| With the rapid development of the Internet and the sudden increase of a variety ofterminal equipment, IPv4address shortage problem has become increasingly prominent.Although the CIDR and NAT was proposed to alleviate this problem, IPv4addressesultimately depleted. A new generation Internet Protocol IPv6become an inevitable trendto replace IPv4. In the IPv4environment, a large number of infrastructure is impossibleto upgrade to IPv6in the same time so that the transition from IPv4to IPv6must be agradual slow process. Many transition mechanisms have been proposed, and thetunneling is a kind of widely used mechanism. According the different methods ofencapsulating, a varitey of tunneling mechanisms are also designed. Teredo tunneling isa special automatic tunneling technology, which was typically designed for NAT client,while there also exist many security issues in the Teredo protocol and itsimplementation.Therefore, in this paper, Teredo protocol and its multiple implementations areanalyzed in detail. By algorithm optimization, Teredo tunneling service performanceand security is improved to some extent.Firstly, in this paper, the entire basic contents of Teredo tunneling, which includepacket format, tunneling process, etc. is described briefly. Then, three kinds of code ofTeredo tunneling open source software were analyzed. And on this basis, Teredopotential performance and security issues are described.Secondly, in this paper, on the basis of the widely used Miredo for the study,Algorithms in the Teredo implementation were optimized. A new state transformationautomation model was designed, on basis of which, multiple Peerlist chains andtwo-layer lookup tree algorithm were elaborated, and peerlist update algorithms wereoptimized, which effectively enhanced the performance and the security of the tunnel.Thirdly, in this paper, the secure authentication procedure in Teredo tunneling wasdescribed. Two potential kinds of attacks, Man-in-the-Middle attack and DoS attack,were analyzed. Finaly, A security enhancement model was conceived, which includedclient authorized certification, anomaly detectionand load balancing capabilities.Finally, at the end of this pater, serval experiments for the optimized algorithm wasperformed, and as is shown in the test result, the performance of optimized algorithmshas improved to some extent. |
PDF Full Text Request