{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,22]],"date-time":"2026-03-22T03:45:42Z","timestamp":1774151142387,"version":"3.50.1"},"reference-count":35,"publisher":"Oxford University Press (OUP)","issue":"10","license":[{"start":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T00:00:00Z","timestamp":1746230400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,10,22]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>As the depletion of IPv4 addresses accelerates, the urgency of transitioning to IPv6 has intensified. To address this imperative, numerous IPv6 transition technologies have emerged to facilitate this migration process. While existing methodologies offer insights into the security implications of these technologies, this paper presents a novel approach to security analysis that surpasses conventional methods. By leveraging the STRIDE threat modeling technique, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, we conduct a comprehensive security analysis of prominent IPv6 transition technologies, including Combination of Stateful and Stateless Translation (464XLAT), Dual-Stack Lite (DS-Lite), Lightweight 4over6 (Lw4o6), and Mapping of Address and Port using Translation (MAP-T)\/Mapping of Address and Port with Encapsulation (MAP-E). Our methodology not only evaluates the categorization of transition technologies but also considers the location and the statefulness of the attacked router, whether it is a customer edge router or a provider edge device. Additionally, we introduce an abstraction method to derive potential vulnerabilities at a more general level from those discovered at a more specific level. Through synthesizing previous research endeavors and rigorously examining these technologies for vulnerabilities, our approach offers valuable insights into the security landscape of IPv4-as-a-Service IPv6 transition technologies. By addressing the limitations of existing methodologies and providing a more holistic framework for security analysis, this paper contributes to the ongoing discourse on IPv6 transition strategies. It enhances the resilience of network infrastructures against evolving security threats.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaf048","type":"journal-article","created":{"date-parts":[[2025,4,11]],"date-time":"2025-04-11T07:41:42Z","timestamp":1744357302000},"page":"1450-1462","source":"Crossref","is-referenced-by-count":1,"title":["Methodology for the security analysis of IPv4-as-a-Service IPv6 transition technologies"],"prefix":"10.1093","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7810-8458","authenticated-orcid":false,"given":"Ameen","family":"Al-Azzawi","sequence":"first","affiliation":[{"name":"Faculty of Electrical Engineering and Informatics , Department of Networked Systems and Services, Budapest University of Technology and Economics, M\u00fcegyetem rkp. 3, H-1111 Budapest,","place":["Hungary"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5552-3237","authenticated-orcid":false,"given":"G\u00e1bor","family":"Lencse","sequence":"additional","affiliation":[{"name":"Faculty of Electrical Engineering and Informatics , Department of Networked Systems and Services, Budapest University of Technology and Economics, M\u00fcegyetem rkp. 3, H-1111 Budapest,","place":["Hungary"]}]}],"member":"286","published-online":{"date-parts":[[2025,5,3]]},"reference":[{"key":"2025102215363627300_ref1","volume-title":"Internet Protocol, Version 6 (IPv6) Specification","author":"RFC 2460","year":"1998"},{"key":"2025102215363627300_ref2","volume-title":"Basic Transition Mechanisms for IPv6 Hosts and Routers","author":"RFC 4213","year":"2005"},{"key":"2025102215363627300_ref3","doi-asserted-by":"crossref","first-page":"2021","DOI":"10.1587\/transcom.2018EBR0002","article-title":"Comprehensive survey of IPv6 transition technologies: a subjective classification for security analysis","volume":"102","author":"Lencse","year":"2019","journal-title":"IEICE Trans Commun"},{"key":"2025102215363627300_ref4","volume-title":"Requirements for IPv6 Customer Edge Routers to Support IPv4-as-a-Service","author":"RFC 8585","year":"2019"},{"key":"2025102215363627300_ref5","volume-title":"464XLAT: Combination of Stateful and Stateless Translation","author":"RFC 6877","year":"2013"},{"key":"2025102215363627300_ref6","volume-title":"Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion","author":"RFC 6333","year":"2011"},{"key":"2025102215363627300_ref7","volume-title":"Lightweight 4over6: An Extension to the Dual-Stack Lite Architecture","author":"RFC 7596","year":"2015"},{"key":"2025102215363627300_ref8","volume-title":"Mapping of Address and Port Using Translation (MAP-T)","author":"RFC 7599","year":"2015"},{"key":"2025102215363627300_ref9","volume-title":"Mapping of Address and Port with Encapsulation (MAP-E)","author":"RFC 7597","year":"2015"},{"key":"2025102215363627300_ref10","volume-title":"Pros and Cons of IPv6 Transition Technologies for IPv4-as-a-Service (IPv4aaS)","author":"RFC 9313","year":"2022"},{"key":"2025102215363627300_ref11","doi-asserted-by":"crossref","first-page":"397","DOI":"10.1016\/j.cose.2018.04.012","article-title":"Methodology for the identification of potential security issues of different IPv6 transition technologies: threat analysis of DNS64 and stateful NAT64","volume":"77","author":"Lencse","year":"2018","journal-title":"Comput Secur"},{"key":"2025102215363627300_ref12","doi-asserted-by":"crossref","first-page":"10","DOI":"10.36244\/ICJ.2021.4.2","article-title":"Identification of the possible security issues of the 464XLAT IPv6 transition technology","volume":"13","author":"Al-Azzawi","year":"2021","journal-title":"Infocommun J"},{"key":"2025102215363627300_ref13","doi-asserted-by":"crossref","DOI":"10.3390\/electronics12102335","article-title":"Analysis of the security challenges facing the DS-Lite IPv6 transition technology","volume":"12","author":"Al-Azzawi","year":"2023","journal-title":"Electronics"},{"key":"2025102215363627300_ref14","first-page":"30","article-title":"Lightweight 4over6 test-bed for security analysis","volume":"15","author":"Al-Azzawi","year":"2023","journal-title":"Infocomm J"},{"key":"2025102215363627300_ref15","doi-asserted-by":"crossref","DOI":"10.1093\/comjnl\/bxae059","article-title":"Security analysis of the MAP-T IPv6 transition technology","volume":"67","author":"Al-Azzawi","year":"2024","journal-title":"Comput J"},{"key":"2025102215363627300_ref16","doi-asserted-by":"crossref","DOI":"10.5220\/0005652402430254","article-title":"The STRIDE towards IPv6: a comprehensive threat model for IPv6 transition technologies","volume-title":"2nd International Conference on Information Systems Security and Privacy","author":"Georgescu","year":"2016"},{"key":"2025102215363627300_ref17","doi-asserted-by":"crossref","first-page":"595","DOI":"10.1109\/EuroSP.2017.34","article-title":"When cellular networks met IPv6: security problems of Middleboxes in IPv6 cellular networks","volume-title":"IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Hong","year":"2017"},{"key":"2025102215363627300_ref18","first-page":"216","article-title":"Empirical analysis of IPv6 transition technologies using the IPv6 network evaluation testbed","volume-title":"Testbeds and Research Infrastructure: Development of Networks and Communities: 9th International ICST Conference","author":"Georgescu","year":"2014"},{"key":"2025102215363627300_ref19","volume-title":"Deployment Considerations for Dual-Stack Lite","author":"RFC 6908","year":"2013"},{"key":"2025102215363627300_ref20","volume-title":"Dual-Stack Lite (DS-Lite) Management Information Base (MIB) for Address Family Transition Routers (AFTRs)","author":"RFC 7870","year":"2016"},{"key":"2025102215363627300_ref21","volume-title":"Dynamic Host Configuration Protocol for IPv6 (DHCPv6) Option for Dual-Stack Lite","year":"2011"},{"key":"2025102215363627300_ref22","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1109\/TSP52935.2021.9522607","article-title":"Design of a Software Tester for benchmarking lightweight 4over6 devices","volume-title":"2021 44th International Conference on Telecommunications and Signal Processing (TSP)","author":"Al-hamadani","year":"2021"},{"key":"2025102215363627300_ref23","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1109\/TSP55681.2022.9851309","article-title":"Testbed for the comparative analysis of DS-Lite and lightweight 4over6 IPv6 transition technologies","volume-title":"2022 45th International Conference on Telecommunications and Signal Processing (TSP)","author":"D\u2019yab","year":"2022"},{"key":"2025102215363627300_ref24","article-title":"The B4 network function","author":"Garc\u00eda"},{"key":"2025102215363627300_ref25","doi-asserted-by":"crossref","first-page":"e5354","DOI":"10.1002\/dac.5354","article-title":"Towards the scalability comparison of the Jool implementation of the 464XLAT and of the MAP-T IPv4aaS technologies","volume":"35","author":"Lencse","year":"2022","journal-title":"Int J Commun Syst"},{"key":"2025102215363627300_ref26","article-title":"Jool, open source IPv4\/IPv6 translator","author":"ITESM"},{"key":"2025102215363627300_ref27","volume-title":"Experience with Testing of Mapping of Address and Port Using Translation (MAP-T)","author":"RFC 7703","year":"2015"},{"key":"2025102215363627300_ref28","doi-asserted-by":"crossref","first-page":"45","DOI":"10.36244\/ICJ.2022.3.6","article-title":"Towards implementing a software tester for benchmarking MAP-T devices","volume":"14","author":"Al-hamadani","year":"2022","journal-title":"Infocommun J"},{"key":"2025102215363627300_ref29","volume-title":"Threat Modeling: Designing for Security","author":"Shostack","year":"2014"},{"key":"2025102215363627300_ref30","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1016\/j.comcom.2024.03.007","article-title":"Benchmarking methodology for IPv4aaS technologies: comparison of the scalability of the Jool implementation of 464XLAT and MAP-T","volume":"219","author":"Lencse","year":"2024","journal-title":"Comput Commun"},{"key":"2025102215363627300_ref31","volume-title":"Cloudflare"},{"key":"2025102215363627300_ref32","article-title":"How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack","author":"Cloudflare"},{"key":"2025102215363627300_ref33","volume-title":"Making a Synthesis Emulation in IOT ERA Possible Starbed5 Project. StarBED5 Project Website"},{"key":"2025102215363627300_ref34","article-title":"DNS64perf++ measurement tool","author":"D\u00e1niel"},{"key":"2025102215363627300_ref35","article-title":"Lightweight 4 over 6 test-bed","author":"Al-Azzawi"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/10\/1450\/63051567\/bxaf048.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/10\/1450\/63051567\/bxaf048.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,22]],"date-time":"2025-10-22T19:36:47Z","timestamp":1761161807000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/68\/10\/1450\/8124674"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,3]]},"references-count":35,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2025,5,3]]},"published-print":{"date-parts":[[2025,10,22]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaf048","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025,10]]},"published":{"date-parts":[[2025,5,3]]}}}