Electronics, Vol. 12, Pages 2335: Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

JournalFeeds

Electronics, Vol. 12, Pages 2335: Analysis of the Security Challenges Facing the DS-Lite IPv6 Transition Technology

Electronics doi: 10.3390/electronics12102335

Authors:
Ameen Al-Azzawi
Gábor Lencse

This paper focuses on one of the most prominent IPv6 transition technologies named DS-Lite (Dual-Stack Lite). The aim was to analyze the security threats to which this technology might be vulnerable. The analysis is based on the STRIDE method, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege. A testbed was built for the DS-Lite topology using several virtual machines, which were created using CentOS Linux images. The testbed was used to perform several types of attacks against the infrastructure of DS-Lite, especially against the B4 (Basic Bridging Broadband) and the AFTR (Address Family Transition Router) elements, where it was shown that the pool of source ports can be exhausted in 14 s. Eventually, the most common attacks that DS-Lite is susceptible to were summarized, and methods for mitigating such attacks were proposed.

MDPI Publishing. Click here to Read More