M161. Platforma de audit a securitatii in retele IPv6
1. Tema:
Proiectul isi propune identificarea celor mai importante amenintari de securitate intr-o retea IPv6. Pe baza acestora, se va implementa o platforma de audit pentru astfel de retele.
2. Obiective:
Studiul trebuie sa aiba in vedere atacurile cunoscute in domeniul IPv6 (NDP Poisoning, vulnerabilitati Dual stack, manipularea antetelor de rutare etc.), precum si identificarea de noi tipuri de vulnerabilitari si atacuri. Se au in vedere atat protocolul IPv6, cat si protocoalele aditionale (ICMPv6, Mobile IPv6 etc.).
Implementarea platformei de audit trebuie sa permita detectarea atacurilor la care o retea IPv6 este vulnerabila. Acest lucru presupune executarea atacurilor pe reteaua tinta si observarea raspunsurilor din partea retelei.
Arhitectura platformei se realizeaza in doua parti:
- o parte de generare a pachetelor pentru controlul atacurilor (folosind Scapy)
- o parte de alterare rapida a pachetelor de date (folosind solutii native, cum ar fi libpcap)
Subsistemul de alterare functioneaza pe baza unor reguli primite de la subsistemul de control.
Platforma de audit va avea o structura usor extensibila, pentru adaugarea de noi facilitati in viitor.
3. Bibliografie:
[1] Burns, Bryan; Granick, Jennifer; Manzuik, Steve et. al. – Security Power Tools, O’Reilly Media, 2007
[2] Martelli, Alex – Python in a Nutshell, O’Reilly Media, 2003
[3] Popoviciu, Ciprian; Levy-Abegnoli, Eric; Grossetete, Patrick – Deploying IPv6 Networks, Cisco Press, 2006
[4] Ebalard, A; Biondi, P – Scapy and IPv6 Networking, 2006, Disponibil pe http://www.secdev.org/conf/scapy-IPv6 HITB06.pdf
[5] Christian Benvenuti -Understanding Linux Network Internals, O’Reilly – December 2005
[6] libpcap Documentation: http://www.tcpdump.org
4. Detalii de desfasurare
- coordonator proiect: conf. dr. ing. Razvan Rughinis
- echipa: CARP Alexandru-Mihai, SOARE Andreea Carmen
- cunostinte necesare: Programare in C, Programare in Python, Retelistica
- sala: EG106b
- program: 6 ore pe saptamana, doua semestre
5. Rezultatele primului semestru
Practical Analysis of IPv6 Security Auditing Methods
The project can be further expanded by focusing on more network vulnerabilities in IPv6. The most natural approach is to discuss other attacks that target local area networks, like man-in-the-middle attacks.
Man-in-the-middle attacks in IPv6 should be very similar to the ones in IPv4. Both are based on exploiting the Data-link to Network layer addressing mapping protocol – ARP in IPv4 and NDP in IPv6. A MitM attack in IPv6 should poison the neighbour tables of hosts in such a way that traffic is directed to pass through the attacker in a transparent way – that is, without the end hosts to perceive a change in the network.
Another class of attacks than can make a good object for further study is IPv6 Internet attacks. These attacks no longer limit their scope to a subnet, but can be deployed across internetworks. A known vulnerability is manipulating the ICMPv6 routing headers in order to bypass normal forwarding on routers. Other vulnerabilities can exploit default configurations in IPv6 devices – like services that are activated by default but are not protected, lack of access-lists etc.
These attacks focus on the interim period of transitioning from IPv4 to IPv6. Administrators will give priority to connectivity and functionality, and not to security, so inherent security holes will be easy to exploit.
A different branch of the study is assessing the performance of already implemented tools – we are talking about the ones written using Scapy – and identify the ones where speed is a critical aspect. It is clear that those attacks should have a native acceleration layer, with increased performance. This layer could be implemented using native APIs like raw sockets or libpcap. Our job will be to determine the most feasible native implementation and give some models for it.