JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
A BRIEF REVIEW ON NAT TRAVERSALS IN CYBER SECURITY NETWORKS
Dr.N. Kalyana Sundaram1*, T. Prabahar Godwin James2, K.E. Lakshmiprabha3, M. Anand4, Dr.M. Anbarasan5
1*Assistant Professor, Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India. 2Associate Professor, Department of Computer Science and Engineering, Sri Sairam Institute of Technology, Chennai, Tamilnadu, India. E-mail: [email protected] 3Associate Professor, Department of Electrical and Electronics Engineering, Karpaga vinayaga College of Engineering and Technology, Tamilnadu, India. 4Assistant Professor(Sr.G), Department of Computer Science and Engineering, Saveetha School of Engineering, Saveetha Institute of Medical and Technical Sciences, Chennai, India. 5Associate Professor, Department of Computer Science and Engineering, Sri Sairam Institute of Technology, Chennai, Tamilnadu, India. Received: 05.03.2020 Revised: 01.04.2020 Accepted: 25.04.2020
ABSTRACT: Nowadays Cyber security is one of the most competent and inevitable field in the world. Cyber Security is filled with both cyber cases and criminal cases in every part of the world. Most of the cases were solved by the cyber law and IT act. In this paper, we introduce the Network Allocation Translation (NAT) in cyber networks. Network Allocation Translation is the technique where the public IP address is assigned to a computer by a system device. There are various NAT techniques are used in cyber security. One of them is NAT traversals. NAT Traversal is also known as UDP encapsulation which allows traffic to get to specified destination when a device does not have a public address. NAT traversals are required for many network applications especially P2P and VoIP networks. KEYWORDS: Cyber security, Security risks, NAT types, NAT techniques, NAT-T.
© 2020 by Advance Scientific Research. This is an open-access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/) DOI: http://dx.doi.org/10.31838/jcr.07.06.228
I. INTRODUCTION Cyber Security is an information technology security designed to protect the online data or information from attack through internet. All the online services are being protected by the cyber security which combines the internet and virtual reality to protect the information from unauthorized access [1]. Cyber Security also refers to the security that offered through the real-time services to protect the real time information. When the people and public authorities were connected to the internet, security threat that causes massive harm are increased. The word “cyber” refers to the combination of information’s from technology, internet and virtual reality. There are so many types of cyber security. They are critical infra structure Security, cloud security, Application Security, Network Security and Internet of Things (IoT) Security. Cyber security is a significant concern these days considering the way that government administration, military, corporate industry, financial sectors related, and hospitals medic al field, etc stores their data or sensitive information related to the latest techniques, procedures and important information with some uncommon measures in their computers and mobile gadgets. Most of this data is very important and is sensitive regardless of whether that be protected from intellectual property, bank financial related information, individual data, or different kinds of information such as personally identifiable information (PII) and protected health information (PHI) for which unapproved access or presentation could have negative results.
1299
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
Risks in Cyber Security Risk can be characterized as the chance of an undesirable result because of any incidents, occasion, or event, as dictated by its probability and the related outcomes [2].Cyber Security risk is the major concern in which there is a chance of exposure or stolen of data, unauthorized usage of data of your organization commonly present. A predominant, furthermore consolidating definition is the conceivable mishap or harm related to particular system, use of advancement or notoriety of an association. Decision makers got the chance to make chance evaluations while organizing outsider sellers and have a risk relief technique and digital episode reaction plan in situ for when a break happens. Section 1 includes the introduction and risks of cyber security. Section 2 describes literature survey of NAT-T. Section 3 describes NAT History, Overview of NAT, NAT Types and its techniques; Section 4 elaborates NAT Traversal, Operation of NAT-T and its Techniques. Section 5 defines the conclusion of NAT-T Review.
II. LITERATURE SURVEY Vojtech Krmicek, Jan Vykopal and Radek Krejci [4] proposed a paper titled “Netflow based system for NAT detection” describes about the network security, is a significant field, particularly deals with the misuse of the network resources. Network Address Translation (NAT) is one such a resource device present inside the network, arises serious security issues. Many techniques are developed to identify such a NAT Devices and are failed with high false positive rate (FPR). More over no procedure stated on how to perform this NAT detection with Netflow data on large networks for forensic analysis. Authors [4] contributed NAT detection technique with Netflow data with some advancement in NAT detection technique with its prototype system which combines the several NAT detection methods to reduce the false positive rate (FPR) and false negative rates (FNR). Huynh Cong Phuoc, Ray Hunt and Andrew McKenzie [5] proposed a paper titled “NAT Traversal Techniques in Peer to Peer Networks”. This paper explains about P2P networking has significant applications. These considerable requests progress the vital and reliable NAT traversal methods. This paper is also reflecting current and evolving actions and processes proved by NAT-T in P2P networks. NAT acknowledgment is categorised in both TCP and UDP sequences of traversal. Communication method, Connection Setback method, and Hole Punching method are observed. In conclusion, the tested growth is well-defined to assess NAT-T methods and to fix suitable outlines in demand to complete P2P networks. R.Mahy, P.Matthews, J.Rosenberg, [6]presented a paper titled “Traversal Using Relay NAT (TURN) Extensions for TCP Allocations”. This describes that transitional node acts as a message relay. This explanation states a protocol, called TURN. It permits the host to control the transmission process and to exchange data packets with its users using transmission. J.Rosenberg et al., [7] presented a paper titled as “STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs)”. This describes STUN protocol which is insignificant protocol that authorizes needs to control existence of NAT types. It subjects the ability for requirements to fix the network addresses assigned by the NAT to them. Majority of the NAT available currently are works with the STUN as it permits most different variety of requests to work through existing NAT structure. Yevgeniv Yeryomin, Florian Evers, and Jochen Seitz [8] proposed a paper titled “Solving the Firewall and NAT Traversal Issues for SIP-based Voice over IP”. This paper states that Session Initial Protocol (SIP) is the applicable signalling protocol for VoIP. Unsatisfactorily, a VoIP call can't be unsurprising on the off chance that one of the SIP soft phones is situated behind a NAT passage or defensive firewall. A VoIP call incorporates subjective UDP ports for answers that must be adequate. This can be risky because of security reasons. Banerjee, Dwip N., Jain, Vinit, Vallabhaneni, Vasu, [9] presented a paper titled “Accessing Data Processing Systems behind a Network Allocation Translation Enabled Network”. This paper describes that a Network Allocation Translation (NAT) data processing concept present behind network of NAT with its device. A client framework set demands Network Allocation Translation (NAT) gadget for the address location of Network Allocation Translation (NAT) data dealing with the framework. The consistently request engaged through Network Allocation Translation (NAT) device to a DNS server. This Domain Name Server goes before an area for the NAT data dealing with framework with source sending. This leads
1300
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020 information sending to the NAT information preparing system at the location with the client system sending over the NAT gadget. Jeffery M. Capone, and Pramod Immaneni [10] presented a paper titled “Protocol and system for firewall and NAT traversal for TCP connections”. Firewalls along NAT convey numerous advantages for clients and the Internet, yet these devices pause various current TCP/IP requests, in this manner, they conceal the system character clients and block TCP call needs. Firewalls and Network Allocation Translations make it incredible to a source of TCP to determine the connection setup. In addition, NAT is negotiated and create a two directional P2P TCP connection in the firewall.
III. NAT HISTORY Internet architecture and protocols designed before mid 1990 are used till now by the internet pioneers. Any host and the internet are end-to-end connected by the network they designed. In the year 1990 with the usage of 1:1 translation, network address translator introduced with IPv4 address usage and became popular in 1991[3]. Today their essence is regular in our homes, workplaces and so forth. NAT interprets a remote IP address used inside the company to a public, routable address for usage on the outside of the company, such as the Internet. NAT is considered a one-to-one mapping of addresses from private to public.
Overview of NAT Network Address Translation (NAT) is mainly proposed for network address management. It authorizes remote networks that routes unregistered network addresses to the public internet [4]. NAT initiates on a router, by connecting two systems which are organized, and reduces the remote addresses in the central part of the network into authorized addresses, before data packets are developed to alternative network.NAT Philosophy is “Be Transparent”, means, NATs are not proxies. i.e. Applications are unaware of a NAT. One public IP Address is shared over the unlimited private end users by the Network Address Translation having and maintaining the available list of connections among private and public end users domain in the form of tables. This Network Address Translation forms a new list to all new connections attempted by the internal host. This new listed entry in Network Address Translation is said to be as binding contains address of source IP and port. The source IP is replaced by the public IP by the Network Address Translation [11].
Fig.1: Architecture Diagram of NAT
On local network to distribute single IP address among the devices like PC in office or in home, NAT devices engage various devices [9] by providing common shield against cyber security attacks on local network. Traffic from outside which create risk to the network can be known if the computer/device sends request to the remote server. NAT track demands and let’s back information from remote service just if the nearby client has started information transfer. Routers regularly likewise have worked within the firewall that further expands security assurance by Routers gadget.
1301
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
NAT Types There are limited types of NAT according to the old terms (UDP Traffic) and new terms (TCP Traffic). In old terms (UDP Traffic), NAT can be classified as 4 types, namely, Full, Symmetric, Restricted and Port Restricted Cones. A full cone NAT is one where all solicitations from an identical internal IP address and port are planned to a proportional external IP address and port. Besides, any external host can send a bundle to the inside host, by sending a packet to the mapped external address. Unlocking of the network port pairs occurs when central nodes send data to the destination network particularly in case of the Restricted Cone type NAT. Port Restricted Cones is the foremost restrictive sort of Cone NAT: it only allows inbound connections from a selected source IP address and a selected source port. Again, an inbound rule of this sort was previously created dynamically, when the local machine initiated an outbound connection to a foreign one. A symmetric NAT applies limitations correctly a similar path as a port restricted cone NAT however handles the NAT interpretation in an unexpected way. In new terms (TCP Traffic), NAT has two types, namely, Mapping and Filtering. Both Mapping and Filtering are an end-point independent, Address-dependent and Port-dependent based on their options used [Permissive, Restrictive].
NAT Techniques The techniques of NAT accessible are socket secure, traversal using relay around NAT (TURN), NAT hole punching, Session Traversal Utilities using NAT, Interactive Connectivity Establishment, UPNP Internet Gateway Device Protocol, NAT-PMP, PCP and Application Level Gateway (ALG). Socket Secure (SOCKS) sequences exchanges the network packets between clients and servers to connect congestion among networks. It is also designed to route any type of traffic generated by any protocol. Traversal Using Relays around NAT (TURN) is a statement method intended to govern the data destination of TCP or UDP link. It is a protocol that supports in NAT-T for multimedia applications. NAT hole punching: In this process a node outside a NAT, with a widely accessible Static IP is used, it is called a Rendezvous server. It is used to setup a link between two nodes which are either both behind dissimilar NATs or both behind similar NAT or one behind a NAT and other not behind a NAT or nodes beneath various NATs. Session Traversal Utilities for NAT (STUN): It is a light weight protocol that serves as a tool for dealing the NAT-T. It is also used for checking the link between two end points. It was projected for TCP and UDP protocols. Interactive Connectivity Establishment (ICE): It uses a method combination including STUN and TURN to setup a link between two nodes. It blocks in the unsuitable bits that were not approved by STUN. UPnP Internet Gateway Device Protocol (IGDP): It is a way of port configuring forwarding and also used for mapping the ports in NAT formation. It is well-preserved by dissimilar NAT entries in small office locations. This permits a device on a network to search the router to open a port. NAT-PMP (NAT-Point to Multi Point Communication) is a procedure announced by Apple as an alternate to IGDP. PCP Port Control Protocol (PCP) delivers a way to control the forwarding of arriving packets by upstream devices. Application-level gateway (ALG): It is a NAT module that permits for making NAT-T filters. It is required by abundant entities that this method forms supplementary complications than its determinates.
IV. NAT-T AND ITS TECHNIQUES NAT-T is a method of initiating and upholding the IP networks across gateways that implement NAT. The problem of NAT-T is detached into four procedures explicitly, Realm-Specific IP Address in the Payload and Peer to Peer Applications Bundled Session Applications and Unsupported Protocols
1302
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
Operation of NAT-T NAT-T enhances UDP Header that captures the ESP header. This gives the NAT device a UDP header about ports which will be used for multiplexing IPSec information streams. NAT-T groups the transferring nodes from single IP address into a NAT Original Address payload and provides the realizing node access to the info, in order that the client’s and server’s network addresses and ports are often patterned and therefore the checksum is active. This also determines the problem of the protected client’s network address.
Fig.2: Tunnel Mode Packet Format without NAT-T
Fig.3: General Format for NAT-T NAT-T is mainly used for user to user interacting requests. Example: P2P and VoIP deployments.
Universal Plug and Play (UPnP) It is a lot of activities that permits the system gadgets to find each other's essence on the system and set up practical system administrations for information sharing, interchanges and amusement. UPnP is upheld by most little NAT passages. The UPnP highlight incorporates media and gadget freedom, User Interface Control, Operating System and Programming Language Independence and Extensibility.
Fig.4: UPnP Architecture
1303
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
Application Level Gateway (ALG) It is also known as Application Layer Gateway, Application Gateway, application Proxy. It is a security module that improves a Firewall or NAT employed in a system [8]. It permits modified NAT-T filters to be worked into the gateway to support network address and port translation for data protocols such as FTP, Bit Torrent, SIP, RTSP etc.
Fig. 5: Application Level Proxy
TCP/UDP Hole Punching Hole punching is also called as punch-through. It is mainly used for direct communication between two parties that uses NAT. TCP/UDP Hole Punching is also known as TU Hole Punching. TCP hole punching is an experimentally used NAT-T technique for establishing a TCP connection between two peers [10] behind a NAT device in an internetwork [5].
Fig.6: TCP Hole Punching
UDP Hole Punching is frequently employed in NAT applications for upholding UDP data streams that negotiate the NAT.
1304
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
Fig.7: UDP Hole Punching Simple Traversal UDP through NAT (STUN) It is an apparatus utilized by different conventions like Interactive Connectivity Establishment (ICE), the Session Initiation Protocol (SIP) and Web RTC [7]. It additionally won't to identify and cross system address interpreters that are situated inside the way between two endpoints of correspondence.
Fig.8: Simple Traversal UDP through NAT (STUN)
Traversal Using Relay NAT (TURN) It is a procedure that supports in NAT-Traversals for multimedia applications. It can be used with TCP or UDP. TURN does not allow for users to run the destinations on identified ports if they are behind a NAT [6]. It is also a client-server network protocol or packet format that is used to support in the path detection between clients/servers on the internet. It operates a TURN server to convey information from a user to any number of peers. It supports user relation behind a NAT to only a unique client or unique server. Example: Telephony.
1305
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
Fig.9: Traversal Using Relay NAT (TURN)
V. CONCLUSION In this paper, we proposed a review of NAT Traversals for cyber networks. NAT is the method in which group of users inside the remote network are allocated by a public address. For economy and security purpose in an organization, NAT limits the number of community IP addresses NAT-T Technology can detect NAT devices between IP sec peers. Examples for NAT Software are Internet Connection Sharing (ICS), IP Filter, IP Firewall, and Net Filter with IP tables/NFT tables, Routing and Remote Access Service, and Wingate. The main merits of NAT-Traversal are it can prevent the depletion of IPV4 addresses. It can provide the increased flexibility when connecting to the public internet. The demerits of NAT-Traversal are it may cause delay in: a) IPV4 communication and b) loss of end to end devices IP traceability.
VI. REFERENCES [1] Rachna Buch et al.(2017).World of Cyber Security and Cyber Crime, Recent Trends in Programming Languages. STM Journals,4(2):18-23. [2] Halima Ibrahim Kure, Shareeful Islam, Mohammed Abdur Razzaque.(2018). An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Journals of Applied Sciences, 8(6):1-29. [3] Lixia Zhang.(2008). A Retrospective view of Network Address Translation. IEEE Network,22(5):8-12. [4] Vojtek Krmicek, Jan Vykopal and Radek Krejci.(2009). NetFlow Based System for NAT Detection. CoNext Student Worskhop’09:23-24. [5] Huynh Cong Phuoc, Ray Hunt and Andrew McKenzie.(2008). NAT Traversal Techniques in Peer to Peer Networks. Proceedings of New Zealand Computer Science Research Student Conference- 2008: 242-245. [6] R.Mahy, P.Matthews, J.Rosenberg.(2010). Traversal Using Relay NAT (TURN) Extensions for TCP Allocations. IETF, RFC:5766 [7] J. Rosenberg, et al.(2003).STUN Simple Traversal of UDP Through NAT. Network Working Group, RFC: 3489. [8] J. Rosenberg, et al.(2002). NAT and Firewall Scenarios and Solutions for SIP. draft-ietf-sipping- nat-scenarios-00.txt, IETF SIPPING WG, Jun. 24. [9] Banerjee, Dwip N., Jain, Vinit, Vallabhaneni, Vasu.(2009).Accessing Data Processing Systems Behind A NAT Enabled Network. International Business Machines Corporation, Jan’15. [10] Jeffery M. Capone, Pramod Immaneni.(2010).Protocol and system for firewall and NAT traversal for TCP connections. Leaf Networks, LLC, Scottsdale, AZ (US),Jan’12.
1306
JOURNAL OF CRITICAL REVIEWS
ISSN- 2394-5125 VOL 7, ISSUE 6, 2020
[11] Andreas Muller, Andreas Klenk and George Carle.(2008) “Behavior and Classification of NAT devices and implications of NAT Traversal. IEEE Networks on Implications and Control of Middle boxes in the Internet, October. [12] Rajeyyagari, S., Babu, G.A., Mohebbanaaz, Bhavana, G.(2019). Analysis of image segmentation of magnetic resonance image in the presence of inhomongeneties. International Journal of Recent Technology and Engineering,7(5):17-21. [13] Ahmed, M.S., Korandla, R., Snvasrk, P., Gopatoti, A.(2018). Optimized Bayesian NL-means blockwise approach for ultra sound images. International Journal of Engineering and Technology (UAE), 7(4.16):214-217. [14] Naik, M.C., Gopatoti, A., Paparao, N.(2018). Implementation of cryptographic approach for image transmission with security. Journal of Advanced Research in Dynamical and Control Systems, 10(8):196-202.
1307