Affiliation:
1. University of Colorado, Boulder, Colorado, USA
Abstract
With the transition to IPv6, addressing constraints that necessitated a common security architecture under network address translation (NAT) are no longer present. Instead, manufacturers are now able to choose between an open model design, where devices are end-to-end reachable, or a more familiar closed model, where the home gateway may continue to serve as a perimeter security device. The potential for further nuance, such as differences in default access control policies, filtering behaviors, and IPv6 specific requirements, present an environment defined by ambiguity. For the consumer, the potential impact of these changes are unclear. To address this uncertainty, we taxonomize the present NAT-centric model of consumer gateway security through a survey of over 300 common vulnerabilities and exposures surrounding NAT and hole punching protocols. From this survey, we contextualize the limited security NAT has provided while serving as the primary perimeter defense mechanism in home networks. We further define how this baseline security model for consumer gateways is reflected in IPv6 through an assessment of ten commonly deployed consumer gateways. Our conclusion is that familiarity of a NAT-centric design is no longer assured for IPv6, requiring an active involvement by users to limit exposures within their home networks.
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference129 articles.
1. Smart TV upgrade, privacy downgrade?;Abdi-Nur Abdifatah;J. Colloq. Info. Syst. Secur. Edu.,2017
2. IPsec-Network Address Translation (NAT) Compatibility Requirements
3. Users are not the enemy
4. Akamai. 2018. UPnProxy: Blackhat Proxies via NAT Injections. Technical Report.
5. WiFi Alliance. 2022. WiFi Alliance Wireless Specifications. Retrieved from https://www.wi-fi.org/discover-wi-fi/specifications. Accessed: 2022-11-17.