Detail publikačního výsledku

Host Identity Detection in IPv6 Networks

POLČÁK, L.; HOLKOVIČ, M.; MATOUŠEK, P.

Original Title

Host Identity Detection in IPv6 Networks

English Title

Host Identity Detection in IPv6 Networks

Type

Paper in proceedings (conference paper)

Original Abstract

It is important to keep networks secure and reliable. In order to backtrack security incidents, provide accounting for offered services etc., it is necessary to know the identity of network users. With various methods for IPv6 address assignments, IPv6 brings new challenges to user identification in LAN. This paper proposes a new approach for tracking user identity in LANs. The approach is based on network control traffic that is already present in IPv6 networks and it is passive to end devices. In contrast to current methods, the proposed approach does not bring any extensive workload to active network devices, works in networks with Multicast Listener Discovery snooping, and is able to detect that an address is no longer used. In order to make the approach reliable, we studied the behaviour of current operating systems during
IPv6 address assignments. We implemented a tool called ndtrack based on the proposed approach and tested it in real network.

English abstract

It is important to keep networks secure and reliable. In order to backtrack security incidents, provide accounting for offered services etc., it is necessary to know the identity of network users. With various methods for IPv6 address assignments, IPv6 brings new challenges to user identification in LAN. This paper proposes a new approach for tracking user identity in LANs. The approach is based on network control traffic that is already present in IPv6 networks and it is passive to end devices. In contrast to current methods, the proposed approach does not bring any extensive workload to active network devices, works in networks with Multicast Listener Discovery snooping, and is able to detect that an address is no longer used. In order to make the approach reliable, we studied the behaviour of current operating systems during
IPv6 address assignments. We implemented a tool called ndtrack based on the proposed approach and tested it in real network.

Keywords

Computer network security, host identity, IPv6 monitoring, SLAAC, neighbor discovery.

Key words in English

Computer network security, host identity, IPv6 monitoring, SLAAC, neighbor discovery.

Authors

POLČÁK, L.; HOLKOVIČ, M.; MATOUŠEK, P.

RIV year

2017

Released

28.09.2014

Publisher

Springer Verlag

Location

Berlin

ISBN

978-3-662-44787-1

Book

E-Business and Telecommunications

ISBN

1865-0929

Periodical

Communications in Computer and Information Science

Volume

456

Number

456

State

Federal Republic of Germany

Pages from

74

Pages to

89

Pages count

16

URL

http://link.springer.com/chapter/10.1007/978-3-662-44788-8_5

Full text in the Digital Library

http://hdl.handle.net/

BibTex

@inproceedings{BUT111509,
  author="Libor {Polčák} and Martin {Holkovič} and Petr {Matoušek}",
  title="Host Identity Detection in IPv6 Networks",
  booktitle="E-Business and Telecommunications",
  year="2014",
  journal="Communications in Computer and Information Science",
  volume="456",
  number="456",
  pages="74--89",
  publisher="Springer Verlag",
  address="Berlin",
  doi="10.1007/978-3-662-44788-8",
  isbn="978-3-662-44787-1",
  issn="1865-0929",
  url="http://link.springer.com/chapter/10.1007/978-3-662-44788-8_5"
}