Securing IPv6 network infrastructure: A new security model

摘要

Nation's network infrastructure such as the Global Information Grid (GIG) for the Department of Defense (DoD) and the OneNet for the Homeland Security Department are tran-sitioning to the Internet Protocol version 6 (IPv6) per DoD CIO Memorandum of June 2003 and the Office of Management and Budget memorandum OMB-05–22. There exist IPv6 specific security vulnerabilities in these network infrastructures that need to be mitigated in order to achieve security parity with the existing IPv4 operations. From the perspective of the Homeland Security technologies, the existence of additional security vulnerabilities implies a possibility for two pronged threats. First, the IPv6 specific vulnerabilities reduce the security posture of the network infrastructure itself; second, other critical infrastructure sectors that depend on IPv6 need additional protection. For example, the future supervisory control and data acquisition (SCADA) industrial capabilities would increasingly use the IPv6 infrastructure, as would the voice communications, the voice and video collaboration, and sharing of data such as the image data and surveillance and reconnaissance data. This paper presents three contiguous results. First, it briefly presents the new IPv6 capabilities; second, it presents a brief analysis of the security vulnerabilities arising from these capabilities; and third, it presents a new security model for IPv6 network infrastructures that has the potential to mitigate these vulnerabilities. The new model is based on the end-to-end connectivity that is restored in IPv6, thus allowing the use of host based security (HBS) systems together with the perimeter security devices. However, the use of HBS complicates the security trust management. Therefore the third component of the model is introduced, namely a policy based security management (PBSM) approach. The PBSM approach allows the secure deployment of the host based security systems. It provides the capabilities needed to --specify the trust zones via a set of security policy rules that together specify a trust zone. Hosts belong to one or more trust zones. Accordingly, the host based security policies are derived from the zone security policies for all the zones to which a host belongs. In addition, the PBSM approach has the potential to support more sophisticated security capabilities such as a risk adaptive access control and dynamic security response to a changing operational picture. The capabilities are needed to enable net-centric security operations.