Detail publikace

Host Identity Detection in IPv6 Networks

Originální název

Host Identity Detection in IPv6 Networks

Anglický název

Host Identity Detection in IPv6 Networks

Jazyk

en

Originální abstrakt

It is important to keep networks secure and reliable. In order to backtrack security incidents, provide accounting for offered services etc., it is necessary to know the identity of network users. With various methods for IPv6 address assignments, IPv6 brings new challenges to user identification in LAN. This paper proposes a new approach for tracking user identity in LANs. The approach is based on network control traffic that is already present in IPv6 networks and it is passive to end devices. In contrast to current methods, the proposed approach does not bring any extensive workload to active network devices, works in networks with Multicast Listener Discovery snooping, and is able to detect that an address is no longer used. In order to make the approach reliable, we studied the behaviour of current operating systems during IPv6 address assignments. We implemented a tool called ndtrack based on the proposed approach and tested it in real network.

Anglický abstrakt

It is important to keep networks secure and reliable. In order to backtrack security incidents, provide accounting for offered services etc., it is necessary to know the identity of network users. With various methods for IPv6 address assignments, IPv6 brings new challenges to user identification in LAN. This paper proposes a new approach for tracking user identity in LANs. The approach is based on network control traffic that is already present in IPv6 networks and it is passive to end devices. In contrast to current methods, the proposed approach does not bring any extensive workload to active network devices, works in networks with Multicast Listener Discovery snooping, and is able to detect that an address is no longer used. In order to make the approach reliable, we studied the behaviour of current operating systems during IPv6 address assignments. We implemented a tool called ndtrack based on the proposed approach and tested it in real network.

BibTex


@inproceedings{BUT111509,
  author="Libor {Polčák} and Martin {Holkovič} and Petr {Matoušek}",
  title="Host Identity Detection in IPv6 Networks",
  annote="It is important to keep networks secure and reliable. In order to backtrack
security incidents, provide accounting for offered services etc., it is necessary
to know the identity of network users. With various methods for IPv6 address
assignments, IPv6 brings new challenges to user identification in LAN. This paper
proposes a new approach for tracking user identity in LANs. The approach is based
on network control traffic that is already present in IPv6 networks and it is
passive to end devices. In contrast to current methods, the proposed approach
does not bring any extensive workload to active network devices, works in
networks with Multicast Listener Discovery snooping, and is able to detect that
an address is no longer used. In order to make the approach reliable, we studied
the behaviour of current operating systems during
IPv6 address assignments. We implemented a tool called ndtrack based on the
proposed approach and tested it in real network.",
  address="Springer Verlag",
  booktitle="E-Business and Telecommunications",
  chapter="111509",
  doi="10.1007/978-3-662-44788-8",
  edition="NEUVEDEN",
  howpublished="print",
  institution="Springer Verlag",
  number="456",
  year="2014",
  month="september",
  pages="74--89",
  publisher="Springer Verlag",
  type="conference paper"
}