A cryptographic one-to-many reversible mapping for IPv6 address generation and identification in enterprise WLANs /

This thesis presents a novel application of cryptographic one-to-many reversible mapping scheme between the user space and the IPv6 address space. The mapping mechanism is developed to improve IPv6 addresses generation and identification in an enterprise wireless local area network (LAN). Each time...

Full description

Saved in:
Bibliographic Details
Main Author: Hakiem, Nashrul
Format: Thesis
Language:English
Published: Kuala Lumpur : Kulliyyah of Engineering, Internatiional Islamic University Malaysia, 2014
Subjects:
Online Access:http://studentrepo.iium.edu.my/handle/123456789/4593
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This thesis presents a novel application of cryptographic one-to-many reversible mapping scheme between the user space and the IPv6 address space. The mapping mechanism is developed to improve IPv6 addresses generation and identification in an enterprise wireless local area network (LAN). Each time a user accesses the network, a dynamic IPv6 address is given via a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server. The main purpose of dynamic address is to protect a user from unwanted behaviour analysis exploiting IPv6 addresses, thus protecting user privacy. The dynamic address can be uniquely linked to the particular user; this has benefit, namely to allow a network administrator to single out a user based on a captured IPv6 address during any security event. The IPv6 address is generated dynamically using three mechanisms namely Bit Distribution, Simplified Advanced Encryption Standard (S-AES), and Cipher Feedback (CFB) mode of AES mechanisms based on user identity. The performance of the one-to-many reversible mapping for stateful IPv6 address assignment is evaluated in terms of the computational complexity, collision probability, and randomness. The computational complexity is evaluated based on the running (processing) time and the number of CPU clock cycles. The randomness test is measured in terms of uniformity based on monobit tests and avalanche effect based on Hamming distance test. The computational complexity test results show that the CFB-AES is the highest among the other mechanisms, however the processing time is still practical since it takes less than 100 milliseconds for generating or identifying an address. The collision probability calculation shows that it is very small indeed on the order of 262 even if it is assumed that the maximum numbers within enterprise LAN are connected in the same time (1.49e-8). The randomness test results show that all mechanisms pass the uniformity test. However, it is only the mechanism which uses the CFB-AES have passed the avalanche effect test and it can be considered to be random with a confidence level of 99%. It is recommended that the IPv6 address generation may be incorporated as an extension to the current DHCPv6 software and the IPv6 address owner identification may be implemented as a complement of local area network monitoring software.
Physical Description:xx, 163 leaves : ill. ; 30cm.
Bibliography:Includes bibliographical references (leaves 134-136).