Design and Performance Evaluation of an Authentic End-to-End Communication Model on Large-Scale Hybrid IPv4-IPv6 Virtual Networks to Detect MITM Attacks

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The introduction provides an adequate background on the IPv4 to IPv6 transition, highlighting the issues surrounding hybrid networks and Man-in-the-Middle (MITM) attacks. The research design appears appropriate for evaluating the performance of the proposed model in hybrid IPv4-IPv6 networks. The use of Linux-based virtual machines and the simulation of large-scale networks align well with the study's goal of detecting MITM attacks. The design also compares the proposed model with existing methods, which strengthens its validity.

Some comments to improve the paper:

-The methods are well described, covering the key exchange algorithm, HMAC-based authentication, and the simulation setup. However, the explanation of how random numbers, session keys, and HMAC values are generated could be elaborated for better clarity.

-Providing more information on the criteria used to select the hardware and software environments would aid in reproducing the study. For example the operating systems, network topology etc.

-Additional references should be added to support claims about the advantages of IPv6 and details regarding specific attacks. For instance, the statistic on network transitions would be more credible with specific citations.

-The quality of graphs should be in a better resolution. Consider using graph editor such as  Gnuplot to plot the graph or add an image with higher resolution.

Author Response

Comments 1: -The methods are well described, covering the key exchange algorithm, HMAC-based authentication, and the simulation setup. However, the explanation of how random numbers, session keys, and HMAC values are generated could be elaborated for better clarity.

Response 1: The explanation of how random numbers, session keys, and HMAC values are generated has been elaborated on Page 5 and lines number 167 to 177.

Comments 2: -Providing more information on the criteria used to select the hardware and software environments would aid in reproducing the study. For example the operating systems, network topology, etc.

Response 2: The information regarding hardware, software, operating systems, network topology, etc. has been provided on Page 9, and line numbers 247 to 250, and Table 4 has also been updated.

Comments 3: -Additional references should be added to support claims about the advantages of IPv6 and details regarding specific attacks. For instance, the statistics on network transitions would be more credible with specific citations.

Response 3: The additional references have been added to support the advantages of IPv6 and details regarding specific attacks in the references section as [2], [3], and [4].

Comments 4: -The quality of graphs should be in a better resolution. Consider using a graph editor such as Gnuplot to plot the graph or add an image with a higher resolution.

Response 4: The quality of graphs has been improved for better resolution.

Reviewer 2 Report

Comments and Suggestions for Authors

Review
of the paper: ”Design and Performance Evaluation of Authentic
End-to-End Communication Model on Large Scale Hybrid
IPv4-IPv6 Virtual Networks to Detect MITM Attacks”
by Zeeshan Ashraf, Adnan Sohail,
Muddesar Iqbal and Shancang Li presented
for the journal ”Cryptography”.

This article presents an end-to-end communication model to
detect a Man In the Middle attacks by using a pre-shared symmetric
key.

The document should present analysis of how ”secret key calcu-
lation” was made if ”pre-shared key” is not used but as an example
Rivest–Shamir–Adleman key was used.

Better algorithms for key calculations should be used by authors
to give shorter computational time for presented examples with
comparison to other methods used off-the-shelf in this paper.
The size of article is acceptable but it can be increased.
In some places the English language in the paper should be more
precise.

The Originality report gives index 37%.
The authors should refine the text in some places to improve
the originality and reliability of the document.
Remarks.

Now the paper is concentrated on high level communications
between the nodes in large scale hybrid ipv4-ipv6 virtual networks.
In subsection ”6.2. Communication through Socket Program-
ming” the authors are not mention about possibilities of C# usage.
The reference list is acceptable but some numerical algorithms
should be referenced.

What is missing now in the paper - the authors should note
that the branch of extended Euclidean algorithms give their ben-
efits when a and b are natural coprime numbers with variable
length. Thus, many extended Euclidean type algorithms are ex-
tensively employed in cryptography. More time and computational
complexity comparisons in same branch of numerical algorithms
should be presented with variety of methods and newer famous ex-
tended algorithms of Euclidean type examples which are strongly
connected to receiving the cryptographic keys especially for long
keys (with different bit lengths): ”new extended based on general-
ization of tembhurne-sathe algorithm”, ”extended based on gener-
alized daykin-harris algorithm”, ”new extended based on general-
ization of harris algorithm”, ”new extended algorithm using least
absolute remainder”, ”new refined enhanced hybrid extended algo-
rithm” and others.

The topic of research is actual and the practical and theoretical
benefits are given but the authors should make some improvements
in experiments of receiving cryptographic key in the cases when
”pre-shared key” was not used.

Comments on the Quality of English Language

In some places the English language in the paper should be more precise.

The Originality report gives index 37%.

The authors should refine the text in some places to improve the originality and reliability of the document.

Author Response

Comments 1: The document should present analysis of how ”secret key calculation” was made if ”pre-shared key” is not used but as an example Rivest–Shamir–Adleman key was used.

Response 1: The detail has been added regarding Rivest–Shamir–Adleman key and analysis on Page number 3 and line number 82 to 89.

Comments 2: Better algorithms for key calculations should be used by authors to give shorter computational time for presented examples with comparison to other methods used off-the-shelf in this paper. The size of article is acceptable but it can be increased. In some places the English language in the paper should be more precise.

Response 2: The size of the article has been increased. The English language has been done precisely in different places in the paper.  

Comments 3: The Originality report gives index 37%. The authors should refine the text in some places to improve the originality and reliability of the document.
Remarks.

Response 3: The text has been refined in some places to improve the originality and reliability of the document. The index of originality report has been decreased.

Comments 4: Now the paper is concentrated on high level communications between the nodes in large scale hybrid ipv4-ipv6 virtual networks. In subsection ”6.2. Communication through Socket Program-ming” the authors are not mention about possibilities of C# usage. The reference list is acceptable but some numerical algorithms should be referenced.

Response 4: In subsection 6.2, it has been mentioned about possibilities of C# usage for socket programming on Page number 11 and line number 252 to 253.

Comments 5: What is missing now in the paper - the authors should note that the branch of extended Euclidean algorithms give their benefits when a and b are natural coprime numbers with variable length. Thus, many extended Euclidean type algorithms are extensively employed in cryptography. More time and computational complexity comparisons in same branch of numerical algorithms should be presented with variety of methods and newer famous extended algorithms of Euclidean type examples which are strongly connected to receiving the cryptographic keys especially for long keys (with different bit lengths): ”new extended based on generalization of tembhurne-sathe algorithm”, ”extended based on generalized daykin-harris algorithm”, ”new extended based on generalization of harris algorithm”, ”new extended algorithm using least absolute remainder”, ”new refined enhanced hybrid extended algorithm” and others.

Response 5: It has been provided the benefits of extended Euclidean algorithms on Page number 3 and line number 86 to 89.

Comments 6: The topic of research is actual and the practical and theoretical benefits are given but the authors should make some improvements in experiments of receiving cryptographic key in the cases when ”pre-shared key” was not used.

Response 6: The improvements in experiments have been made. The hashing function was included when a pre-shared key was not used on Page 5 and line number 167 to 170.

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The paper is significantly improved.

But even now the authors did not have mention in the paper the recent modifications of extended Euclidean algorithm (so called hybrid algorithms) which are connected to the names of Daykin-Harris, Harris and Tembhurne-Sathe.

Author Response

Comments 1: Even now, the authors did not mention in the paper the recent modifications of the extended Euclidean algorithm (so called hybrid algorithms) connected to the names of Daykin-Harris, Harris and Tembhurne-Sathe.

Response 1: The extended Euclidean algorithms connected to the names of Daykin-Harris, Harris and Tembhurne-Sathe have been mentioned on page number 3, line number 89, and included in the references [19-23].