VIC6-link

Built By
IPv6Now-link

aigroup-link



Seed Funding
VictorianGovernment-link



Core Nodes
LateralPlains-link
La Trobe University link


Industry Nodes
Centre for Health Innovation link

Sponsors
LateralPlains-link PPS-link NeighbourhoodCable-link Cisco-link Nominum-link Matrium-link AARNet-link La Trobe-link eVision link

Maddocks link

Phase 3: Financial Sector and VIC6


The aim of VIC6 Phase 3 was to build one or more demonstrations of IPv6 capability to support applications for the financial services sector. Arising from these demonstrations, sector organisations would then be in a good position to gain understanding and experience to allow smooth transition to IPv6, which will ultimately stimulate sector innovation based upon IPv6.


Development of Phase 3

1. Business Analysis: discussions with the Victorian financial sector on the business parameters, issues and timelines to IPv6 adoption.
2. IPv6 Demonstration: based upon the Business Analysis, designing relevant demonstrations of financial sector applications and VIC6 network interoperability.
3. Project Review: Based upon the above, providing a written analysis on the results, the issues arising, and the potential benefits of IPv6 to the financial sector.

Financial Sector Input

Material for the business analysis of the needs of the financial services sector was obtained by VIC6, despite the sector's considerable distraction regarding the Global Financial Crisis, which imposed a significant delay on both outreach and activities. Despite the difficulties, VIC6 Financial Services Working Group meetings took place on 13 July 2009 and 12 August 2009. A VIC6 Financial Services Workshop was held on 9 September 2009 in Ballarat, to clarify useful areas for an IPv6 demonstration.

All participants were focused on survival and cost in the context of the financial crisis, but were still extremely helpful in clarifying potential finance sector involvement in IPv6 and the VIC6 TestNet. Over time, participants included eVision Pty Ltd, the Internet Commerce Security Laboratoryi (ICSL), from the Centre for Informatics and Applied Optimisation (CIAO) University of Ballarat, eB2Bcom, and Financial Services Protection Limited.

eVision Pty Ltd
eVision provised MessageXchange, the leading cloud computing B2B Integration service for hosting and automating message exchanges and business processes with other businesses and customers. MessageXchange is a multi-tenanted service that provides all the benefits of cloud computing for B2B Integration. It has full B2B System Integration, Business Process Management (BPM), Business Intelligence (BI), and B2C and C2C Web Forms functionality; and delivers a guaranteed service level to ensure business continuity from its high-availability, secure and redundant infrastructure for 24x7 global operations. See http://home.messagexchange.com

Centre for Informatics and Applied Optimisation (CIAO)
The Centre for Informatics and Applied Optimization (CIAO) is a unique research centre, established in 2001 and located within the Graduate School of Information Technology & Mathematical Sciences at the University of Ballarat. CIAO is internationally recognized for pure and applied research in optimization, data mining, internet commerce security, virtual reality and simulation, and health informatics. CIAO has five Research Groups and Laboratories: Mathematical Analysis & Optimization, Data Mining & Informatics, Virtual Reality & Simulation, Internet Commerce Security, and Health Informatics. See http://guerin.ballarat.edu.au/ard/itms/CIAO/ciao.shtml

Internet Commerce Security Laboratory (ICSL)
The Internet Commerce Security Laboratory (ICSL) is a research unit of the University of Ballarat, within the Centre for Informatics and Applied Optimization (CIAO) and the Graduate School of Information Technology and Mathematical Sciences (GSITMS). Its objectives are to address commerically relevant security issues affecting the continued uptake of internet commerce; to focus on research into fraud and associated illegal activity in the internet commerce sector; to enhance the knowledge and tools available for the development of simple safe and secure environments to support the continued uptake of internet commerce and identity management; and tobuild a state and national capacity to tackle security problems in internet commerce through highly trained ICT graduates. See http://www.icsl.com.au.

eB2Bcom
eB2Bcom is a value-add Master Reseller in the Asia-Pacific region for a number of leading-edge software suppliers of Identity and Access Management and ICT security products. Established in 1996, it has staff and offices throughout the region. eB2Bcom is independent of, but works closely with, systems integrators and consultants, resellers, telcos, ISPs and technology vendors. See http://www.eb2bcom.com.

Financial Services Protection Limited (FSPL)
Financial Services Protection Limited is a member-based, not-for-profit, industry association, for AFS licensees, which operates a database of clients who have defaulted with members generally through non-payment or non-delivery of securities. See http://www.fsprotection.com.au

1. Business Analysis

Areas of interest covered production readiness testing, tips & pitfalls, transition cost estimating, issues with legacy backend systems, mobile internet access devices, system-to-system messaging solutions, the potential for a message exchange facility on VIC6, authentication issues, IPv6 readiness, and security and potential IPv6 malware. Discussions with sector members covered the following areas.

eVision
Interested in loading MessageXchange platform for B2B transactions into VIC6 plus provision of training and outline of platform operation. Opportunity for others to develop new transaction models. Further development to occur under the VIC6 T&C's, that is, non-production system but trialling for production.

eB2Bcom
They're interested in moving their facilities using an Active Directory service to IPv6. How will their software work in v6? eB2B have customers in defence but also perform authentication so impacts customers in finance industry.

ICSL
Two student projects have started, plus there is the capacity for more student projects. A relationship has developed with Chinese expertise and ICSL whereby IPv6 transactions can undergo rigorous testing for financial systems when subjected to a level of threat. In particular, will existing systems work?

ICSL input regarding threats from malevolent users: Element missing from testing: legitimate public users are not the only users of the Internet, illegitimate users are also present. Need to be able to emulate illegal activity as part of the testbed. Potential student activity from the ICSL to generate illegal activity emulation. Aust Govn assistance also available especially law enforcement agencies, however they may not be interested in shared activity with other countries.

AFP visiting ICSL in Ballarat in October (Tentative date 20/10) to discuss combined research with ICSL. There may be interest in the benefits that IPv6 may have for AFP or any law enforcement agency, especially with regard to:
  • Tracebacks
  • Filtering
  • Denial of service - is there an opportunity to test IPv6 best practices?
  • What are the areas of interest from both the attacker's and victim's standpoint?
    • 1. Malware and botnets
    2. Distributed Denial of Service attacks
  • Role of NAT in protection
  • Attacks occurring primarily at the perimeter

IBM is able to contribute some intellectual property regarding best practice in IPv4, need to then develop best practice for v6 and compare the two via the VIC6 testbed. Individuals within IBM involved with network security have expressed interest. This activity needs to focus on real needs of the marketplace required to roll out IPv6. AGIMO has brought forward the timetable for IPv6 deployment within government with which DSD will need to comply.

ICSL has Professor Lu visiting from Chin Hua University early in 2010 who may be able to use VIC6. A masters student is working on IP Traceback who may be able to work with existing two students working with VIC6.

ICSL Student Projects
Project 1 (Nico):
Attempting simulation using IPSec as security at the network layer and will then test performance comparing the relative performance between IPSec under IPv6 and IPv4.
Challenge at the moment is to achieve a workable setup capable of being measured. Overall project needs to be finished by Oct 30.
The report will examine the relative efficiencies achieved because of the fact that v6 was designed from the outset to work with IPSec whereas v4 has had it fitted on as an afterthought.
The report will be publicly available and specifically will be available to the VIC6 project.

Project 2 (RR): Trying to implement IPv4 banking system in IPv6.

Future student projects: No technical training of IPv6 and even not enough technical training on IPv4 in the curriculum. Mobile phone and laptop are a natural fit with IPv6. The financial services edge device will be the mobile devices, this is especially true for the emerging economies in particular China. ICSL should be investigating and studying mobile clients: VIC6 is a fixed network at the moment. Can a telco (Telstra, Optus etc) be approached? Can the 6in4 tunnel client be compiled for a mobile phone OS? Could this be a future student project?

Financial Services Protection Ltd
Approaches to non-technical financial service representatives to be involved with VIC6. An approach has been made to Mr John Rappell from Financial Services Protection Ltd. Suggested approaching Securities Industry Research Centre for Asia Pacific (SIRCA), National Securities Exchange, Ex GM of Comsec. Email to be sent under Ai Letterhead after approval and vetting from John Rappell.

2. Financial Sector IPv6 Demonstrations

On the basis of industry discussions, potential areas suggested for exploration included: production readiness testing, tips & pitfalls, transition cost estimating, issues with legacy backend systems, mobile internet access devices, system-to-system messaging solutions, the potential for a message exchange facility on VIC6, authentication issues, IPv6 readiness, and security and potential IPv6 malware. In particular:

ICSL: two Honours graduates were utilising the VIC6 testbed as part of Phase 3 (supervised by the University of Ballarat and the Internet Commerce Security Lab): Their work focusses on the implications of utilising IPSEC in relation to consumer-based online banking and a comparative analysis of IPSEC in IPv4 and IPv6. The demonstration will involve setting up connections between virtual machines set up by VIC6 and a consumer-type laptop from outside the network.

FSPL: a meeting took place on 30 July between IPv6Now VIC6 representative Kevin Karp and Mr John Rappell from Financial Services Protection Ltd, to identify key finance industry contacts that are technology innovators. The intention is to make contact with identified individuals, with a view to involving them in VIC6 test activities. Organisations identified with initial contacts: Securities Industry Research Centre of Asia-Pacific (SIRCA), National Securities Exchange (NSX), Commonwealth Bank of Australia/Comsec. The FSPL application was identified as technically a suitable candidate for the Financial Services VM demonstration.
  • September 2009: Meetings with FSPL commenced with a view to obtaining approval from the FSP Board for this activity to proceed.
  • February 2010: Board considered invitation to be the demonstrated VM application and formally granted its approval.

eVision Pty Ltd: can provide their MessageXchange platform for use on VIC6 - they need to test its performance on IPv6 and dual stack, then they need to encourage their customers to implement systems using IPv6. Can make available technical experise, licences and Virtual Servers. We have discussed the technical requirements of implementing their platform in VIC6, which looks like being an implementation of a virtual server.

eB2Bcom: want to test their active directory system under IPv6 re their defence customers. The system has links to authentication and could be brought under the ambit of Financial Services. This demonstration did not proceed.

Demonstration Implementations
August 2009: Initial discussions with eVision to import a Virtual Machine (VM) into the VIC6 Virtual Server facility, including discussion of preparation of VIC6 facility. Work was ongoing with PPS and Lateral Plains regarding importing VMWare VMs. Ballarat VIC6 node was moved from Xen to Proxmox/KVM virtualisation technology.

March-August 2010: Technical Preparation of the FSPL VM commences for installation into the VIC6 Virtual Server facility. Repeated attempts at incorporation of FSPL VM into VIC6 facility and testing to confirm operation. 17 August 2010: The FSPL VM succesfully runs and operates in the VIC Virtual Server facility.

Review

Although the FSPL Virtual Machine installation was successful, the Financial Services Sector in general was not able to proceed with any major utilisation of VIC6 due to the project running over time into late 2010. However it was clear from a number of the issues raised by those involved in financial sector security that testing IPv6 will become fundamentally important as the sector transitions out of IPv4 into IPv6.

There was considerable interest in continuing activities of the Working Groups past the immediate life of the project. In particular IBM (via the ICSL) expressed an interest in contributing some of its intellectual property embodied in IPv4 best practices and then modifying them to suit IPv6 and finally comparing the relative merits of the two. There was also considerable interest in formulating new student projects particularly around the areas of curriculum work in the development of IPv6 training and mobile device use of IPv6.