Risk assessment equation for IPv6 network / Athirah Rosli

Exposure to risk due to the implementation of IPv6 has made enterprise networks take immediate actions to avoid misrepresenting of risks and applying inadequate countermeasures. Being aware of the needs to calculate the risk of IPv6 threats and vulnerabilities, enterprises demand a proper equation that is flexible to represent risks of the network. Unfortunately, the existing risk assessment equation is insufficient because it calculates risk per asset rather than the network as a whole. The current risk assessment equation also fails to relate security requirements with the dependencies of asset, threat and vulnerability. By using grounded theory, it is realized that confidentiality, integrity, and availability are important elements to be considered in risk assessment. Thus, this research proposes new risk assessment equation for IPv6 deployment that includes base score value that considers security goal of the network. The developed equation was validated via experimentation that involved testing the UDP flooding attack, TCP flooding attack and multicast attack by using OMNeT++. Result shows that the IRA6 equation is adequate in determining the risk value compared to the exvisting risk assessment equation. The risk values are associated into IPv6 threat model for future reference and as preliminary information for enterprise network. With the added information, it can be used by network administrators in their decision making and strategic planning for network security. Further research can include other elements in security goals which are nonrepudiation, authentication, authorization and accountability.