저작권자 © Korea IT Times 무단전재 및 재배포 금지
In-depth Report / IPv6 Worldwide public key infrastructure must first be implemented What is IPv6 IPv6, or Internet Protocol version 6, is a new type of addressing scheme for Internet communication. Currently, the Internet runs on IPv4. In IPv4, each computer connected to the Internet is assigned a number, similar to a telephone number, which computers use to communicate with each other. IPv6 similar, but it increases the length of the number used to identify each computer. This new standard has some significant advantages in security, speed, and setup time, which makes it a tempting upgrade for Internet service providers everywhere. However, it also has some drawbacks which increase implementation costs. The most basic advantage of IPv6 is more total addresses available. Analysts are predicting that the Internet will run out of IPv4 addresses some time between 2008 and 2050. It is difficult to tell when the upper limit of about 4.3 billion IP addresses will be reached, but everyone agrees that the Internet will run out of IPv4 addresses soon. In contrast, IPv6 will provide 340 undecillion (3.4 x 1038), or 3.4 trillion trillion trillion addresses. That is almost enough addresses to give an IP address to every single atom on earth. The second major advantage to IPv6 is easy configuration. IPv6 has auto configuration, and two methods to use it. The first will be to offer a stateful auto configuration, almost exactly like DHCP functions now. The second is called stateless auto configuration, where a device creates its own unique IP address by combining its LAN MAC address with a prefix provided by the nearest network router. For practical purposes, this means that plugging a computer into any network connection anywhere in the world will give you instant access. The third major advantage of IPv6 is security. IPv6 provides security encryption, authentication and data integrity safeguards. The IPv6 authentication header extension guarantees that the recipient receives a packet that is truly from its source address and also provides end-to-end encryption at the network layer. It also includes a very complex trust network named IPSec which has many new security features covered later in this article. Finally, an IPv6 Internet will be faster. There are three technologies that will increase the speed of an IPv6 Internet by managing network traffic in a more efficient manner. Multicasting, the first of these, is an integrated part of IPv6 architecture. While Multicasting is available in IPv4, it is an optional component and not widely used. This technology lets a device contact a group of addresses at once, instead of simply one address, allowing for faster information spread from server to client when there are multiple clients involved. A second technology used in IPv6 is called Flow Labels, which identifies all of the packets of a stream of information as being part of a stream together. This would enable intelligent routers to manage congestion better, routing packets in the order in which they are received despite heavy traffic. The third technology would be Priority, where server machines can specify a higher priority to some packets, such as VoIP packets, and route them first in the case of heavy traffic. Worldwide status report The countries that are leading the way in adopting IPv6 architectures are the ones that have the least IP addresses currently available to them. Currently, US companies and organizations control 3 billion of the IPv4 Internet addresses, leaving only 25%, or 1 billion, for the rest of the world. Of these 1 billion IP addresses, China controls approximately 28 million. However, it has 80 million Internet users and that number is expected to grow very fast. Not surprisingly, China is leading the way in IPv6 implementation. In December 2004 it unveiled its first core router design that used IPv6. It took two years of development to complete. It is capable of transferring information at 320 billion bits per second. The same week that China unveiled their new IPv6 router they also announced a new IPv6 backbone connecting 25 universities all across China. This backbone has been tested to a speed of 40 gigabits per second, which is the fastest data transmission rate today outside of biological processes. Japan is also fully IPv6 compatible, and has been since 2005. Japan is able to give IPv6 connections to any end user in their home or office. Japan is also using IPv6 for a new earthquake early warning system. In partnership with the Japanese Telecomm company NTT East, the new warning system uses multicasting in IPv6 to quickly alert all of its client computers to an incoming earthquake in a fraction of a second. Anyone can get the earthquake warning client, and cause their computer terminal to flash and emit a sound in the event of an earthquake. The US government is requiring all federal agencies use IPv6 by June 2008. It is expected to cost the US government at least US$25 billion or possibly US$75 billion to finish the transition. However, most United States IT decision-makers still don't see any reason to switch to IPv6. Some journalists are worried that the US will lose its technology leadership, as it is already lagging behind Japan and China. Few other large technology companies or Internet Service Providers seem to be interested in making the switch. The few IPv6 service companies in the country report most of their business is outside the US, while inside the US their only customers are US Department of Defense contractors. The most likely reasons are the high cost of upgrading, and the large number of IPv4 addresses still available to US companies. In Europe, most IT companies seem to share the same sentiment as their US counterparts, and have been slow in implementing IPv6 compatibility due to costs. A few ISPs in France and Spain are currently offering some beginning commercial IPv6 services. More encouraging is the educational and research institutions of Europe, which were all connected using IPv6 by 2004. There is some tentative plan in Europe to roll out IPv6 region-wide sometime before 2010. No mention is yet made on who will bear the cost. Also in Europe, BMW, Audi, Daimler Chrysler, Volkswagen, Renault and Fiat car makers are working together to develop a car-based network with 802.11 wireless technology and IPv6. This network will be designed to let cars warn each other about accidents, bad traffic, poor weather conditions, and other road problems. The network is called Continuous Communications Air Interface for Long and Medium Range (CALM). One drawback of this system, however, is that it makes cars easily traceable. South Korea plans to fully support IPv6 technology before 2011. In 2003 the country made an initial investment of 83.6 billion won (US$87,524,134) to begin planning to integrate IPv6 into the existing networking infrastructure of South Korea. South Korea is currently participating in the experimental multinational IPv6 network called 6bone, with 14 different locations tied in for IPv6 research and development projects. In contrast, India only has 2 sites working with the 6bone experimental network. While there are some organizations in India who support IPv6 compatibility, India as a country has made no practical steps to use IPv6 yet. In fact the very first SA-ASEAN Leadership Summit on IPv6 was held in Bangalore on April 24 - 26, 2006. The summit seems to be geared to educating the country's IT professionals on the benefits of IPv6. India may have to work hard to catch up to the rest of Asia. Security issues: the good, the bad, the new A new network architecture brings new security issues. The first new security issue in IPv6 is actually good news. Currently, corporate and university network administrators hide many of the computers on their networks behind subnets. This is a standard procedure that is used in order to maximize the amount of address space an organization has. However, when computers hidden in a subnet become infected by a virus and begin to participate in a denial of service (DoS) or distributed denial of service (DDoS) attack, it can be difficult to block those specific computers and end the attack. In IPv6, each computer has a unique, global Internet address. This makes using subnets unnecessary, and makes it much easier to identify computers. Compromised computers infected with a virus that are participating in a DoS or DDoS attack can be immediately and precisely blocked. There is no longer a need to overcompensate, for example, by blocking entire companies or nations from a corporate web site. The second security issue also includes good news, and involves all current network-based viruses and worms. Complete migration to IPv6 will make these network worms and viruses completely ineffective. All IPv4-based malware would simply stop working, as they would search for IP addresses that would no longer exist. Privacy Extensions are the third security measure, but this one is not completely good news. Every IPv6 address has two parts, a 64 bit address that is a computer's MAC address, and a 64 bit prefix that is from a computer's current ISP. This means that if a mobile device such as a laptop were to be activated at home in Korea, it would have an address that would be a combination of its MAC+Korean ISP. Then if this mobile device was to be taken to the United States and activated, it would have a new IP address which would be its MAC+US ISP. This means that your approximate location in the world could be tracked by logging the changes in your ISP prefix section of the IP address. A Privacy Extension is simply a randomly generated MAC address, which means that when you change your location you can change your entire address instead of just the prefix. This is good news in that an Internet user can go to Starbucks to hide his laptop from a hacker attempting to gain access to his computer, but it is also bad news in that the hacker can also go to Starbucks to hide from authorities. A fourth security issue with both good and bad news is simply the new limit of IP addresses in a local network. In a class C IPv4 network a hacker can quickly scan all 255 possible IP addresses for vulnerabilities. However, if a hacker wants to scan the IPv6 network of a company to check for computers with open ports, he has to scan 264 (18,446,744,073,709,551,616) different addresses. This would be very difficult. However, it would be extremely easy for a hacker to know the IP addresses of every computer on your network if he were to gain physical access to your network. One ping to the linklocal multicast address will return a ping from every computer connected to the network, giving their addresses immediately. So physical security of the network becomes more important, while virtual security becomes less critical. The final and most important security issue has to do with IPSec. Every single IPv6 network-capable node, whether it be a computer, PDA, or phone, supports IPSec. However, if a network wants to use it, they have to set up what is called a Public Key Infrastructure. This infrastructure is similar to security certificates that are currently implemented in web browsers, but they are lower in the TCP/IP stack. This means that if a network implements IPSec, every single node on the network needs a security certificate, and every single node on the network needs a list of every other trusted node's security certificates. If your network only has 5 computers, this is not a problem. If your network has 1,000 computers, with 1,000 cell phones and 1,000 PDAs all linked together, managing these security certificates can become a full-time job. Adding one new laptop to this network means that the laptop must download certificates for all 3,000 devices already on the network, and all 3,000 devices must also download the security certificate of the new laptop. Currently, software that manages this process is expensive. In order for a worldwide IPv6 Internet to work well with IPSec enabled, some organization must set up a network of free IPSec security certificate servers similar to the existing network of free DNS servers. That is one of the major reasons for the slow adoption of IPv6. IPv6 is a good evolution of the Internet Protocol, with many useful features to increase speed, increase the size of the Internet, and provide more security. The nations that are first in implementing IPv6 are those industrialized nations that currently have the most trouble with IPv4. There are some costly issues involved with upgrading to IPv6, and some good benefits. The new security issues seem to be positive, on the whole, although IPv6 security is definitely still in its infancy. A free centralized database of trusted network addresses similar to DNS servers would go a long way to speed the process of IPv6 adoption.