SBIR-STTR Award

  1. You are here:    Home
  2. Search Databases
  3. Search SBIR-STTR Awards
  4. SBIR-STTR Award

Expert Validation of IPV4-6 Security in Transitional Areas (EVISTA)
Award last edited on: 6/27/2012

Sponsored Program
SBIR
Awarding Agency
DOD : AF
Total Award Amount
$848,443
Award Phase
2
Solicitation Topic Code
AF083-041
Principal Investigator
Rajini Anachi

Company Information

Cyglass Inc (AKA: mZeal Communications Inc)

305 Foster Street
Liitleton, MA 01460
   (978) 665-0280
   info@cyglass.com
   www.cyglass.com
Location: Multiple
Congr. District: 03
County: Middlesex

Phase I

Contract Number: ----------
Start Date: ----    Completed: ----
Phase I year
2009
Phase I Amount
$99,999
A compelling case can be made for the implementation of IPv6, a replacement for the hugely successful but limited IPv4 protocol. Furthermore, in an important sense IPV6 is already here.  Most network equipment and operating systems created in the last several years are IPV6 capable.  This de-facto transition poses important security risks.  Dual-stack nodes have mechanisms for accessing both IPV4 and IPV6 networks.  As transition mechanisms have been developed, the security considerations have been reasonably well documented, but information assurance policies and enforcement mechanisms need to take into account the security implications of this new technology.   There is clearly a need for a tool which aids administrators in dealing with the security threats posed by a transitional environment.  mZeal Communications proposes a product which is intended to fill this need, Expert Validation of IPV4/6 in Transitional Areas (EVISTA).  EVISTA is envisioned to be self-configuring, expert system which specializes in identifying and neutralizing security gaps and active threats in a wide variety of transitional environments.  It will contain software agents that collect information about the network, both from a static and dynamic standpoint, and a rule-based inference engine, used to intelligently identify how to defeat threats in its host environment.  

Benefit:
The anticipated benefits of EIVSTA could be quite significant, due to its widespread potential applicability.  Near-term commercial opportunities exist in areas relating to the DOD. This is due in part to fact that mZeal has several years of experience in working with the military on a variety of projects, and therefore have a high degree of familiarity with defense-related organizations. Additionally, per DOD mandate, all DOD agencies must have become technically IPv6 compliant as June 2008. This implies that most of them are at some level of transition, which is exactly the type of environment to which the EVISTA system is targeted.   There is also the scenario for deployment of EVISTA in tactical networks. The promise of IPv6 is power at the edge, which implies its usefulness in tactical environments. The ability to detect and automatically disable an intrusive, potentially crippling attack on the network actively involved in a battle scenario represents a powerful capability in a tactical system.  For the longer term, in a vein similar the DOD, the OMB has also mandated that all Federal agencies have become IPv6 capable by now. Given the sheer size and scope of the Federal government, this represents a significant potential market for EVISTA. Ultimately, the largest potential market is the totality of the users of the worldwide internet. As mentioned previously, government organizations in multiple countries are actively advocating for a transition to IPv6. Since the US has a relatively large portion of the IPv4 address space, rapidly developing countries such as China and India have additional incentive to move to IPv6.  Other countries have similar concerns and are likely to follow suit including, eventually, the U.S.  Since the conversion to IPV6 is predicted to take place gradually, rather than overnight, the need for a transitional threat detection and elimination product such as EVISTA projects to be significant and prolonged.

Keywords:
Security, Ipv6, Transition, Tunnel, Expert, Threat Detection, Prevention

Phase II

Contract Number: ----------
Start Date: ----    Completed: ----
Phase II year
2011
Phase II Amount
$748,444
The objective of the EVISTA project is to create an intelligent software solution designed to aid users and administrators in addressing their security concerns during the IPv4 to IPv6 transition phase. An expert system is combined with network-sensing tools and agents to i) identify unauthorized IPv6 transitional tunnel use ii) identify unauthorized IPv6 service access iii) conduct a vulnerability assessment of local end hosts and iv) mitigate active attacks which are enabled by the complex nature of a dual-stack environment. Phase I produced two prototypes, EVISTA Out-of-band and EVISTA Inline, both of which were successful in satisfying the desired objective. As a natural continuation of Phase I, EVISTA Phase II will build upon the Phase I architecture to expand and enhance its capabilities toward the ultimate end of productization as a commercial security tool. Projected changes include enhanced vulnerability assessment, automatic self configuration based on the hosting network, per-user authorization and authentication, enhanced threat mitigation, operation in multi-homed and native IPv6 networks, and incorporation of IPv6 firewall processing. These capabilities, among others, will combine to make EVISTA a compelling addition to an enterprise’s suite of security tools as we enter the age of IPv6.

Benefit:
The anticipated benefits of EVISTA are considerable due to its widespread potential applicability. For example, significant commercial opportunities exist in areas relating to the DOD. This is due in part to fact that mZeal has several years of experience in working with the military on a variety of projects, and therefore has a high degree of familiarity with defense-related organizations. More importantly, per DOD mandate, all DOD agencies were to have become technically IPv6 compliant as of June 2008. This implies all of them are at some level of transition, which is precisely the type of environment for which the EVISTA system is targeted. In a similar vein, the OMB has also mandated that all Federal agencies have become IPv6 capable by now. Given the sheer size and scope of the Federal government, this represents an enormous market for the EVISTA product. There is also the potential for deployment of EVISTA in tactical networks. The promise of IPv6 is “power at the edge”, which implies its usefulness in tactical environments. The ability to detect and automatically disable an intrusive, potentially crippling attack on the network actively involved in a battle scenario represents a powerful capability in a tactical system. EVISTA scaled to run on consumer premises equipment (CPEs) represents another compelling avenue for commercialization. These wireless routers/NATs run in millions of households throughout the world. EVISTA could play a significant security role in the home by protecting consumers from attacks mounted through hidden IPv6 tunnels. Ultimately, the largest potential market is the totality of the users of the worldwide internet. Government organizations in multiple countries are actively advocating for a transition to IPv6. Since the US has a relatively large portion of the IPv4 address space, rapidly developing countries such as China and India have additional incentive to move to IPv6. Other countries have similar concerns and are likely to follow suit – including, eventually, the U.S. Since the conversion to IPV6 is predicted to take place gradually, rather than overnight, the need for a transitional threat detection and elimination product such as EVISTA projects to be significant and prolonged.

Keywords:
Ipv4, Ipv6 Transition, Security, Tunnels, Teredo, 6to4, Ids, Dual-Stack