num
ber of pa
ckets is 50
00.
Scena
rio
4: S
a
me
as Sce
n
a
rio
1, b
u
t wit
h
the
ratio
of
norm
a
l p
a
cke
t
to mali
ciou
s
packet i
s
set
to
40% to 60%.
Scena
rio 5: Same as S
c
en
ario 1, but wit
h
the rati
o of norm
a
l pa
cke
t
to malicious
packet is
set to
60% to 40%.
3. Results a
nd Analy
s
is
Two a
s
p
e
ct
s of performan
ce
s are co
nsi
dere
d
in
the experim
ents; perfo
rman
ce in
term
of packet filtering p
r
o
c
e
ss t
i
me and a
c
cu
racy in dete
c
ting malicio
us packets.
3.1. Filtration Time
Figure 4 displ
a
ys the time requi
red to filter the same a
m
ount
of pa
ckets
while the
size of
packet
s
also
incre
a
sed in accordan
ce with
the IPv6 RH0. The figure al
so lead
s to
the
con
c
lu
sio
n
th
at wh
en th
e
numbe
r
of IPv6 RH a
ddre
s
ses in
cre
a
se, the time
required fo
r t
he
filtration p
r
o
c
ess al
so
increased.
It is
worth
notin
g
that the d
e
ve
loped
algo
rith
m re
quires m
o
re
time to filtra
te the m
a
tched
pa
ckets than
unm
atche
d
p
a
cket
s. Th
e rea
s
on b
ehin
d
t
h
is
observation
i
s
that th
e filtration
process fo
r ma
t
c
he
d pa
ckets co
ntinue
s u
n
til
the la
st RH I
P
address whil
e in case of unmatched p
a
ckets the f
iltering p
r
o
c
e
s
s stop
s when
at least one
of
those IP add
resse
s
d
o
e
s
not match
wi
th the
IP addre
s
ses i
n
the dataset. Hence, it can
be
con
c
lu
ded
th
at this algo
ri
thm pe
rform
s
better con
s
i
derin
g the
ti
me requi
red
for filterin
g t
h
e
unmatched p
a
ckets.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 16
93-6
9
30
TELKOM
NIKA
Vol. 12, No. 4, Dece
mb
er 201
4: 969
– 976
974
Figure 4. Filter Pro
c
e
ssin
g
Time vs. Nu
m
ber of IPv6 Pac
k
ets
with RH0 [5]-[24]
Figure 5
sh
ows the
filtration p
r
o
c
e
s
sing
time on
RH2 whi
c
h
co
ntainin
g
and not
contai
ning m
u
lti-hop IP ad
dre
s
ses, a
nd
also th
e
one
without a
n
y secu
rity policy
in the HA. T
h
e
prop
osed
alg
o
rithm
affect
s the
n
e
two
r
k p
e
rfo
r
ma
nc
e in
term
s
of filtering
del
a
y. The filtrati
on
pro
c
e
ss time
for packet
co
ntaining multi
-
hop
RH
2 is h
i
gher tha
n
no
n-multi-hop p
a
cket.
Figure 5. Average Pa
cket Filtering Tim
e
on RH2
3.2. Accur
a
c
y
In Figure 6, t
he pl
ot with
red
colo
r
rep
r
ese
n
ts th
e
ca
se
wh
en th
e
numbe
r
of m
a
licio
us
packet
s
is greater th
an n
o
r
mal p
a
cket
s. In this
con
c
ern,
the num
ber of
mali
cious pa
ckets
i
s
a
multiple of
no
rmal
pa
ckets.
Ho
weve
r, th
e blu
e
line
re
pre
s
ent
s the
ca
se
at which the
numb
e
r of
norm
a
l pa
cke
t
s is greate
r
than the mali
cious p
a
cket
s.
Based o
n
thi
s
figure, it is obviou
s that the
accuracy of t
he propo
se
d
algorithm
p
e
rform
s
b
e
tter wh
en the
numbe
r
of m
a
licio
us p
a
ckets
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
1693-6
9
30
Tru
s
ted Node
Based Algo
ri
thm
to
Secure Hom
e
Agen
t NATed IPv4
.... (Moham
ed Shenify)
975
greate
r
than
normal pa
ckets. The
cause of be
tter accuracy is mainly
res
u
lted from the
decrea
m
ent o
f
the false po
sitive rate.
Figure 6. Accura
cy of the Propo
se
d Algor
ithm on
RH0 Based o
n
3
1
Observatio
ns
The extend
e
d
algo
rithm
has
a high
accuracy in
prote
c
ting th
e home
net
work a
nd
handl
es
susp
iciou
s
pa
ckets contai
ning
multi-ho
ps
of
RH IP a
ddre
s
ses.
Co
mpa
r
ed
to n
o
mu
lti-
hop
algo
rith
m, the multi-hop al
gorith
m
has a
c
cura
cy of 97% wit
h
a differen
c
e of 2%. Figu
re 7
sho
w
s the a
c
cura
cy of the propo
se
d
algorit
hm wi
th
multi-hop and
no multi
-
hop add
re
sses
handli
ng.
Figure 7. Accura
cy of the Propo
se
d Algorithm on
RH2 Packets
Two
trial
s
(wi
t
h 31
ob
se
rvations ea
ch
)
are
co
ndu
cte
d
to ve
rify the si
gnifican
ce of th
e
experim
ental
results. Th
e
Mean a
nd
Standard De
viat
ion of the
first and th
e
se
con
d
trial
are
(0.970
00; 0.0
1861
9) an
d (0.
9850
0;0.00
9092
), re
spe
c
tively.
The
re
sults o
f
the t-te
st
shown in
Ta
bl
e 2
present t
hat the
prop
ose
d
al
gorith
m
ha
s
a
signifi
cant eff
e
ct on th
e e
ffectiv
eness
of packet filtration. It is
clea
rly se
en
that there i
s
a
signifi
cant differen
c
e in M
e
an between t
r
ial one a
nd t
w
o. The t-te
st result al
so i
n
dicates a hi
gh
signifi
can
c
e
for the
devel
o
ped
algo
rith
m at (sig
=
0
.
000
< 0.0
1
),
i.e. the
confi
den
ce i
s
gre
a
ter
than 95% [13
]
.
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 16
93-6
930
TELKOM
NIKA
Vol. 12, No. 4, Dece
mb
er 201
4: 969
– 976
976
Table 2. t-Te
st For Results Significa
nce
T
r
ial
Levene’s test for
equalit
y
of
variances
t-test of equalit
y
of Means
95% confidence interval
of the diff.
F Si
g.
T
df
Sig. (2-
tailed)
Means
diff.
Std. Err.
Diff.
Lo
w
e
r
Upper
Equal
variant
assumed
15.528
0.000
-4.031
60
0.000
-0.015
0.003721
-0.022414
-0.007556
Not
assumed
-4.031
43.538
0.000
-0.015
0.003721
-0.022502
-
0.00749
8
4. Conclusio
n
An algorithm
for securin
g
home age
nt network in
a mobile IPv4/IPv6 mixed network
from IPv6 routing hea
d
e
r vulnerabili
ty has
been
propo
se
d. The propo
se
d algorithm
is
inco
rpo
r
ate
d
i
n
to the
Hom
e
Agent of
a NATed IP
v4 ne
twork. Te
stbe
d expe
riment
al re
sult
s
sho
w
that the p
r
o
p
o
se
d al
gorith
m
a
c
curately
filter
mali
cio
u
s
pa
ckets
coming i
n
to th
e NAT
ed IPv
4
netwo
rk
witho
u
t significan
c
e delay on filtering p
r
o
c
e
ss.
This pa
per focu
se
s
only
the
routin
g
hea
der
type 0
and type 2. In future, other
vulnerabilities in mixed IP
network will
be consid
ered with the int
ention of
providing seaml
e
ss
and secure h
andove
r
process.
Referen
ces
[1]
Ahmad
i
, SM. Anal
ys
is T
o
w
a
rds Mob
ile
IPv4 a
nd M
obi
le I
P
v6 in
Com
p
u
t
er Net
w
orks.
In
te
rn
a
t
io
nal
Journ
a
l of Intell
ige
n
t Systems
and Ap
plic
atio
ns (IJISA)
. 2012; 4(4): 33-51.
[2]
Hong, LX
.
T
h
e
Research of
Netw
ork T
r
ansitiona
l T
e
chno
l
ogy from IPv4
to IPv6
. Proceedi
ngs of the
4
th
IEEE
Internatio
nal C
onfe
r
ence o
n
Dig
ital Ma
n
u
facturi
ng an
d Autom
a
tion (ICDMA).
Shando
ng.
201
3: 150
7-15
09.
[3]
Lee, KH., Jun
g
, HK., Lee, HW
., Lee, SK., Han, YH. A Net
w
ork-B
a
se
d IP Mobilit
y
Mana
geme
n
t
Scheme
w
i
th I
P
v4/IPv6 Dua
l
Stack Supp
ort. In: H-K Jung
et. al.
Editors
.
Lecture Notes in
El
ectrical
Engi
neer
in
g:
F
u
ture Infor
m
ation
Co
mmu
nicati
on T
e
c
h
nol
ogy
an
d A
pplic
atio
ns (IC
F
ICE 201
3)
.
Berlin:S
prin
ger
. 2013: 19
9-21
6.
[4]
Jun Z
h
a
ng, H
a
i Z
h
a
o
, Bo Y
ang, Si-
y
u
a
n
J
i
a. F
r
actals o
n
IPv6 Net
w
ork
T
opolog
y.
TEL
K
OMNIKA
Indon
esi
an Jou
r
nal of Electric
al Eng
i
ne
eri
n
g
.
2013; 1
1
(2): 5
77-5
82.
[5]
Durd
a
ğ
ı
, E., Buld
u, A. IPv4/IPv6 Sec
u
rit
y
a
nd T
h
reat C
o
mpariso
n
s.
Pro
c
edi
a-Soci
al a
nd
B
ehav
iora
l
Scienc
es
. 201
0; 2(2):
5285-
5
291.
[6]
La P
o
ll
a, M., Martin
ell
i
, F
., Sgan
durr
a
,
D. A Surv
e
y
on
Sec
u
rit
y
for Mo
bil
e
Devices.
IEEE
Co
mmun
icati
o
ns Surveys & T
u
toria
l
s
.
201
3; 15(1): 44
6
-
471.
[7]
Z
agar, D., Grgi
c, K., Rimac-D
rlje, S.
Sec
u
rit
y
Aspects
in
IPv6 N
e
t
w
orks-Implem
entatio
n
a
nd T
e
sting
.
Co
mp
uters & Electrical E
ngi
ne
erin
g
.
200
7; 33
(5-6): 425-
437.
[8]
Al-T
amimi, BN., Budiarto, R., Omar, MA., Alhen
da
w
i
, MK.
Exp
l
o
i
ting IPv6
Routin
g He
ad
ers T
y
p
e
0/2
in D
i
fferent IP
W
i
reless
Net
w
orks: Attack S
c
enar
io &
An
al
ysis.
J
our
nal
o
f
T
heoretic
al
a
nd A
ppl
ie
d
Information T
e
chno
logy
. 2
014
; 59(2): 372-3
7
8
.
[9]
Karthike
ya
n,
V., Prittopaul.
P
. A Surve
y
on Vu
ln
erab
ilit
y
of T
y
p
e
0
Routi
ng
Hea
der i
n
IPv6
.
Internatio
na
l Journ
a
l of Co
mputer
Scie
nce
and Ma
na
ge
ment Rese
arch
.
201
3; 2(2):
167
1-16
76.
[10]
Wadh
w
a
, M.,
Khari, M. Sec
u
rit
y
Ho
les
in
Contra
st to
the N
e
w
F
e
atu
r
es Emerg
i
n
g
in the
Ne
xt
Generati
on Pro
t
ocol.
Internati
ona
l Journ
a
l of
Computer Ap
p
licatio
ns
.
20
11;
20(3):
35-3
9
.
[11]
Dac-Nh
uo
ng
L
e
. DDoS Attac
k
Defens
e in
Ne
xt Gener
ati
on N
e
t
w
orks u
s
ing Priv
ate S
e
curit
y
Po
lic
y.
Internatio
na
l
Journa
l o
f
Informatio
n
and N
e
tw
orks Securit
y
(IJINS)
. 201
4;
3(3):
DOI:10.115
91/i
jins.v3i
3
.63
40.
[12]
F
i
eld, A.
Discovering Statistics Using SPSS
.
T
h
ird Editio
n. Lon
do
n:
Sage Publ
icatio
ns.
2
009.
[13]
Hair, JF
., Black, W
C
., Babin, BJ., Anderson
,
RE. Mu
ltivari
a
te Data A
n
a
l
ysis: A Globa
l
Perspectiv
e
.
Seventh E
d
itio
n. Ne
w
Jerse
y
:
Pearson Pre
n
t
i
ce Hal
l
. 201
0.
Evaluation Warning : The document was created with Spire.PDF for Python.