An Information And Network Security Engineering

Published Date: 02 Nov 2017

IP protocol is the way by which data transferred from one computer or device to another in a network.

Each computer or device which connects in a network and communicates with other devices into it has an IP address. IP address is four numbers from 0 up to 255, divided with dots, for example 192.168. 10. 10.

IP address is unique for each device never two devices have the same IP address. An IP address consists of two sections, the network address and the host address. All devices in a network share the same network address but the host address is unique for each device. What help us to separately the network from the host address is the subnet mask, if we have the IP address 192 .168 .10.10 the last octet number (10) is the host address and 192.168.10 is the network address.

Over time evolved different versions of the IP protocol, initially the IP version four and after that the IP version six. The transition from the one version to the other becomes progressively because 2 versions have differences in many areas.

In this document we will focus in the security issues between two versions. Firstly, we will examine a general overview about the IP version 4 and IP version 6, header information addressing system and head comparison. Later we will focus in the main topic which is the security issues for these two versions. Finally, we will occupy with the conclusion that will occur from this comparison in security issues between IP version 4 and IP version 6.

IP version 4 general overview

IP Version Four History

In the 1980, When the Internet went live to the public, IP Version Four was the fourth versions of internet Protocol, and the first offered to the public.

IP Version Four is the general standard of delivery of information between devices connected to the Internet. Although the DOD (Department of Defence) adopted IP Version Four as its standard also, DARPA has continued to advance the methods used in transferring information between agencies.

IP Version Four does not guarantee delivery of information between devices. It is built on best effort delivery theory. With the advancement of wireless technology, a new protocol calls IPv6 may soon become the new IP standard.

Header

The router or computer cannot determine the size of a package without additional information. A person can look at a letter or box and determine how big it is, but a router cannot. Therefore, additional information is required at the IP layer, in addition to the source and destination IP addresses. So this information is called a header, and is analogous to the addressing information on an envelope.

A header contains the information required to route data on the Internet, and has the same format regardless of the type of data being sent. This is the same for an envelope where the address format is the same regardless of the type of letter being sent.

IP version four Header

In the IP Version Four header, the source address and the destination address has the length of 32 bits. Therefore, the IP Version Four allows an address space of 4.3×109 (232) addresses

4Bits 8Bits 16Bits 24 Bits

Version

Length

Type Of Service

Total Length

Identification

Flags

Time to Live

Protocol

Header Checksum

Source IP Address

Destination IP Address

IP Option

Data

The IP Version Four Packet

The fields in the IP Version Four header:

Version

The version is a binary number that is four bits long and is indicates which version of IP is being used. Now we are using IP version four.

Length

The IP header is 32-bit words for length .Minimum header length is five 32-bit words.

Type of Service

This field in particular relates to Quality of Service technologies.

Total Length

The Total Length consists by 16-bit field includes the length of the IP datagram .

Identification

Identification consists of 16-bit field.

Flags

The Flags field also has capability to tell the receiving source that more fragments are on the way, if enabled. This is done with the MF flag.

Fragment Offset

Fragment Offset is a 13-bit field that assigns a number value to fragment.

Time to Live

Time to live It is a field that indicates how many hops a data packet should go through before it is discarded.

Protocol

This 8-bit field indicates which protocol should be used to receive the data. The most popular protocols are TCP and UDP.

Header Checksum

Each time a packet travels through a router this value is recalculated to ensure the header is still indeed valid.16-bit field holds a calculated value that is used to verify that the header is still valid.

Destination IP Address

It is used to route the packet and to make sure that only the computer with the IP address in this field obtains the packets.32-bit field holds the IP address of the receiving computer.

Source IP Address

It is used to verify correct delivery, and will also be the return address in case an Error occurs. 32-bit field holds the IP address of the sending computer

IP Options

This field can hold a fair number of optional settings. These settings are primarily used for testing and security purposes. Although clever settings such as keeping timestamp data from each router hop may seem handy, it will actually degrade speed more often than not.

Padding

Since the IP options field varies in length depending on the configuration, we need to have this field set to occupy left over bits. This is because the header needs to be ended after a 32-bit word: no more, no less.

Data

The data is being sent.

IP Version Four Addressing

This section examines the IP Version Four Addressing structure. The IP Version Four Addressing consist of 32-bit Internet address which means that there are

only 232 IP Version Four addresses available so the various classes of IP Version Four addresses is : Public and Private IP addresses

Private IP addresses that are designated for networks that have limited or no access to the Internet. Hosts or packets using these addresses as a source and destination are not to appear on the public Internet.

These private address blocks are:

10.0.0.0 – 10.255.255.255 (10.0.0.0 /8)

10.0.1.0 – 172.16.0.0 to 172.16.255.255 (172.16.0.0 /12)

10.0.2.0 – 192.168.0.0 to 192.168.255.255 (192.168.0.0 /16)

Public addresses

Public addresses are Class A, B, and C addresses that can be used to access devices in other public networks, such as the Internet. The Internet Assigned Numbers Authority (IANA) is ultimately responsible for handing out and managing public addresses. Normally you get public addresses directly from your ISP, which, in turn, requests them from one of five upstream addresses:

African Network Information Centre (AfriNIC)

Asia Pacific Registry for Internet Numbers (APNIC)

Latin American and Caribbean Internet Address Registry (LACNIC)

Reseaux IP Europeans Network Coordination Center (RIPE NCC)

American Registry for Internet Numbers (ARIN)

IP Version Four Classes

Address Mask has three levels. Class A Address Range start from 10.0.0.0 - 10.255.255.255 the number of addresses is 16 777 216.Class B is The Second Address Range begins from 172.16.0.0 - 172.31.255.255 and number of addresses is 1 048 576.The Class C is the last .Address range for class C is 192.168.0.0 - 192.168.255.255 and number of addresses is 65 536

Class A 

From 10.0.0.0 to 10,255,255,255

Class B

From 172.16.0.0 to 172.31.255.255

Class C

From 192.168.0.0 to 192.168.255.255

Rule

Minimum And Maximum

Decimal Range

Class A : First bit is always 0

00000000 = 0

1126

01111111 = 127

Class B : First two bits are always 10

10000000 = 128

128191

10111111 = 191

Class C : First three bits are always 110

11000000 = 192

192223

11011111 = 223

Subnet Mask

A Subnet mask is a 32-bit number that masks an IP address. The digits can be 0, 128, 192, 224, 240, 248, 252, 254, 255. If we have IP address 192.168.0.1 with mask 255.255.255.0.

The IP address in digital:

IP: 11000000.10101000.00000000.00000001

Mask: 11111111.11111111.11111111.00000000

Address

Hosts

Netmask (Binary)

Netmask

/4

240,435,456

11110000 00000000 00000000 00000000

240.0.0.0

/5

134,217,728

11111000 00000000 00000000 00000000

248.0.0.0

/6

67,108,864

11111100 00000000 00000000 00000000

252.0.0.0

/7

33,554,432

11111110 00000000 00000000 00000000

254.0.0.0

/8

16,777,216

11111111 00000000 00000000 00000000

255.0.0.0

/9

8,388,608

11111111 10000000 00000000 00000000

255.128.0.0

/10

4,194,304

11111111 11000000 00000000 00000000

255.192.0.0

/11

2,097,152

11111111 11100000 00000000 00000000

255.224.0.0

/12

1,048,576

11111111 11110000 00000000 00000000

255.240.0.0

/13

524,288

11111111 11111000 00000000 00000000

255.248.0.0

/14

262,144

11111111 11111100 00000000 00000000

255.252.0.0

/15

131,072

11111111 11111110 00000000 00000000

255.254.0.0

/16

65,534

11111111 11111111 00000000 00000000

255.255.0.0

/17

32,768

11111111 11111111 10000000 00000000

255.255.128.0

/18

16,384

11111111 11111111 11000000 00000000

255.255.192.0

/19

8,192

11111111 11111111 11100000 00000000

255.255.224.0

/20

4,096

11111111 11111111 11110000 00000000

255.255.240.0

/21

2,048

11111111 11111111 11111000 00000000

255.255.248.0

/22

1,024

11111111 11111111 11111100 00000000

255.255.252.0

/23

512

11111111 11111111 11111110 00000000

255.255.254.0

/24

256

11111111 11111111 11111111 00000000

255.255.255.0

/25

128

11111111 11111111 11111111 10000000

255.255.255.128

/26

64

11111111 11111111 11111111 11000000

255.255.255.192

/27

32

11111111 11111111 11111111 11100000

255.255.255.224

/28

16

11111111 11111111 11111111 11110000

255.255.255.240

/29

8

11111111 11111111 11111111 11111000

255.255.255.248

/30

4

11111111 11111111 11111111 11111100

255.255.255.252

IP version 6 general overview

IP Versions Six Header

One of the important features in IP Version Six header is the larger address space. Both source and destination addresses are allowed to have 128 bits. This would create a 3.4×1038 (2128) address space.

Version (4 Bits)

Traffic Class (8 Bits)

Flow Label (20 Bits)

Payload Length (16 Bits)

Next Header (8 Bits)

Hop Limit (8 Bits)

Source IP Address (128 Bits)

Destination IP Address (128 Bits)

The IP Version Six Packet

The fields in the IP Version Six header and their descriptions are eight:

Version  

The Version field shows the version of IP and is set to 6.

Traffic Class

Traffic Class field is similar to the IP Version Four.

Flow Label

The size of Flow Label field is 20 bits.

Payload Length 

Payload Length field size is 16 bits.

Next Header

The Next Header field shows the type layer such as TCP, UDP, or ICMPv6. The size of the Next Header field is 8 bits.

Hop Limit 

Shows the maximum number of routers the IP Versions Six packet can travel.

The size of the Hop Limit field is 8 bits.

Source Address 

Shows the source of the packet.

The size of the Source Address field is 128 bits.

Destination Address 

Shows the destination of the packet.

The size of the Destination Address field is 128 bits.

Differences between IP Version Four and IP Version Six Headers

The most important difference between these two is the size of address space. IP Version Four allows only 32 bit source and destination addresses, whereas IP Version Six allows 128 bit source and destination addresses. This makes the address space of IPv4 4.3×109 (232) and the address space of IPv6 3.4×1038 (2128), which is much larger.

IPv4-IPv6-address-decimal-notation1.jpg

IPv6 & IPv4 Decimal Notation

IP Version Six Addressing

The Ip versions Six has access to allocated 18,446,744,073,709,551,616 IP addresses in a single /64 allocation18,446,744,073,709,551,616 IP addresses in a single /64 allocation.

Types of IP Version Six Addresses

IP Version Six addresses are classified into three categories:

Unicast addresses A (One to One)

The unicast address is the single interface in IP version Six.

Multicast addresses A(One to Many)

The Ip Versions Six Multicast addresses have the prefix ff00::/8.Ip Verssion Six multicast address consists from four bit groups

Anycast addresses (One to Nearest (Allocated from Unicast))

Anycast addresses is an address that is assigned to a set of interfaces that may belong to the different nodes.

Network Notation In IP version Six

A network or subnet using the IP Version Six protocol is denoted as a contiguous group of IP Version Six addresses whose size must be a power of two. With IP Version Six, if you have a series of zeroes in a row, the address need not be written out completely. You can use a double colon (::) to represent that series of zeroes, however you can only use that once.

For example, if you have an address like "2001:0DB8:0000:0003:0000:01FF:0000:002E", it can be written like "2001:DB8::3:0:1FF:0:2E" or "2001:DB8:0:3:0:1FF::2E", but would never be written like "2001:DB8::3::1ff::2E".You also cannot have three colons in a row (:::).

The URL to view web site will be form

http://2001:0DB8:0000:0003:0000:01FF:0000:002E/

Benefits of IP Version Six

More Efficient Routing

The IP Version Six reduces the size of routing tables and makes routing more efficient and hierarchical paths maximum transmission unit.

More Efficient Packet Processing

The IP Version Six's simplified packet header makes packet processing more efficient.

Directed Data Flows

The IP Version Six supports multicast rather than broadcast. Multicast allows bandwidth-intensive packet flows to be sent to multiple destinations. Simplified Network Configuration Address auto-configuration is built in to IP Version Six Support for new services easier to create Peer-to-peer networks, and services such as VoIP.

Security

The IPSec provide confidentially authentication and data integrity.

Ipv4 - ipv6 security issues and comparison

IP version 4 security issues

IP version four designed with no security direction. IP version four based on end to end model, for example if an e-mail requires encryption service the end nodes are responsible to provide this service. Bellow we will examine some threats because of this model.

Denial Of Service attack (DOS): In this case of attack certain services are flooded with a large amount of fake requests which make the existing system unreachable from the real users.

Malicious, viruses and worms: Because of IP version four small address range allows these threats.

Man in the middle attack: IP version four has not got authentication mechanisms so allows the man in the middle attacks. ICM redirects and ARP poisoning engage these types of attacks.

Fragmentation attacks: This type of attacks take advantage of the method in which stated operating systems. The ping of death is an example of this type where the system flooded with fragmented ping packets these packets grows beyond the certain packet size limit of IP version four.

Port scanning: In this type of attack a section of a network scanned in order to find open services. Because of small IP version four address space this procedure take no more than 3 minutes.

ICMP redirect and ARP poisoning: ARP protocol is responsible for mapping an IP address with a physical MAC address. ARP poisoning occurs when the ARP response from an unknown host in the internet are broadcasted with forged mapping information which can go to the wrong destination. ICMP redirect working with the same way.

IP version six security issues

IP version six is more secure protocol than IP version four but it still to have vulnerabilities. In this section we will examine some of them.

Dual – stack security issues: The transition from IP version four to IP version six will be progressively and it will takes much time. For the transition period from IP version four to IP version six, dual – stack will provide the desired operation. Dual – stack increase security vulnerabilities, as a result of having two infrastructures with certain security problems. Most of security issues are not a result of specific IP version six security lacks but a result of inappropriate configuration.

Header spoofing issues: Spoofing continues to be threat in IP version six networks, due to the fact that the neighbour discovery (ND), spoofing threat is only possible by nodes which belong on the same segment.[1]

Flooding issues: Scanning for services and valid host addresses is more difficult in IPv6 networks because of the larger addressing space but this feature does not mean that IP version six is totally invulnerable to this certain attacks. IP version six feature of multicast addresses exploited by the ‘Smurf Attack’’.

Mobility: Mobility is a new feature of IP version six. Mobility consists of two types of addresses, the real addresses and the mobile addresses. Real addresses are typical IP version six addresses contained in the extension header and the temporary addresses contained in the IP header. The temporary section of a mobile device address may be affected to spoofing attacks.

IP version four and IP version six security comparison

The main security difference between IP version four and IP version six is that security in IP version six is native and this protocol designed considering the security factor.

In IP version six IP sec is a part of the protocol and it is mandatory. In IP version four the IP sec is optional, IP sec adapted to IP version four due to the great need for the security in current IP version four internet structure.

IP sec in IP version four networks contains two modes of security traffic. The first mode called tunnel mode and it uses to protect the whole IP version four packets. The second mode is called transport and it uses to vouchsafe only the payload packets. In IP version six there is no need for tunnel modes because authentication and ESP protocols provide secure traffic in IP version six.

Neighbour discovery protocol and auto – configuration are mechanisms used by IP version six. Both neighbour discovery and address configuration make IP version six more secure than IP version four. Also IP version six provides values for Time To Live (TTL) mechanism up to 255, this parameter blocks outside duplicate addresses and outside neighbour packets.

IP version four address space is smaller than IP version six this results allow theats such as viruses.

General Conclusion