• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.340-343
• /
• 2006

IPv6는 차세대 네트워크를 구축하기 위한 가장 핵심적인 기술로써, 풍부한 주소공간과 이동성 지원, 보안기능 강화 등 IPv4에 비해 많은 이점을 지니고 있다. 또한 IPv4의 주소 고갈 문제를 해결하기 위해 IPv6로의 전환이 당연시 되고 있으나 IPv4/IPv6 혼재망이 과도기적인 입장에서 대안이 될 수 있다. 그러나 IPv4/IPv6 혼재망과 IPv6망은 IPv4에서와 마찬가지로 프로토콜 기능상의 많은 문제점을 안고 있다. 본 논문에서는 IPv6망 및 IPv4/IPv6 혼재 네트워크상에서의 보안 취약점과 실험 결과를 기술하였다.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.2 no.4
• /
• pp.215-221
• /
• 2007

IPv6 is a protocol to solve the address space limitation of IPv4 by IETF. Many transition mechanism to communicate between IPv4 and IPv6 in mixed IPv4/IPv6 network are proposed. DSTM tunneling is a mechanism that dual stack in IPv6 network is able to communicate with node in IPv4 network by dynamic allocating the IPv4 address. This mechanism supports the execution of IPv4 dependent application without modification at IPv6 network. In this paper, we explain the security vulnerability at DSTM network for DHCP attack, TEP attack, and source spoofing attack then describe the result of attacks.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2003.10a
• /
• pp.243-246
• /
• 2003

The design of router that converts IP packets from IPv4 network to IPv6 network using embedded Linux toolkit based on processor is presented. As an address transition platform, IPv6 module is transplanted to Linux using processor and the experiment was done with IPv4 and IPv6. In order to build the test network, it is constructed with Tunneling mechanism of IPv4 and IPv6 network. The packet value is obtained about 2$\mu$sec on average a 2 hops on the ICMP ping6.

• The KIPS Transactions:PartC
• /
• v.14C no.1 s.111
• /
• pp.27-38
• /
• 2007

IPv6 has appeared for solving the address exhaustion of IPv4 and for guaranteeing the problems of security and QoS. It occurs the unexpected new attacks of IPv6 as well as the existing attacks of IPv4 because of the increasing address space to 128bits and the address hierarchies for efficient network management and additions of the new messages between nodes and routers like neighbor discovery and auto address configuration for the various comfortable services. For the successful transition from IPv4 to IPv6, we should get the secure compatibility between IPv4 hosts or routers working based on secure and systematic policy and IPv6. Network manager should design security technologies for efficient management in IPv4/IPv6 co-existence network and IPv6 network and security management framework designation. In this paper, we inspected the characteristics of IPv4 and IPv6, study on security requirement for efficient security management of various attacks, protocol, service in IPv4/IPv6 co-existence and IPv6 network, and finally suggest integrated solution about security vulnerability of IPv6 network in considering of analysis of IPv6 system, host and application, IPv6 characteristics, modified CGA(MCGA).

• Convergence Security Journal
• /
• v.3 no.3
• /
• pp.1-6
• /
• 2003

The IPv6 was suggested as an ultimate solution of problems that IPv4 protocol maintains limitations to apply to new technology of data service and the lack of IPv4 address space. So it is expected to transfer IPv4 to IPv6 gradually. In the Ipv6 environment, it is easier to apply security policies and transmits a secure packet applied the security policies, with the content in the Header itself. By this reason, this paper describes about the implementation of DHCPv6 server to perform a connection of IPv6 network and IPv4 network, and the application of secure packet with the security policies for clients. Further, it performs the process of the massages inside the DHCPv6 server to be used in the IPv6 environment in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.6
• /
• pp.77-87
• /
• 2007

It will need a quite long time to replace IPv4 protocol, which currently used, with IPv6 protocol completely, thus we will use both IPv4 and IPv6 together in the Internet during the period. For coexisting protocols, IETF standardized various IPv4/IPv6 transition mechanisms. However, new security problems of IPsec adaptation and IPv6 packet filtering can be raised by tunneling mechanism which mainly used in transition mechanisms. To resolve these problems, we suggested two improved schemes for packet filtering functions, which consists of an inner header filtering scheme and a dedicated filtering scheme for IPv4/IPv6 transition mechanisms. Also we implemented our proposed schemes based on Linux Netfilter framework, and we tested their filtering functions and evaluated experimental performance of our implementation on IPv4/IPv6 transition testbed. These evaluation tests indicated that our improved packet filtering functions can solve packet filtering problems of IPv4/IPv6 transition mechanisms without severely affecting system performance.

• Journal of KIISE:Information Networking
• /
• v.34 no.1
• /
• pp.16-26
• /
• 2007

It is well known that, in the near future, the lifetime of the IPv4 address space will be limited and available 32-bit IP network addresses will not be left my more. In order to solve such IPv4 address space problem in an effective way, the transition to the new version using IPv6 architecture is inevitably required. This paper presents the design and implementation of IPv4/IPv6 dual stack at the GSM Phone based on Linux Kernel 2.4 IPv6 Protocol Stack. It designs appropriately in GSM Phone environment and it is tested by a network of Linux IPv4/IPv6 dual stack on PPP. The test was processed with a test scenario and it was found that the results were successful.

• The Transactions of the Korea Information Processing Society
• /
• v.7 no.11S
• /
• pp.3613-3622
• /
• 2000

This paper presents IPv6 evolution strategies toward Next Generation Internet. We define requirements for IPv6 transition, then propose the IPv6 evolution strategies by considering IPv4/1Pv6 interworking, IPv6 development items with superiority compared to foreign technologies, IPv6 network evolution strategy for operation and management in stages by new Internet site or ISPs. the policy for structure and allocation of production IPv6 addresses, and reinforcement methods of the international activities on IPv6 related areas.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.7
• /
• pp.1230-1251
• /
• 2011

This document specifies a new IPv6 deployment protocol called CHANC, which stands for Configuring Hosts to Auto-detect (IPv6, IPv6-in-IPv4, or IPv4) Network Connectivity. The main part is an application level tunneling protocol that allows Internet Service Providers (ISPs) to rapidly start deploying IPv6 service to their subscribers whom connected to the Internet via IPv4-only access networks. It carries IPv6 packets over HTTP protocol to be transmitted across IPv4-only network infrastructure. The key aspects of this protocol are: offers IPv6 connectivity via IPv4-only access networks, stateless operation, economical solution, assures most firewall traversal, and requires simple installation and automatic configuration at customers' hosts. All data packets and routing information of the IPv6 protocol will be carried over the IPv4 network infrastructure. A simple application and a pseudo network driver must be installed at the end-user's hosts to make them able to work with this protocol. Such hosts will be able to auto-detect the ISP available connectivity in the following precedence: native IPv6, IPv6-in-IPv4, or no IPv6 connectivity. Because the protocol does not require changing or upgrading customer edges, a minimal cost in the deployment to IPv6 service should be expected. The simulation analysis showed that the performance of CHANC is pretty near to those of native IPv6, 6rd, and IPv4 protocols. Also, the performance of CHANC is much better than that of D6across4 protocol.

• Proceedings of the Korean Information Science Society Conference
• /
• 2006.10d
• /
• pp.334-337
• /
• 2006

현재 전 세계는 IPv4 주소 자원의 고갈에 대비한 IPv6의 도입을 위해 국가 차원의 전략적인 노력을 기울이고 있으며, 이에 따라 IPv4망에서 IPv6망으로의 안정적인 전이를 위한 상호 운영기술이 지속적으로 개발되고 있다. 이러한 기술을 적용하기 위한 다양한 응용 프로그램의 운영을 위해서 IPv6 기반의 DNS 기술은 그 핵심적인 요소라 할 수 있다. 그러나 현재 IPv4로 이루어져 있는 환경에서 바로 IPv6 환경으로의 변경이 어렵기 때문에 IPv6 네트워크 환경으로의 전이 과정에서 발생되는 IPv4와 IPv6의 네트워크의 공존 환경에서 트래픽을 안정적으로 전달하기 위한 기술이 필요하게 되었다. 이런 IPv4와 IPv6 상호 운용 기술을 이용하여 본 논문에서는 IPv4와 IPv6가 혼재한 망에서 안정적인 IPv6 Recursive DNS을 구성하기 위하여 상호 운용 기술 중 터널링 기술을 이용한 IPv6 Recursive DNS 구성 방안을 제시하여 혼재한 IPv4 와 IPv6 DNS를 운영하기 위한 구성모델을 제안한다.