IPv6 And Issues

Guided By Mr. Mahesh Kumar

Presented By Varun K.Sharma E.No- 102119

Outlines
IPv6 Background Address Space and Notation IPv4 packet format details IPv6 packet format IPv6 Issues IPv4 security issues IPv6 security improvements Authentication Headers Encapsulating Security Payload

IPv6 Background
1. Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP). 2. Growth of the Internet has created a need for more addresses than are possible with IPv4. 3. Severe shortage of IP addresses causes limited growth for exiting users 4. IETF started effort to specify new version of IP in 1991 1. New version would require change of header 2. Include all modifications in one new protocol 3. Solicitation of suggestions from community

IPv6 planned support list

1. 2. 3. 4. 128-bit address space Real-time/ QoS services Security and authentication Auto configuration 1. Hosts auto configuration with IP address and domain name 5. Enhanced routing functionality 6. Multicast

Address Space and Notation [3]

1. Allocation is classless 2. Prefixes specify different uses (unicast, multicast, anycast) Any cast: send packets to nearest member of a group Lots of flexibility with 128 bits! ~1500 address/sqft of the earths surface

Standard representation is set of eight 16-bit values separated by colons E.g.. 47CD:1234:3200:0000:0000:4325:B792:0428
If there are large number of zeros, they can be omitted with series of colons 1. E.g.. 47CD:1234:3200::4325:B792:0428
5

Recall IPv4 Packet Format Details

0 V ersion 4 HLen 8 TOS 16 19 Length 31

Ident

Flags

Offset

TTL

Protocol

Checksum

SourceAddr

DestinationAddr Pad (variable) Data

Options (variable)

IPv6 Packet Format

0 V ersion 4 Traffic Class 8 16 Flow Label 24 31 Payload Lengtht Next Header Hop Limit

SourceAddr (4 words)

DestinationAddr (4 words)

Options (variable number) Data

Packet Format Details

1. 2. 3. 4. Simpler format than v4 Version = 6 Traffic class same as v4 ToS Treat all packets with the same Flow Label equally
1. Support fair bandwidth allocation

5. Payload length does not include header limits packets to 64KB 6. Hop limit = TTL field 7. Next header combines options and protocol
1. If there are no options then Next Header is the protocol field 2. E.g. routing, fragmentation, authentication encryption

IPv6 Issues
1. 2. 3. 4. 5. Is security necessary in IP? Hop limit: is 65536 necessary? Is the checksum necessary? How do servers handle both types of packets? Address length: usable addresses vs. overhead

IPv6 Security[1]
1. IPv6 uses IPSec in all the nodes. 2. IPSec consists of set of cryptographic protocols provides for securing data communication and key exchange. IPSec uses 2 protocols 1. Authentication Header (AH) 2. Encapsulating Security Payload (ESP)

10

Authentication Header (AH)[2]

1. Authentication Header (AH) is a member of the IPsec protocol suite. 2. AH guarantees connectionless integrity and data origin authentication of IP packets. 3. It can protect against replay attacks by using the sliding window technique and discarding old packets.

11

Encapsulating Security Payload[2]

1. Encapsulating Security Payload (ESP) is a member of the IPSec protocol suite. 2. In IPSec it provides origin authenticity, integrity, and confidentiality protection of packets. 3. ESP in transport mode does not provide integrity and authentication for the entire IP packet.

12

IPSec in IPv4 and IPv6[1]

In IPv4, IPSec provides two modes of securing traffic

1.Transport Mode 2.Tunnel Mode But in IPv6 there is no need for a tunnel mode because both the AH and ESP protocols provide enough functionality to secure IPv6 traffic.

13

References
[1]Samuel Sotillo, East Carolina University IPv6 Security Issues May 2005. [2] http://en.wikipedia.org/wiki/IPsec [3] http://publib.boulder.ibm.com/infocenter/iseries. [4] en.wikipedia.org/wiki/IPv6.

14