IPv6 Security Issues: A Systematic Review Following PRISMA Guidelines

: Since Internet Protocol version 6 is a new technology, insecure network configurations are inevitable. The researchers contributed a lot to spreading knowledge about IPv6 vulnerabilities and how to address them over the past two decades. In this study, a systematic literature review is conducted to analyze research progress in IPv6 security field following the Preferred Reporting Items for the Systematics Review and Meta-Analysis (PRISMA) method. A total of 427 studies have been reviewed from two databases, IEEE and Scopus. To fulfil the review goal, several key data elements were extracted from each study and two kinds of analysis were administered: descriptive analysis and literature classification. The results show positive signs of the research contributions in the field, and generally, they could be considered as a reference to explore the research of in the past two decades in IPv6 security field and to draw the future directions. For example, the percentage of publishing increased from 147 per decade from 2000-2010 to 330 per decade from 2011 to 2020 which means that the percentage increase was 124%. The number of citations is another key finding that reflects the great global interest in research devoted to IPv6 security issues, as it was 409 citations in the decade from 2000-2010, then increased to 1643 citations during the decade from 2011 to 2020, that is, the percentage increase was 302%.


Introduction:
On 3 rd of February 2011, the Internet Assigned Numbers Authority (IANA) announced allocation of the last batch of IPv4 address blocks to the Regional Internet Registries (RIRs), thus running out of the free pool of available IPv4 addresses in the RIR's designated areas can become a reality at any time 1 .Due to the recent exponential growth of the Internet that leads to the imminent depletion of IPv4 address space, the importance of IPv6 to the future of the Internet is now without question.The IPv6 protocol is based on 128-bit addresses and it can provide roughly 3.4×1038 unique addresses.Not only does this huge number of IP addresses solve the address scarcity in IPv4, it also facilitates the transition to the Internet of Things (IoT), fifth generation cellular (5G), and cloud-based services 2 .For instance, the IoT technology refers to billions of devices around the world, such as smart refrigerators, smart watches, smart fire alarm, smart door lock, smart bicycle, medical sensors, fitness trackers, etc., connected to the Internet with ability of collecting and sharing data 3 .All of these devices need IP addresses to communicate, and only IPv6 technology is able to provide such a huge number of addresses.In addition to the galore of addresses, IPv6 protocol includes many new features that make it an excellent alternative to IPv4, such as new header format, large address space, stateless and stateful address configuration, the mandatory of using IPsec, and new protocol for neighboring node interaction 4 .IPv4 must eventually be replaced with IPv6, despite the existence of some solutions, such as reusing and recycling unused IPv4 addresses by the ISPs and using the network address translation devices that allow using IPv4 addresses privately behind the ISPs router.
The adoption of IPv6 is increasing significantly in recent years.Google is continuously measuring the availability of IPv6 traffic initiated by Google users.According to their IPv6 statistics, the percentage of users accessing Google via IPv6 as of November 2020 is 30%, and more than 25 countries around the world deliver 20% or above of their traffic using the new protocol 5 .Although these numbers clearly indicate that the deployment of IPv6 has become a priority for many organizations and countries, the global network communities are still far from achieving the ambitious goal of IPv6 deployment.Since the IPv6 is a new technology to be deployed in currently established IT environments within the enterprises, it is considered an important financial, administrative and technical challenges for these enterprises.The IPv6 protocol, of course, brings new security threats, and this is a constant concern for enterprises when they start deploying IPv6.IPv6 protocol has some enhancements that increase the level of security, such as the mandatory use of IPSec, Authentication Header (AH), Encapsulating Security Payload (ESP), large address space, and neighbor discovery.However, the IT administrations, network administrators, and network security researchers need more practical guides and technical tutorials to review and/or update IPv4 security and maintenance policies to contain the IPv6 security threats.They are also in need for understanding advantages and disadvantages of certain choices available for IPv6 physical and logical security.They are very familiar with vulnerabilities of IPv4 protocol since they have worked on them for a long time, but they are simply not quite as experienced with IPv6 vulnerabilities 6 .The malicious activities against the all-node linklocal IPv6 multicast address (FF02::1) are attacks caused by security vulnerabilities that still need to be investigated and resolved.These attacks could be launched by sending ICMPv6 echo request packets, ICMPv6 packets with an invalid extension header, an MLD (Multicast Listener Discovery) query, or ICMPv6 Router Advertisement packet with a random address prefix 7 .The attacks against IPv6 tunnel transition mechanisms 8 , duplicate address detection process 9 , and IPv6 neighbor discovery protocol (NDP) 10 are dangerous attacks, still possible, and require in-depth studies and research to produce successful means of countering or at least mitigating them.On the other hand, criminals and hackers are very smart at exploiting available vulnerabilities and discovering new ones.They are constantly looking for new ways to hack and misuse any newly published technologies because these growing technologies can have major security issues and threats that the security community still ignore.Organizations around the world are increasingly finding themselves falling victim of hacking.The results of some recent studies showed that the rate of cyber-dependent crime and online fraud have increased significantly during the COVID-19 outbreak in the UK 11 .Therefore, it is crucial for investigators and researchers to understand the security issues that are related to IPv6 protocol and invent scientific and reliable solutions.The important questions that come to the minds of many professionals in the field are: 1.What is the volume of research published in IPv6 security?2. Is there a significant global interest in research dedicated to IPv6 security issues?3. What are the most important IPv6 security issues addressed in the research?
Researchers have published many ideas highlighting the security threats and the countermeasures, and to date, the prevalence rate of IPv6 deployment is still far from the desired rate despite the fact that more than 20 years have passed since the introduction of the IPv6 protocol 12 .The current study is a systematic literature review that follows the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) methodology 13 .It aims to review the research of IPv6 in a systematic way.The main aspect of the study is to search the literature that allows us to understand the trends, attempts, and main arears in the field.In addition, the study maps the literature to realize the conclusions from the past 20 years and discuss the possible future scenario along with future agenda.There are several comprehensive survey papers on IPv6 security that have been published over the past decade 6, 8-9, 14-15 , but based on our knowledge, this study is the first to address this topic using the systematic literature review and following PRISMA methodology 16 .
The remainder of this paper is organized as follows: Section II explains the methodology of the study.The IPv6 security research analysis and classification results are reported in Section III.Section IV provides general interpretation of the results and summarizes the main findings.And finally, Section V concludes the research.

Methodology:
The PRISMA methodology is an easy to follow framework for reporting in systematic reviews and meta-analyses.It has been applied in many scientific fields such as autism spectrum disorder 17 , biodiesel production 18 , machine learning and deep learning 19 , and student performance assessment 20 .Its framework could be summarized by four main stages: 1-developing search strategy, 2-applying selection criteria, 3-maintaining the quality of results, and 4-extracting the data.In the following sections these stages are described in detail.

Search Strategy
In order to perform the systematic search, a search strategy aiming at identifying the relevant literature is developed.This strategy is tailored to two databases: IEEE and Scopus.These two databases are among the most extensive databases of publications with powerful resources for accessing scientific and technical content.One search term used in querying the databases: "IPv6".Based on the literature returned from the first search attempts, a decision to limit the search to the period 2000 -2020 has been made.

Selection Criteria
The search conducted is mainly aiming at mapping existing literature on IPv6 protocol to the field of security.The search is narrowed to the Computer Science and Engineering science fields.The search span was for the last two decades, from year 2000, a few years after announcing the IPv6 technology, until year 2020.All studies that were not published in the period 2000 -2020 were excluded.The search covered all countries of the world and no country was excluded, but the studies not published in English were excluded.Since the search criteria in IEEE and Scopus are slightly different in terms of criteria names and numbers, appropriate selection criteria were applied for each.In IEEE, the "publishing topic" criterion was set to "computer network security", which resulted in 4,185 studies out of 4,824 studies being excluded.Therefore, the total number of studies extracted from the IEEE is 639.Regarding the Scopus database, the "keyword" criterion was set to "network security".The number of studies extracted is 517, while the total number extracted was 8,080 studies, meaning 7,563 studies were excluded.The final number of studies extracted from the two databases is 1156 studies.

Maintaining Quality
For maintaining the quality of the review, three main tasks have been carried out over the results of the search: 1. Filter based on article type: this task is carried out by filtering the "document identifier" field in the IEEE database and the "document type" field in the Scopus database.All studies that are not research papers, review papers, or conference papers have been excluded from the studies list.

Extracting the Data
In the data extraction phase, a total of 427 studies were selected from the two databases.Data extracted from the selected studies involved: authors, title, year, volume, issue, page count, affiliations, authors with affiliations, abstract, author keywords, funding details, reference count, article citation count, and document type.Fig. 1, shows the flow chart of inclusion and exclusion process according to the PRISMA guidelines.

Data Analysis
The aim of the data analysis task was to identify clues relating to the review's objectives and questions.Three different classification processes have been performed.The title, abstract and keywords were the basic data adopted during the analysis process as they were analyzed meticulously.First, each study was classified as either "conceptual contribution" or "practical contribution".The "conceptual contribution" class means that the research described, analyzed, compared, or reviewed a research topic, and the "practical contribution" class means that the research proposed, presented, designed, or developed a system or program to solve an existing problem after presenting it in detail.Another classification was performed which was according to the scope of the study.Scope refers to the extent to which an IPv6 research area is explored and the parameters within which the study will be operating.For example, a researcher wanted to study how to secure an IPv6 communication type in wireless networks and he covered the multicast type communication along with the MLD 2 (Multicast Listener Discovery) component in his study, so the classification of his study will be represented by the string of "wireless network; IPv6: multicast; MLD2".This string has two sides separated by colon, right side or the field(s) and left side or the parameter(s).The left side represents the scope that the researcher worked on and the right side represents the parameters that the researcher dealt with.The components of either sides are separated by semicolons.The third classification made is the classification of studies according the problem they aim to solve.For example, "DoS Detection", "Packet Classification", etc.

Results:
This section reports the results of applying PRISMA methodology based upon the data gathered.To report the results in an orderly manner following a logical sequence, this section is divided into two parts, descriptive analysis and the literature classification 21 .

B-The percentage of publications by type:
Figs. 4 and 5, illustrate the percentages of studies according to the types.The largest percentage 89.75% of IEEE publications was for the conference type, while percentages of journal research and review papers were 8.20% and 2.05% respectively.Regarding the Scopus publications, the largest percentage of publications was also of the conference type, which is 63.39%, but the percentage of journal papers published is 34.43%, greater than that of the IEEE.The percentage of review papers was the lowest in both databases, it was 2.05% in IEEE and 2.19% in Scopus.

C-The percentage of publications by region:
The percentages of studies were calculated for IEEE and Scopus databases according to the regions of the world as in Figs. 6, 7. The aim of these calculations is to shed more light on the active regions in IPv6 security research.The regions were extracted either by knowing the country to which the main author belongs, or by the country name mentioned in the title or in the abstract.It is clear that the largest percentages of studies published in IEEE (59.43%) and Scopus (60.11%) come from Asia, then Europe comes second and North America comes third in both databases.D-Percentage of funded research: Since the funded research can enhance the IPv6 security research and reflects an institutional interest in the field, the percentage of funded research and the percentage of unfunded research were calculated as in Figs. 8 and 9.The rates of funded research published in both IEEE and Scopus are 5.74% and 16.39%, respectively.

Literature Classification
A-Classification of studies based on the type of contribution: Fig. 10 displays the number of studies that have been classified into "practical contribution" and the number of studies that have been classified into "conceptual contribution" for each database.The large number of studies published in both databases were classified as "practical contribution", 175 in IEEE and 141 in Scopus.This means more 70% of the research published in IEEE and Scopus aimed at providing a practical solution to a security problem in the IPv6 protocol.Table .3, presents the results of categorizing studies according to the scopes in order to find out more about the research areas related to the IPv6 protocol that were addressed.The first column represents the category, and it is the left side of the scope string.Since the number of parameters is large in some fields, they are not displayed, rather their numbers are displayed for each category as in the second column.The third column shows the database.As for the fourth and fifth columns, they indicate the number of studies and their percentage to the studies published in the database and categorized for the category mentioned in the first column.The "IPv6" category contained the largest percentage of studies published in the two databases, examples: enhancing the anonymity of the host 22 , Router Advertisement flooding attacks detection 23 , IPv6 traffic monitoring 24 , MITM attack detection 25 , and DoS detection 26 .Most of these studies were of the practical contribution type.The relationship between the IPv4 and IPv6 protocols has been significantly examined in the literature.The studies considered in this paper that addressed these two protocols together are grouped into a category called "IPv4; IPv6".The percentage of studies in this category was 13.93% in IEEE and 8.74% in Scopus.The largest percentage of studies have addressed the challenges of moving to IPv6, with 16 of the 34 studies published in IEEE and 11 of the 16 studies published in Scopus.Most of these studies were of the type of practical contributions that proposed solutions to security issues of IPv6 transition methods such as securing IPv6 transition [27][28][29] and dual stack issues [30][31] .However, some studies of the conceptual contribution type have provided a comprehensive survey of IPv6 transition methods with a focus on security 32 .There are also other studies that examining the detection of special attacks in dual stack networks such as spoofing 33 , ICMPv6 DoS flooding 34 , and anomaly behaviors 35 .
The "IoT" category also attracted the attention of researchers.The percentages of studies in this category were 9.43% and 13.66% for IEEE and Scopus respectively, with a remarkable percentage of studies from conceptual contribution type.Research in this category has mainly focused on two parameters, 6LoWPAN protection and encryption methods.Examples of the research problems that have been tackled include node misbehavior detection 36 , identification of securing 6LoWPAN techniques 37 , and securing group handover 38 .Some studies have focused on the routing protocol for wireless networks, the RPL protocol to address some issues in IPv6 security over IoT such as detecting excessive broadcasts 39 , Blackhole attacks detection 40 , detection Sybil attack [41][42] , 6LoWPAN security of link-layer protocol headers 43 , and DNSv6 authentication.The research areas MIPv6 and PMIPv6 formed two distinct classes.Since the only bulk difference between the two fields is that the MIPv6 is a host-based protocol, while PMIPv6 is a network-based protocol 44 , they were treated as one category.Total studies in this category were 44 studies, and the percentage of parameters that are related to IPv6 security was 66%.Examples of these parameters are CPK-based authentication, AAA protocol, IPSec, binding update, and twofold encryption.Several IPv6 security issues addressed by the studies in this category, examples include securing the network access and data transmission 45 , enhancing the authentication process during mobile nodes hand off 46 , securing binding updates 47 , and intrusion detection in mobile IPv6 networks 48 .Some studies have focused on parameters related to the operations of MIPv6 and PMIPv6 such as nodes location update, binding update, route optimization, and Mobile Node and Correspondent Node hand over schemes.However, the objectives of the studies were not far from the topic of IPv6 security, examples of objectives include solving inadequacy of the protection of proxy update and acknowledgement messages 49 , detecting MITM, hijacking, and DoS attacks [50][51] , and detecting unauthenticated and unauthorized binding update attacks 52 .Table 4 provides examples of studies from some other categories with explanation of the parameters that the studies worked on and the issues that they tried to solve.

Discussion:
An evidence from the literature on IPv6 security is presented in this systematic review.From two public databases, IEEE and Scopus, a total of 12,904 studies published during the period 2000 -2020 were examined.Only the 427 studies that helped spread knowledge about IPv6 vulnerabilities and how to address them were selected.Among the published studies on the IPv6 protocol, a significant number of studies have explored security issues, and they were often devoted to discussing IPv6 security issues Ethernet, wireless, and mobile networks.There is a number of studies that explored security issues in the operational protocols such as ICMPv6 and in the transition methods from IPv4 to IPv6 such as dual stack, tunnels, and NAT64/DNS64.There were a number of studies devoted to exploring methods of mitigating or detecting malware attacks, and all of these studies were worth taking into consideration.Consequently, a filtering process was carried out in three stages to include only the studies that serve the purpose of the review, and these stages were: filtering based on article type (research, review, and conference papers), exclusion of duplicated studies, and evaluation of studies (abstract, keyword, and title).
Recent reviews of IPv6 security issues have focused on existing attacks in IPv6, IPSec, common threats in both IPv4 and IPv6, and security issues related to transition methods, and thus also been able to provide relatively straightforward conclusions or recommendations.Based on their review of malicious attacks in IPv6, A. Shiranzaei and R. Z. Khan 70 , for example, concluded that IPv6 raises new security challenges despite the new security functionalities and despite the fact that IPSec is mandatory to setup in the new protocol.In fact, this is similar to the conclusion of this review.However, expanding the review to include studies addressing IPv6 security issues in a specific environment, such as the IoT, wireless, and local link will lead to further conclusions.In their systematic review of FMIPv6 enhancements, some researchers concluded that the unique operational features of FMIPv6 can potentially address some of very complex mobility management challenges in IPv6-based 5G network 71 .Since this review has a more general focus, such conclusion could not be reached.The analysis and classification of the literature followed in this review raised several important insights and allowed some recommendations for further research.The first key finding shows that there is a significant increase in the IPv6 security literature after 2005.In the sense that interest in this field of research began more than 15 years ago, meaning that this field of research is relatively still in its infancy to some extent.In contrast with the first decade, the second decade has witnessed an obvious increase in the research publications.The number of researches published in the first decade 2000 -2010 was 147 while it increased to 330 in the second decade 2011 -2020, meaning that the percentage of increase was 124%.The number of citations is another factor might reflect a significant global interest in research dedicated to IPv6 security issues.It was 409 in the first decade, then it increased to 1643 citations during the second decade, meaning that the percentage of increase was 302%.However, the largest percentage of published research, which is about 78%, was of the conference type.Generally, in most fields, the research studies published in well-known journals tend to have a greater rank than the research studies presented in famous conferences or published in their proceeding.Consequently, more studies regarded as very high quality work, i.e. published in well-known journals, would be needed to fill this gap.
The largest percentage of studies, which was 60% comes from Asia, and the percentage of studies funded by countries of the Asian continent to the percentage of studies funded by countries of other continents was 64%.It can be concluded from these two percentages that the countries of Asia are more involved in researching security issues for IPv6 than other countries of the world.However, this does not necessarily mean that the countries of Asia have the highest percentage in terms of IPv6 deployment.
According to some recent analytics, the top five countries with highest estimated number of IPv6 users worldwide contain three countries from Asia along with USA and Brazil as well 72 .The scope of IPv6 was explored in a high percentage of the studies that were reviewed, exceeding 40%.Various vulnerabilities, exploitation and attacks were also addressed.Mitigation and detection methods were suggested in operational and regulatory protocols in IPv6 technology such as NDP, IPSec, DHCPv6, NAT64, DNS64, DNSv6, and ICMPv6.This is the main reason why the percentage of studies aimed at providing a practical solution to a security issue was more than 70% in both databases.This finding can bring very positive connotations to mind, since such kind of studies are an increasingly important component of proactively assessing flaws in the fabric of IPv6 technology and fixing them, and thus securing the new protocol against malicious attacks.However, there is a necessary need for more studies with conceptual contributions to clarify the state of knowledge, explain apparent flows, and identify needed research within the scope of IPv6 protocol.A total of 50 studies addressed both IPv4 and IPv6 and more that 50% of these studies examined the security challenges of IPv6 transition.There were distinct efforts exerted to present challenges and methods to overcome them, and the percentages of conceptual contributions and practical contributions were 40% and 60% respectively.However, by comparing these studies, it was found that the least effort was for dual stack and NAT64.These two transition methods are currently the preferred ones, as the general trend for migration is either to dual stack or to native IPv6 73 .Given the importance and effectiveness of these two transition methods, this may be an important area to explore further with regard to security challenges.
Researching IPv6 security issues in IoT, WSN, and MIPv6 environments has drawn much attention.This research began to appear since 2011, a period that also witnessed the beginning of interest in the IoT and WSN technologies.The percentage of studies reviewed in this paper that examined these scopes was 40.52%, most of which, around 79.19%, was devoted to solving security issues related to the IPv6 protocol, and most of these issues was about the authentication, encryption, and detection of famous attacks.It was, however, in relation to the traffic monitoring, that the gaps in the literature were most evident.Even though a few papers explored IPv6 traffic monitoring in IoT, WSN, and MIPv6, traffic classification and packet inspection topics were significantly under researched areas.The studies reviewed in this paper were from IEEE and Scopus databases.It thus has to be acknowledged, that the studies may represent a particular set of IPv6 scopes, parameters, and research problems.No major differences in terms of scopes, parameters, and research problems were identified in the studies included from IEEE and from Scopus.To make any firm comparison, more literature from other databases would be required.Finally, the utilization of ICMPv6 vulnerabilities and DNSv6 and DHCPv6 services vulnerabilities in Ethernet and wireless networks are areas which would benefit from being researched in further depth.Moreover, they could be expected to contribute positively and significantly to the migration from IPv4 to IPv6.

Conclusion:
This systematic review has analyzed the literature on the next Internet protocol technology, the IPv6 with a focus on security issues.A topic which is rarely explored from a qualitative perspective.The review concluded to a number of key findings that shows positive signs of published research and contributions in the field.For example, there is a significant increase in the IPv6 security literature after 2005 and also the scope of IPv6 was explored in a high percentage.Additionally, a lot of important parameters have been examined in terms of the IPv6 security such as NDP, SeND, DAD, SLAAC, IPSec, and 6LoWPAN.However, a number of important gaps were also identified.To fully understand the vulnerabilities that may hinder the deployment of IPv6, more comprehensive studies, which explicitly clarify the state of knowledge, explain apparent flows, and identify needed research within the scope of IPv6 protocol.Moreover, any effort devoted to explore the dual stack and NAT66, which are the general trend for migration to IPv6 would be a welcome addition.Finally, the IPv6 traffic classification and packet inspection topics need to be extended to cover the IoT, WSN, and MIPv6 environments rather than limited these topics on the Ethernet and local link networks.
A-The annual number of publications and citations: Figs. 2 and 3, show the number of studies published and the total number of citations in the years 2000 -2020 for IEEE and Scopus databases.The number of studies published in IEEE and Scopus during the decade 2000 -2010 was 97 and 50 studies, respectively.While the number of publications during the second decade 2011 -2020 reached to 147 and 183 studies.The number of citations has also increased rapidly.The total of citations for IEEE and Scopus publications during the first decade 2000 -2010 was 409 citations, and increased significantly during the second decade 2011 -2020, reaching 1643 citations.

Figure 1 .
Figure 1.Flow diagram of study selection.

41 .
80% for IEEE and 42.08% for Scopus.The studies classified in this category addressed 64 parameters in IEEE and 95 parameters in Scopus, examples of parameters include: DHCPv6, ICMPv6, NDP, SeND, SLAAC, DAD, IPsec, AAA protocol, CGA, cryptographic hash function, BGP routing tables, NAT64, DNS64, DNSv6, IP trackback, IPv6 flows, and IPv6 packets.The studies attempted to address and solve many research problems, for

Table 1 . Selection criteria step
Table. 1, summarizes the selection criteria step.

Table 2 . Maintaining quality stage
The studies published in IEEE magazines are excluded as these studies might be tutorials or summaries updating a technical area.As a result, 25 studies were excluded from IEEE database and 2 studies were excluded from Scopus database.2.Exclusion of duplicated studies: this task is simply implemented by making use of the features available in the MS Excel, i.The studies that were not cited and published five or more years ago, i.e. number of article citations = 0 and year of publication <= 2015, were excluded.These studies were excluded as the lack of citations after five years of publishing a research reflects a weakness in the research contribution.As a result, 168 studies were excluded from IEEE database and 89 studies were excluded from Scopus database.Table2displays statistics of studies after implementing the tasks of the maintaining quality stage.
e. removing duplicate in the data tab and using the match function.It was carried out in two stages: 2.1 Examining studies in each database separately for duplicates: this resulted in excluding 9 studies from the IEEE database and 3 studies from the Scopus database.2.2 Examining studies in the two databases together for duplicates: this resulted in excluding 92 studies from the Scopus database.3. Evaluation of studies: this task took place in two stages: 3.1 Each study was carefully evaluated by reading and analysing the abstract to select only studies that investigate IPv6 network security.Not all studies were equally relevant for inclusion in the list.For example, studies that looked at IoT only or looked at 3g and/or 4g networks were excluded.Therefore, 193 studies were excluded from the IEEE database and 148 studies were excluded from the Scopus database.3.2