Allowing IP networks to be securely renumbered and shared

Thu, 02/17/2011 - 00:03 by Damien Leroy


At the end of 2000 the estimated population of Internet users was about 360 million. Mid-2010 it reached 1.97 billion. While the Internet continues to spread, its usage is also more and more present in our everyday's life. In developed countries, people often have access to the Internet at work, at home, and increasingly on mobile devices through 3G or WiFi.

Each of these devices must be assigned an IP address to communicate with others on the Internet. The currently used address space, IPv4, was designed in the 1970s. It has a theoretical capacity of only 3.7 billion addresses whose many are lost due to suboptimal allocation. The exhaustion of the IPv4 addresses is now a matter of months. To address this issue, a new network-layer protocol, IPv6, has been designed and implemented. A key operation to allow IPv6 to scale is to be able to easily change the IP addresses of all devices in a campus or enterprise network. This operation is called renumbering. As automated tools are missing, renumbering a network is often done manually and is thus lengthy and error-prone. The first part of this thesis focuses on secure renumbering and automated tools to help the process.

Besides, more and more mobile phones and tablets are equipped with both 3G and WiFi interfaces. These devices as well as laptops require an internet connection for a large part of their popular applications. Unfortunately, connecting all these devices to the Internet is still painful. On the one hand, although 3G has been designed for that purpose, it is still expensive and slow. On the other hand, WiFi is usually much faster than 3G and much easier to deploy, mostly indoor. Users have typically access to WiFi at home and at work. Between these locations, connecting to a WiFi network is often difficult and risky. In the second part of this thesis, we present Secure WIfi SHaring (SWISH), a protocol that enables to secure WiFi sharing and offers security for both the visited network and the visitor. SWISH is compatible within existing standards and has been deployed in actual networks.

Damien Leroy
PhD thesis
Universite catholique de Louvain, Feb 2011.
Full text
pdf    (1.99 MB)
Cite it
See here

IEEE Copyright Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

ACM Copyright Notice: Copyright 1999 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page or intial screen of the document. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM Inc., fax +1 (212) 869-0481, or

Springer-Verlag LNCS Copyright Notice: The copyright of these contributions has been transferred to Springer-Verlag Berlin Heidelberg New York. The copyright transfer covers the exclusive right to reproduce and distribute the contribution, including reprints, translations, photographic reproductions, microform, electronic form (offline, online), or any other reproductions of similar nature. Online available from Springer-Verlag LNCS series.