The next generation of internet is regarding the next generation of the internet protocol where IPv6 is a technology which gaining a lot of force. The internet protocol has a major change in the basic network infrastructure. In the internet today, there is two version of internet protocol (IP) which is IP version 4 (IPv4) and IP version 6 (IPv6). These two protocols are the technical rules of how the computers are communicated over a network. Internet todayis counting on IPv4 and this protocol is widely used. This protocol is just over 4 billion of address which is not going to last forever because of the growing of internet.On the other hand, IPv6 is a newer protocol that gives much more IP address compare to IPv4 and also will fulfill the future need of the internet. The numbers of IP address will be the great differences between IPv4 and IPv6 where IPv4 has 4,294,967,296 of addresses and IPv6 has 340,282,366,920,938,463,374,607,431,768,211,456 of addresses. This two version of internet protocol have remain the same technical functionality and likely to be work well on each other on the network in future because until today, most network that uses IPv6 is also support IPv4 in their networks. This research will reviews on Internet Protocol version 4 and Internet Protocol version 6, with an emphasis on the transition and security issues on both protocol. At the end of the research, it summarizes the most common security concerns regarding these two protocols.
Keywords
IP, IPv4, IPv6, protocol, research, internet
Introduction
The rapid grow of internet and development of high speed broadband network has making the internet suffer from its own success. The current generation of internet protocol, IPv4 which deployed in 1981 has supported the internet for more than 20 years and this also proven IPv4 are easily implemented and interoperable. The IPv4 which use 32-bit address space can support about 4billion address of network which sound to be great but due to the development of information and technology example the new rising 3G and 4G wireless device and other wireless gadget have gave IPv4 a worried of insufficient of IP address.
Besides that, another problem facing in IPv4 is the security issue where during the time of designing in IPv4, the internet was thought to be a friendly environment and do not assuming there will be attack or other security problem will be on it. Therefore, the origin architecture of IPv4 does not embedded with security on it. In order to overcome the exhaust of IPv4, the internet protocol team, IETF (Internet Engineering Task Force) has deployed a new internet protocol which called IPv6 in 1999. Internet Protocol version 6 (IPv6) which use 128-bit address space can used to assign more than 5x10^28 address and also almost infinite address space compare to IPv4. This new IP have eliminated the problem on IPv4 and also give some new features and services for the security site. Display 1.0 showing the physical different between IPv4 and IPv6.
Display 1.0 (Physical different between IPv4 and IPv6)
Before further on, as we know that the both IPv4 and IPv6 have a same basic mechanisms in transporting packets across network which stay mostly unchanged. Moreover, in the upper-layer protocols that transport application data also unaffected. In IPv4, there are several security threats, for instance, denial of service attacks (DOS), viruses and worms distribution, man-in-the middle attacks (MITM), fragmentation attacks, port scanning and reconnaissance and ARP poison and ICMP redirect. Many techniques have been developed to overcome the security issues on IPv4 such as implement IP Security (IPsec), Network Address Translation (NAT) and Network Address Port Translation (NAPT). These techniques are to facilitate the re-use and protection of the rapid depleting of IPv4 address space. Although IPsec is helping for encrypt communication between hosts but this is still an optional way and continues to be the responsibility of the end nodes. On the other hand, IPv6 system are seem to be more secure than IPv4 in well coded application which called “ideal environmentâ€, efficient key management and robust identity infrastructure. Besides that, most security is easily breach in the application layer, even though IPv6 has implemented with IP security but it do not guarantee that attack are 100% can be avoided.
In addition, by transition from IPv4 to IPv6, problem of IPv4 shortcoming address can be solve and IPv6 can be enhanced to, for example, concentrate routing information in the layering address structure, automatically set address, add the security feature offered by IPsec( IP Security), and add a QoS(Quality of Service) feature. In next session, will be discuss the technical review of the IPv4 security issues.
Technical Review
As stated previously, the design of IPv4 is no security in mind. Therefore, the security should be the responsibility of the end hosts [1]. For example, if an application such as email needs an encryption services, it have to get the service from end host because the end host responsible on it and do provide such services. Nowadays, as the origin internet persist to be completely transparent and without security framework is provided for resilient against threats, for example such as denial of service attacks (DOS). DOS is an attack where services are flood with large amount of illegitimate request that makes the target system unreachable by legitimate users. The examples of DOS attack are broadcast flooding attack and Smurf attack [2].
Secondly, a threat such as malicious code distribution is where viruses and worms tend to be compromise in the host and infect the remote systems. The small address space in IPv4 can facilitate malicious code distribution [2].
Man-in-the middle attacks (MITM) is where the attacker are being able to read, insert and modify and will message between two hosts without letting the hosts knowing that their communication has been compromised. This attack tends to be happen because IPv4 is lack of suitable authentication system. In addition, ARP poisoning and ICM redirects also can be use to carry out this type of attack [3].
Next, fragmentation attack is an attack that uses many small fragmented ICMP packets and reassembles at the destination because different operating system has their own method to handle large IPv4 packets and this attack exploits the method. It will reassemble more than the maximum allowable size for an IP datagram and will causes the host to be hang, crash or even reboot [2].
Port scanning is also a threat for IPv4 where it used to scan for multiple listening ports on a single, multiple or entire network hosts. Due to small address space in IPv4, it is easy to use the open ports and exploit the specific hosts further in IPv4 architecture [4]. Since the address space is small, to scan the whole class C network will take a little more than 4 minutes.
ARP poison is where an attack is trying to send fake ARP message on a network. The purpose is to link the attack with the MAC address with the IP address of another node. All the information will be store in a special memory location which called ARP table by each host. Every time, if there is connection between unknown host, ARP request and will send out on the network and the unknown host will respond and broadcast its own IP address or router IP with appropriate information. This attack is happen when forged ARP responds the broadcast with inaccurate mapping information that will force the packets to be sent to the wrong destination. ICMP will have a similar approach with ARP poison [2].
From all the above threats above, IPv4 is lack of security support and this is where there transition of IPv6 is coming and to interoperate with IPv4 in the internet up until the time when IPv4 address is run out. In IPv4, IP Security (IPSec) is an optional support for it but in IPv6 implementation is not an optional and it is a must where IPSec include a set of cryptographic protocols to give data communication and key exchange in a secure manner.
The IPv6 transition mechanisms provide a number of features, including the incremental upgrade and deployment. Individual IPv4 nodes and routers may be upgrade to IPv6 one in a time without require other nodes or router to be upgrade at the same time. A new IPv6 hosts and routers can be install one by one and there is also minimal upgrade dependency where before upgrading the host, the DNS server have to be upgraded before it handle the IPv6 address. Next, it is also easy addressing because after the hosts or routers of IPv4 being upgrade, it may able to continue use their existing address rather than assigning a new address. Lastly, it give users a minimal cost in operational upgrade and training expenses because it does not require preparation work in order to upgrade the existing IPv4 system to IPv6 or to deploy the new IPv6 system [5].
There are numbers of IPv6-to-IPv4 transition technologies are introduce to overcome the interoperability between IPv4 and IPv6 issues, such as tunneling, translation and dual stack. Tunneling is a system where it allows IPv6 packets to be transmitted over an IPv4 network without the need to configure communication tunnels. Besides that, in routing where it also in place where allows 6to4 hosts to communicate with the hosts on the IPv6 environment. This is happened when an end site or end users want to connect to the IPv6 environment using their existing IPv4 connection. Even though this tunneling is seem a good transition but there is some threats such as DoS attack may be happen [5].
Meanwhile, transport relay translator (TRT) is a way which enable the IPv6 only host to exchange TCP, UDP traffic with IPv4 only host. This technology is similar with NAT (Network Address Translator) where it translates TCP and UDP from IPv6 to TCP, UDP of IPv4 or vice versa. In TRT, it does not required modification on both initiating host and TRT is free from taking care of fragmentation issues.
Next, dual stack approach is where IPv4 and IPv6 are running concurrently in which the end hosts and the network devices run both protocols, at the same time if IPv6 communication is detected that is the favored protocol. Generally, the dual stack migration is to make the transition from the network core to the network edge. The procedure involve two TCP/IP protocols stack on the WAN core routers, firewalls and perimeter routers and continues with server-farm routers and finally the desktop access routers. Once the networks support the IPv4 and IPv6 protocols, the process will enable dual protocols stack on the servers and then the edge computer systems.
Evaluation
The following table is comparing the key characters of IPv4 and IPv6 and the advantages of IPv6:
Character
IPv4
IPv6
IPv6 Advantages
Address space
4 billion Addresses
2^128 Addresses
79 Octillion times compare to IPv4 address space
Configuration
Manual or use DHCP
Universal Plug and Play (UPnP) with or without DHCP
Low operation cost and less error
Broadcast / Multicast
Uses both
Without broadcast and have different forms of multicast
Greater bandwidth efficiency
Any cast Support
Not part of the original protocol
Explicit support of any cast
Allow new applications in mobility and data center
Network Configuration
Almost manual and labor intensive
Facilitate the re-numbering of hosts and routers
Lower operation expenses and facilitate migration
Quality of Support (QoS)
ToS use DIFFServ
Flow classes and flow labels
Much strong control of QoS
Security
Uses IPsec for Data packet protection
IPsec is a requirement and become the key to protect data and control packets
Combine framework for security and more secure computing environment
Mobility
Use mobile IPv4
Mobile IPv6 have a better router optimization and faster managing with hierarchical mobility
Better scalability and efficiency also work with the latest technology 3G/4G in mobile networks
As noted, the positive perspective of the IPv6 is where it has a large address space where it avoided the port scanning which is one of the best known reconnaissance techniques in use today. Port scanning allow “black-hats†to listen to the exact services port which associated to the well-known vulnerabilities. In IPv4, due to a small address space, port scanning is a simple task because segment are mostly in class C with 8 bits allocated for host addressing. The IPv6 have large address space making scanning is almost impossible task. However it is not totally an impossible task.
As stated before, IPSec which offer in IPv4 but it is an optional, for IPv6 which is a requirement. IPSec consist a set of cryptographic protocols that give key exchange and securing data communication. IPSec use two wire-level protocols which is Authentication Header (AH) and Encapsulating Security Payload (ESP). With AH and ESP, IPv6 is secure by authentication, data integrity and confidentiality. In addition, IPSec also provide key exchange management which known as Internet Key Exchange (IKE). IKE suite provides the initial functionality which needs to be established and negotiate security between endpoints or hosts. Besides that, it is also keep track of the information and assure the communication is secure until the end.
Conclusion
This research discussed the brief introduction of IPv4 and IPv6 and their comparison which also emphasized on the security issues happened on IPv4. As well as the transition technology that feature in IPv4 to IPv6 interoperability. Generally, IPv6 has improved if compared to the old IPv4 protocol stack where IPv6 provide more features that improve in overall functionality as well as some security features. Even though IPv6 has greater security with larger address space and uses encryption communication but this also raises the challenge in the new security system. The new protocol creates some new security problems as it solves the old ones and will lead to new challenge during the transition from old protocol stack. As last, it is important to end this acknowledgement that IPv6 is not necessarily far better than IPv4, instead it solved many IPv4 problems and approach into providing a better network security.
Bibliography
