Location

(Hybrid): Coda C1015 Vinings

Title: Methods and Systems for IPv6 Security Measurement

 

Date: Wednesday, May 7, 2025

Time: 9:00 AM – 10:30 AM ET

Location (Hybrid):

Coda C1015 Vinings

https://gatech.zoom.us/j/92554061158?pwd=HEJ9eUHQPgFTIgqXTpy2nIR2xt42wT.1

(Meeting ID: 925 5406 1158; Passcode: 584880)

 

Grant Williams

Computer Science Ph.D. Student

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

 

Committee:

Dr. Paul Pearce (Advisor) – School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Frank Li - School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Cecilia Testart - School of Cybersecurity and Privacy, Georgia Institute of Technology

 

Abstract:

IPv4 Internet scanning transformed Internet Security, enabling a diverse set of tasks ranging from tracking botnets to analyzing cryptographic vulnerabilities. Such advances did not directly extend to IPv6 given the vast scale of its address space. Security scanning measurements routinely ignored IPv6 as researchers lacked the ability to exhaustively scan the IPv6 address space. Target Generation Algorithms (TGAs) were proposed for enabling IPv6 scanning-based measurement, but such methods have significant limitations and have not been extensively evaluated or applied broadly to Internet security scans. Our work addresses these challenges by building and evaluating multiple IPv6 scanning systems, exploring metrics and seed datasets for use in evaluating these systems, and deploying these artifacts for use in security evaluations.

 

First, we develop 6Sense, an online deep-learning approach for finding responsive IPv6 addresses based on domain knowledge of address structure. We then propose a set of metrics for evaluating IPv6 scanning approaches and show 6Sense is able to identify more than 3.6x more hosts and 4x more end-site assignments than prior approaches. We deploy 6Sense for IPv6 security measurements across the Internet: exploring TLS certificates, surveying open ports, and quantifying security-sensitive services. Second, we explore how input datasets affect what IPv6 scanning systems are able to find. We determine how to optimize the number and quality of discovered addresses by filtering these datasets for responsiveness and network characteristics.

 

Unfortunately, simply exploring based on known IPv6 datasets is not enough to get a comprehensive picture of IPv6 security. As current and future work, we discuss deploying multiple approaches, including enhanced ICMP error message-based discovery, to collect a larger dataset of >200M IPv6 addresses across multiple ports and protocols. We will then explore security applications using these new datasets and methods. Finally, we will discuss additional future work in determining the longevity of responsive IPv6 addresses, as there has yet been no large-scale study of IPv6 responsiveness over time.

 

All told, we build methods and systems for enabling IPv6 Internet scanning and allowing comparable security measurements on IPv6 to those deployed on IPv4.