Context: IPv6 is the latest version of the Internet Protocol, which identifies devices across the internet so they can be located.
Analysis
- Every device that uses the internet is identified through its own IP address in order for internet communication to work.
- The previous version, IPv4, uses a 32-bit addressing scheme to support 4.3 billion devices, which was thought to be enough.
- However, the growth of the internet, personal computers, smartphones and now Internet of Things devices proves that the world needed more addresses.
- Operators use measures like NAT (Network Address Translation) and CIDR (Classless Interdomain Routing) to somewhat extend the utility of IPv4 addresses.
- Fortunately, the Internet Engineering Task Force (IETF) recognized this 20 years ago. In 1998 it created IPv6, which instead uses 128-bit addressing to support approximately 340 trillion trillion.
- Instead of the IPv4 address method of four sets of one- to three-digit numbers, IPv6 uses eight groups of four hexadecimal digits, separated by colons.
- A number of misconceptions over security properties and privacy features of IPv6—the new generation internet which is solving the problem of IP address shortages of the IPv4 version—exist.
- The most common misconception about IPv6 is that IPv6 is just IPv4 with longer address space. Actually, IPv6 is vastly different from IPv4.
- The IPv6 operating systems create automatically two IPv6 addresses.
- One IPv6 with randomised MAC address (media access control address) in the suffix to hide the device identity and be used for web surfing so that nobody can identify who is connecting to its web site.
- And another IPv6 with real MAC address which is only used for end-to-end encrypted applications.Besides, it has a privacy protocol to protect end-user privacy.
- The current internet (v4) lacks effective privacy and effective authentication mechanisms beneath the application layer and it can run end-to-end encryption.
- While this technology was retrofitted into IPv4, it remains an optional extra that isn’t universally used.
- The encryption and integrity-checking used in current VPNs, especially required for work-from-home applications, is a standard feature in IPv6, available for all connections and supported by all compatible devices and systems.
- Widespread adoption of IPv6 will, therefore, make man-in-the-middle attacks significantly more difficult. and also supports more secure name resolution.
- The Secure Neighbour Discovery (SEND) protocol is capable of enabling cryptographic confirmation to confirm the identity of the host at the time of the connection.
- This renders Address Resolution Protocol (ARP) poisoning and other naming-based attacks more difficult.
- Though IPv4 also offers IPSec support as an optional feature, it is mandatory in IPv6.
- IPSec consists of a set of cryptographic protocols designed to provide security in data communications.
- IPv6 is also considered a protocol of better reliability, security and privacy.
- Also, IPv4 packets are often blocked by corporate firewalls because they could potentially carry malware.
- But IPv6 promises better reliability and security as IPSec, a protocol for authenticating and securing all IP data, is built into IPv6 as a default.
Why is there no IPv5?
- There was an IPv5 that was also known as Internet Stream Protocol, abbreviated simply as ST. It was designed for connection-oriented communications across IP networks with the intent of supporting voice and video.
- It was successful at that task, and was used experimentally. One shortcoming that undermined its popular use was its 32-bit address scheme – the same scheme used by IPv4. As a result, it had the same problem that IPv4 had – a limited number of possible IP addresses.
- That led to the development and eventual adoption of IPv6. Even though IPv5 was never adopted publicly, it had used up the name IPv5.
- The author is a Chairman – India IPv6 Council.