Open Position/Internship "Deployment of an IPv6 Security Platform"

Context of the internship

Most ITS (Intelligent Transport Systems) applications require efficient communications between vehicles or between the vehicle and the infrastructure. An IPv6 vehicular mobile router is in charge of maintaining Internet access and session continuity for other in-vehicle network nodes. Mobile access to the Internet is maintained using NEMO Basic Support [RFC 3963] over various interfaces (802.11 a/b/g, 802.11p, infrared and 2G/3G) while a VANET (Vehicular Ad-hoc NETwork) routing protocol is running between the vehicles. IPv6 is natively supported in all access networks. All IP communications between the vehicle and its communication peers (other vehicles, roadside infrastructure, and Internet) must be secured. Security (IPsec/IKE/SeND) and access control (Diameter) mechanisms must thus be used.

Objective of the internship

The objective of the internship is to install AAA (Diameter) access control and related dynamic keying mechanisms and certificate servers on an in-door testbed.

The in-door platform will be mostly made of laptops (the mobile entities) and desktops (servers like the Home Agent) computers. Machines running on Linux (Ubuntu Linux) are favored, but due to lack of available implementation of some necessary mechanisms, the IPv6 testbed is most likely going to also contain entities running on BSD-like OSes. Open-source implementations of these mechanims are available. The intern will thus be involved in the open-source development commit to fix bugs.

If good progress is made, the system will be brought to the vehicular platform and further validation tests will be performed. If proven successful, access control will be configured in an operational mode so that the mechanisms could constantly be re-used in forthcoming experimentations using the vehicular platform and validated with ITS applications such as toll payment, emergency calls, and collision avoidance.

Key words

  • IPv6
  • NEMO
  • IPsec
  • IKEv2
  • Diameter
  • Linux
  • SeND

Profile of the candidate

Student in its last year of engineering school (Master course) with Linux networking development experience seeking for technical development and hands-on experimentation. See below for the details of the required and desirable skills. The profile of the candidate is thus purely technical although the internship is conducted in a research environment. Candidates looking for a PhD position or for a research experience should abstrain from applying to this internship (other possibilities may exist within IMARA). Applications from candidates with no Linux networking development experience will not be considered.

Required skills

  • Basic Unix command line tools and scripting;
  • C/C++ programming knowledge (patching existing code is required);
  • Linux distributions files layout;
  • Application compilation process;
  • Linux kernel compilation (no kernel level programming is required);
  • TCP/IP(v6), Linux standard networking tools (ifconfig/ip/iproute2/ip6tables/etc);
  • Good ability to communicate in English (written and spoken);
  • Ability to take initiatives;

Desirable experience

  • Collaborative development (svn);
  • Cross compilation;
  • Dpkg package building;
  • Network protocols and related implementations: NEMO Basic Support (UMIP/NEPL) and standard IPv6 protocols (Neighbor Discovery, IPSec, etc)
  • Familiar with EAP, IKEv2, Diameter, Certificate, PKI, SeND
  • Familiar with security threats at the IP level

Administrative Details

  • Contact: Thierry Ernst
  • Expected start: February 2010
  • Duration: 6-8 months
  • Location: INRIA Rocquencourt, Paris area (how to visit us)
  • Host team: IMARA project-team, working on self-driving vehicles and involved in several ITS (Intelligent Transport Systems) projects. IMARA is part of the LaRA joint-research unit.

imara/positions/2010_internship_ipv6security.txt · Last modified: 2011/04/05 14:17 by Paulo RESENDE
Recent changes · Show pagesource · Login