International Journal of Recent Advances in Engineering & Technology (IJRAET)

NECESSITY FOR IPV6 AND THE THREATS IT POSSESS

Ajay Prakash B.V¹, Suhas V Kumar², Shreema Ajila, Sushma K.S Department of Information Science and Engineering

S J B Institute of Technology, Bangalore, India ajayprakas@gmail.com¹, suhakumar273@gmail.com²

Abstract— IPv6 is short for "Internet Protocol Version 6".

IPv6 is the Internet's next-generation protocol, designed to replace the current Internet Protocol, IP Version 4. IPv6 is a standard developed by the Internet Engineering Task Force, an organization that develops Internet technologies.

The IETF, anticipating the need for more IP addresses, created IPv6 to accommodate the growing number of users and devices accessing the Internet. IPv6 is obligatory since the address space of IPv4 is running out due to more number of internet connections. In this paper we have compared IPv6 and IPv4, we have identified the features of IPv6 over its previous version IPv4 and lastly as since IPv6 is new, it opens the gate for attackers, hence we have listed some of the possible threats that we may face in IPv6.

Index Terms—: IPv6, IPV4, Threats

I. INTRODUCTION

IPv6 is short for "Internet Protocol Version 6". IPv6 is the Internet's next-generation protocol, designed to replace the current Internet Protocol, IP Version 4.In order to communicate over the Internet, computers and other devices must have sender and receiver addresses.

These numeric addresses are known as Internet Protocol addresses. As the Internet and the number of people using it grows exponentially, so does the need for IP addresses. IPv6 is a standard developed by the Internet Engineering Task Force, an organization that develops Internet technologies. The IETF, anticipating the need for more IP addresses, created IPv6 to accommodate the growing number of users and devices accessing the Internet. IPv6 allows more users and devices to communicate on the Internet by using bigger numbers to create IP addresses. [1]

The computer industry has been using IPv4 (Internet Protocol version 4) for these addresses since that

protocol was developed. That technology is now reaching its technical limits for supporting unique Internet addresses, due in part to a large amount of growth with mobile devices including: mobile phones, notebook computers and wireless handheld devices.

With IPv4 addresses running out this year, the entire Internet industry must adopt a new protocol called, IPv6.

With this new protocol, there will be increased address space, which will allow many more devices and users on the Internet. Many companies, including Yahoo!, are coming together to help motivate organizations across the industry- Internet service providers, hardware manufacturers, operating system vendors and other web companies- to prepare their services for their transition.

We are committed to helping prepare our users for the day when IPv4 will no longer be supported, by giving them a chance to verify whether their systems are compatible with IPv6.[2].

II. COMPARISON BETWEEN IPV4 AND IPV6

A. Address format

An IPv4 address has the following format: x. x. x. x where x is called an octet and must be a decimal value between 0 and 255. Octets are separated by periods. An IPv4 address must contain three periods and four octets.

For Example: 19.117.63.126, 1.2.3.4 An IPv6 address can have two formats:

 Normal - Pure IPv6 format

 Dual - IPv6 plus IPv4 formats

An IPv6 (Normal) address has the following format: y: y:

y: y: y: y: y: y where y is called a segment and can be any hexadecimal value between 0 and FFFF. The segments are separated by colons - not periods. An IPv6 normal address must have eight segments; however a short form notation can be used in the Tape Library Specialist Web interface for segments that are zero, or those that have leading zeros. The short form notation cannot be used from the operator panel.

EX: 2001: db8: 3333: 4444: 5555: 6666: 7777: 8888

B. Header format

Figure 1. IPv4 and IPv6 architecture

An IPv6 (Dual) address combines an IPv6 and an IPv4 address and has the following format: y: y : y : y : y : y : x. x. x. x. The IPv6 portion of the address (indicated with y's) is always at the beginning, followed by the IPv4 portion (indicated with x's).

In the IPv6 portion of the address, y is called a segment and can be any hexadecimal value between 0 and FFFF.

The segments are separated by colons - not periods. The IPv6 portion of the address must have six segments but there is a short form notation for segments that are zero.

In the IPv4 portion of the address x is called an octet and must be a decimal value between 0 and 255. The octets are separated by periods. The IPv4 portion of the address must contain three periods and four octets. [3]

EX: 2001: db8: 3333: 4444: 5555: 6666: 1. 2. 3. 4 Table 1: Difference between IPV4 and IPV6

III. IPV6 FEATURES OVER IPV4

A. Ipv6 provides a substantially larger IP address space than IPv4

IPv6 uses 128 bits for IPv6 addresses which allows for 340 billion (3.4x1038) unique addresses. To get an idea of the scale involved, consider the entire IPv4 space as being contained in an iPod, then the new IPv6 space would be the size of the Earth. From these numbers, it can be seen that with

IPv6, it is possible to provide billions of addresses to each person and ensure that any device that has to be connected to the Internet will have a unique IP address.

The first advantage of an enhanced address space is that in the absence of NAT, there is less complexity in the network hardware and software, and configuring a network becomes much simpler. Secondly, it makes it possible to truly envisage a networked home wherein the

IPV4 IPV6

Source and destination addresses are 32 bits (4bytes) in length

Source and destination addresses are 128 bits (16bytes) in length

Uses broadcast

addresses to send traffic to all nodes on a subnet

There are no IPv6 broadcast addresses.

Instead, multicast scoped addresses are used.

Fragmentation is supported at originating hosts and intermediate routers.

Fragmentation is not supported at routers. It is only supported at the originating host.

IPsec support is optional.

IPsec support is required in a full IPv6 implementation No identification of

payload for QoS handling by routers is present within the IPv4 header.

Payload identification for QoS handling by routers is included in the IPv6 header using the Flow Label field.

Address Resolution Protocol (ARP) uses broadcast ARP Request frames to resolve an IPv4 address to a link layer address.

Uses multicast Neighbor Solicitation messages for address resolution.

Internet Group

Management Protocol (IGMP) is used to manage local subnet group membership.

Uses Multicast Listener

Discovery (MLD)

messages to manage local subnet group membership.

Addresses must be configured either manually or through DHCP.

Does not require manual configuration or DHCP.

Supports stateless auto configuration.

different gadgets and appliances would be on the network which would require that each such device have a unique IP address. Finally, the large availability of IP addresses removes any obstacles that existed previously in the full deployment of wireless and mobile devices.

B. IPv6 provides better end-to-end connectivity than IPv4 Pv6 with its large address space no longer requires NAT and can ensure true end-to-end connectivity. This means peer-to-peer applications like VoIP or streaming media can work very effectively with IPv6.

C. Ipv6 has better ability for auto configuring devices than IPv4 IPv6 offers automatic configuration and more importantly, simple configuration mechanisms. Known as plug-and-play auto configuration, these capabilities are way beyond what IPv4 currently offers. IPv6 offers DHCPv6, which is an auto configuration similar to IPv4 DHCP and offers state full address auto configuration.

In addition, IPv6 also offers stateless or server less address auto configuration.

In stateless auto configuration, a host can automatically configure its own IPv6 address and does not need any assistance from a state full address server. Entire IPv6 prefixes rather than just an address are delivered to a device. This particular feature enables routers to easily auto configure their interfaces and can be used very effectively in broadband access networks to dynamically provide customer gateways

D. Ipv6 contains simplified Header Structures leading to faster routing as compared to IPv4

When compared to IPv4, IPv6 has a much simpler packet header structure, which is essentially designed to minimize the time and efforts that go in to header processing. This has been achieved by moving the optional fields as well as the nonessential fields to the extension headers that are placed only after the IPv6 header. Consequently, the IPv6 headers are processed more efficiently at the intermediate routers without having to parse through headers or re-compute network- layer checksums or even fragment and reassemble packets. This efficiency allows for reduced processing overhead for routers, making hardware less complex and allowing for packets to be processed much faster.

Another feature of the IPv6 header structure is that the extension header allows for more flexible protocol inclusions than what IPv4 does. In contrast, IPv6 extension headers have no such restriction on the maximum size. They can be expanded to accommodate whatever extension data is thought necessary for efficient IPv6 communication. In fact, a typical IPv6 packet contains no extension header and only if intermediate routers or the destination require some special handling, will the host sending the packets add one or more extension headers depending on the

requirement. This new extension header makes IPv6 fully equipped to support any future need or capabilities.

E. IPv6 provides better security than IPv4 for applications and networks

In IPv6, IPsec is a major protocol requirement and is one of the factors in ensuring that IPv6 provides better security than IPv4. IPsec contains a set of cryptographic protocols for ensuring secure data communication and key exchange. The main protocols used are:

 Authentication Header (AH) protocol, which enables authentication and integrity of data.

 Encapsulating Security Payload (ESP) protocol, which enables both authentication and integrity of data as well as privacy of data.

 Internet Key Exchange (IKE) protocol. This protocol suite helps to initially set up and negotiate the security parameters between two end points. It then also keeps track of this information so that the communication stays secure till the end.

Thus, IPv6 ensures that there are end-to-end security mechanisms that will provide authentication and encryption abilities to all applications and thereby eliminates the need for applications themselves to have integrated support for such abilities. The added benefit of using the same security mechanisms for all applications is that setting up and administering security policies becomes a lot simpler. IPv6 allows for complete end-to-end security thereby allowing for a new set of personalized services to be deployed such as mobile e- commerce services that rely on secure transactions.

IV. SECURITY THREATS

F. Reconnaissance Attack

Reconnaissance attack is an act of probing active hosts over their open ports (services). Today, it is among the most commonly occurred attacks in almost any network.

This method allows intruders to listen to specific services, which could be associated to widely known vulnerabilities (Ford 2005). The address space of IPv4 is small thus probing a whole class C network will take only less than 5minutes. However, unlike in IPv4, the IPv6 networks have very large address space (default subnets ofIPv6 contains up to 2⁶⁴ addresses). Therefore it is almost seems impossible for an intruder to perform simple reconnaissance attack in IPv6 network. Due to this, port scanning method is likely to change in IPv6 network. Instead of guessing what IP addresses are available through ICMP queries, intruders are prone to use new methods to obtain IPv6 addresses such as from

DNS servers. A compromise DNS server can yield a large list of legitimateIPv6 addresses to intruders, which gives them enough information to launch a reconnaissance attack.

G. Man-in-the-middle Attack

The main purpose of these attacks is to gain information from victim communication messages. Man-in-the- middle attacks might cause communication messages sent by victims to be sniffed, altered or even stopped by intruders. There are several types of DHCP attacks, the most common ones would be DHCP starvation and rogue DHCP server attacks. The first type of attack is normally triggered when intruders send crafted DHCP queries with nonexistent MAC addresses. This causes a DHCP server to dry up its IP address pool size very quickly and becomes unable to release new IP addresses for legitimate hosts, which are leasing for an IP address.

The second type of attack is normally launched to disable public servers thus it becomes unresponsive to accept valid requests from network users. Even though IPv6 comes with an enhancedICMPv6 (Deering and Hinden 1998) with its stateless auto configuration, a similar DHCPv6 server may still be used during the foreseeable long transition period. Therefore, this kind of attack will still exist in IPv6network.

H. Distributed-denial-of-service Attack

In distributed-denial-of-service (DDoS) attack, an intruder generates large amount of computer network traffic on a victim network. This attack floods a target system via rogue broadcast ping messages. It sends craft edecho-request (ICMP type 8) packets with the victim’s IP source address. All hosts on the network segment respond to the crafted packets and flood the victim with echo-reply messages. Even though this kind of attack has become less common, it can still be used to launch an effective service disruption attack. The effectiveness of this method might vary among different computer networks since the configuration applied by network administrators play dominant role for this method to work. Since DDoS attack general mechanism involves flooding the network with traffic targeting specific service, it will still possible too occurred in IPv6 network.

I. Network worm Attack

Network viruses and worms (or malware) remain one of the most significant problems in IP networking today.

Computers with malware underlying beneath them are often linked together to form botnets, and large number of attacks are launched using these malicious, attacker controlled networks. Today, millions of compromised websites launch drive-by download exploits against vulnerable hosts (Provo’s et al. 2008). As part of the exploit, the victim machine is typically used to

download and execute malware programs. These programs are often bots that join forces and turn into a botnet. Botnets are often used by intruders to launch DOS attacks, send spam mails, or phishing pages. The IPv6 protocol implementation does not greatly affect the impact of malware attacks. Malware propagation in IPv6 is believed has been reduced due to the difficulty of enumerating the hosts on a subnet. Although, the current mitigation techniques for identifying malware in IPv4 are still valid in IPv6, network administrators will need to be wary of possible new malware prolife ration methods.

J. Rogue IPv6 traffic

Organizations that aren't running IPv6 and don't plan to run it anytime soon, should use their firewalls to block IPv6 traffic from coming in and out of their networks.

Most experts say this should be a temporary measure because an increasing amount of Internet traffic is IPv6- based, and organizations don't want to limit access to customers or business partners around the world that will be using IPv6. "What customers need to do within their intrusion-prevention systems or within their firewall is to explicitly look for IPv6 traffic and drop it.

[8]

K. Type 0 routing header

This well-known IPv6 vulnerability creates the opportunity for denial-of-service attacks because it gives a hacker the ability to manipulate how traffic flows over the Internet. This feature of IPv6 allows you to specify in the header what route is used to forward traffic. A hacker could use this feature to saturate a particular part of the network. [9]

L. Built-in ICMP and multicast

Unlike IPv4, IPv6 features built-in Internet Control Message Protocol (ICMP) and multicast. These two types of network traffic are integral to how IPv6 works.

With IPv4, network managers can block ICMP and multicast traffic to prevent attacks coming over these channels. But for IPv6, network managers will need to fine-tune the filters on their firewalls or routers to allow some ICMP and multicast traffic through. "You have to explicitly configure ICMP6 and multicast with IPv6''.

[10]

V. CONCLUSION

IPv4 has proven to have tremendous durability in an increasingly networked world it exhibits some basic limitations that make the features of IPv6 ever more relevant. The most noteworthy of those features is the increased IP address space made possible in the IPv6 addressing scheme. In this paper we have shown how IPv6 is different than IPv4. We have also shown the

some of the features that IPv6 when compared with IPv4 and lastly, we have found out all possible security threats that may arise in IPv6. Future works can be made to prevent these attacks and provide a secure environment

REFERENCES

[1] http://support.apple.com/kb/ht4669 [2] http://help.yahoo.com/l/us/yahoo

/ipv6/general/ipv6-01.html

[3] http://publib.boulder.ibm.com/infocenter

/ts3500tl/v1r0/topic/com.ibm.storage.ts3500.doc/o pg_3584_IPv4_IPv6_addresses.html

[4] http://www.google.co.in/imgres?

imgurl=http://www.firewall.cx/images/stories/ipv6 -ipv4-vs-ipv6 header.png

[5] A primer on IPV6 –

www.digi.comhttp://publib.boulder.ibm.com/infoc enter/zos/v1r12/topic/com.ibm.zos.r12.hale001/ipv 6d0011006452.htm

[6] http://ipv6.com/articles/general/Top-10-Features- that-make-IPv6-greater-than-IPv4.htm

[7] IPv6 Traffic Flow Security Threats and Trend Analysis: Towards Combined Intelligent Detection Approach - Muhammad Fermi Pasha, Mustafa Abdat, and Mandava Rajeswari

[8] Tim LeMaster, director of systems engineering for Juniper's Federal group.

[9] http://www.networkworld.com/news/2009/071309- ipv6-network-threat.html -Brown

[10] http://www.networkworld.com/news/2009/071309- ipv6-network-threat.html -Schiller

[11] IPv6 SECURITY

[12] IPv6 an IPv4 Threat reviews with Automatic Tunneling and Configuration Tunneling Considerations Transitional Model:-A Case Study for University of Mysore Network by Hanumanthappa. J, Dr.Manjaiah.D.H.

[13] IPv6 Security Threats and Mitigations- Rohit Bothra, Dilip Sai Chandar (Network Consulting Engineer, Cisco)

[14] http://blog.radware.com/security/2011/08/ipv6- threats/ -Ron Meyran

[15] IPv6 Migration: Progress, Strategies and Security Risks by Highlights from ArborNetworks’ 2012 Worldwide Infrastructure Security Report.

[16] IPv6 and IPv4 Threat Comparison and Best- Practice Evaluation (v1.0) by Sean Convery, Darrin Miller.

[17] Davies, Joseph. “Introduction to IP Version 6.”

Microsoft Word Version. February

