Ip Level Security Requirements

Published Date: 02 Nov 2017

Abstract:

TheInternethasbeensuggestedtobeoneof,ifnotthegreatestachievementsofourtimeindatacommunications.Ithasresultedinanexplosionofusergeneratedcontentandinvolvementfroma widespectrumofdemographics.Thisinformationhas,sincetheinceptionoftheInternet,beencarriedonthebackofTCP/IPv4butthiseraisnowcomingtoaclose.Withthesunsettingonthe heightoftheTCP/IPv4reign,theneedforasuccessorgrows.Thereisresistancetochangein thosewhocontroltheinfrastructureoftheInternet.Thebattleoftheprotocolsrageson.

Table of Contents

Inception of the Internet and TCP/IP 2

The TCP/IP Protocol Layers 3

Evolution of TCP/IP (TCP/IPv4) 3

Birth of TCP/IPv6 5

Resulting Impact 6

Reference List 9

Inception of the Internet and TCP/IP

Over time, the human race has created ever more efficient means of communicating and sharing information with each other. Around the end of the 1980s and early 1990s, service providers began to emerge that offered the capability to connect to the internet to the average consumer. By half way through 1990s, the internet had quickly spread to many different parts of the world. As of 2012, it is estimated that some 4 billion people around the world access and use the Internet.

The standards that were developed in the early stages of the internet are known as protocols. Protocols establish a clear format for the basis of the information that is being transmitted. When two different computing networks use the same protocol, it allows them to communicate directly, without the need for translation which is similar to two people speaking the same language. When this is true, people understand each other perfectly and have no need for a third party to translate for them. The main protocol that is used by the internet is called the Internet Protocol Suite. This protocol is actually broken down into two components: Transmission Control Protocol and Internet Protocol. As a result, the Internet Protocol Suite is also widely known as TCP/IP.

The main reasons for TCP/IP success is due to:

• Design for routing (There are TCP/IP routers that transmit data from one network to another, one step at a time.)

• Scalability (Improvements and changes can be made to TCP/IP and its core still has remained the same from its beginning.)

• Development process/ Open standards (The unique RFC process is used to develop and modify TCP/IP standards and protocols with all third parties encouraged to participate. This ensures the protocol suite will be accepted worldwide and that anyone interested in the TCP/IP protocols are given the chance to provide input into their development.)

• Universality (TCP/IP is used worldwide)

• Underlying network Independence (It does function on almost any lower-layer technology which including LANs, WANs etc of various sorts.)

The TCP/IP Protocol Layers

TCP/IP is modeled in layers, like most networking software. Protocol stack is the term used as layered representation which refers to the stack of layers (5 layers) in the protocol suite. It is not used to functionally compare the TCP/IP protocol suite against others but it is used for positioning. Basic differencesare present in the layered models in different protocol suites therefore functional comparisons cannot easily be taken from this. Protocol stack accepts for "division of labor" by dividing the communication software into layers so for ease the ability to develop alternative layer implementations and code testing. Layers communicate with those above and below through a brief interfaces. According to this, a layer utilizes services given by the layer directly below it and gives a service to the layer directly above it. For an example, the IP layer gives the ability to transfer data from one host to another computer without any guarantee of duplicate suppression or reliable delivery. In-order to provide applications with reliable data stream delivery the transport protocols such as TCP utilize this typeof service.

The five layers in TCP/IP are: (In order of highest layer to lowest layer)

• Application layer

• Transport layer

• Internet layer

• Network Interface layer

• Physical layer

Evolution of TCP/IP (TCP/IPv4)

Internet Protocol version 4 (IPv4) was first deployed in 1981. It is widely used and accounts for most of today’s Internet traffic. There are just over 4 billion IPv4 addresses. Each allocated IP address contains a 32-bit number address size in a Dotted decimal notation address format. The number of IP address that can be allocated using TCP/IPv4 are 2 to the power of 32 (approximately 4,294,967,296 addresses).

IPv4 is the backbone technology that makes it achievable for us to connect our electronic devices to the Internet. Whenever a device such as a PC, Mac, smartphone accesses the Internet (or to any wireless network), it is give a unique numerical IP address such as 192.168.1.102. For a data packet to be transferred across the network containing data from one computer to another through the internet it should have the IP addresses of both devices. Computers cannot or will not be allowed tosend data and communicate to each other without IP addresses. It is fundamental to the infrastructure of the web.

At the beginning of IPv4, the Internet/web was not the large commercial phenomenon that it is today because most networks were closedoff and privatefrom other networks around the world.Once the Internet exploded or expanded, having only 32 bits to identify a unique Internet address caused people to panic that we'd run out of IP addresses and Under IPv4, thereis 2 to the power of 32 possible combinations, which offers just below 4.3 billion unique addresses. This is the crisis TCP/IPv4 faces, lucky TCP/IPv6 was introduced.

A few problem with TCP/IPv4 were;

•The recent exponential rise of popularity of the Internet and the limited amount of the IPv4 address space.

IPv4 addresses have become relatively depleting over the years, making some organizations to use a Network Address Translator also known as NAT to map many private addresses to a one public IP address. While NATs do not support standards-based network layer security or the correct mapping of all higher layer protocols while they promote reuse of the private address space. They can create issues when connecting two or more organizations that use the private address space.

Moreover, the rising importance of appliances and Internet-connected devices ensures that the public IPv4 address space will eventually be depleted.

•The increase of users on the Internet and the ability of Internet backbone routers

This is used to control routing tables because of the way IPv4 address prefixes are currently and have been allocated. The current IPv4 Internet routing infrastructure is a combination of both hierarchical and flat routing. The Internet backbone routers are routinely over 85,000 routes in the routing tables.

• Simplified configuration.

Almost all current IPv4 implementations must be either use a stateful address configuration protocol such as Dynamic Host Configuration Protocol (DHCP) or manually configured. There is a need for a simpler and more automatic configuration of addresses with more computers and devices using IP.And other configuration settings that do not rely on the administration of a DHCP infrastructure.

• IP level Security Requirements

Encryption services that protect the data being sent from being viewed or modified in transit are required in private communication over a public medium like the Internet.Internet Protocol securityknown as or IPsec is a standard that now exists for providing security for IPv4 packets, this standard is not mandatory and proprietary solutions are prevalent.

• Quality of service (The need for better support for real-time delivery of data)

Real-time traffic support relies on the IPv4 Type of Service (TOS) field and the identification of the payload, typically using a UDP or TCP port while the standards for QoS exist for IPv4. Unfortunately,over time there were various local interpretations and the IPv4 TOS field has limited functionality. Also,when the IPv4 packet payload is encrypted, the payload identification using a UDP and TCP port is impossible

The Internet Engineering Task Force (IETF) has developed a suite of protocols and standards known as IP version 6 (IPv6)to address these and other concerns. This new version incorporates the concepts of many proposed methods for updating the IPv4 protocol and was previously called IP-The Next Generation (IPng). By avoiding the random addition of new features, the design of IPv6 is intentionally targeted for minimal impact on upper and lower layer protocols

Birth of TCP/IPv6

Transmission Control Protocol/ Internet Protocol version 6 (TCP/IPv6) is a network layer protocol that enables data communications over a packet switched network.The IETF specification for IPv6 is RFC 2460 and the working standard for the IPv6 protocol was published by the Internet Engineering Task Force (IETF) in 1998. The sending and receiving of data in packets between two nodes in a network is known as Packet switching.IPv6 was intended to replace the widely used Internet Protocol Version 4 (IPv4) that is considered the backbone of the modern Internet. IPv6 is the "next generation Internet" because of its growth through recent large scale deployments and its expanded capabilities.

The explosive growth in mobile devices including mobile phones, notebook computers, and wireless handheld devices has created a need for additional blocks of IP addresses. IPv4 currently supports a maximum of approximately 4.3 billion unique IP addresses. With the launch of IPv6, which assigns addresses in a new way that number can grow to 340 trillion. Out that there are already enough mobile devices in the world to exhaust the addresses for the current system, IPv4. And device growth is moving much faster than population growth, it is predicted that mobile device subscriptions will outnumber the world’s population within five years, 9 billion mobile subscriptions for 7.4 billion people.

The majority of transport layer protocols that function with IPv4 will also function with the IPv6 protocol and IPv6 and IPv4 both share a similar architecture. With the notable exception of File Transfer Protocol (FTP) most application layer protocols are expected to be interoperable with IPv6 as well. An IPv6 address has eight groups of four hexadecimal digits. The notation can be shortened using a colon to replace the zerosif a group consists of four zeros, howeverFTP uses embedded network layer addresses to facilitate data transmission.

A main advantage of IPv6 is increased address space.The 128-bit length of IPv6 addresses is a significant gain over the 32-bit length of IPv4 addresses which allows for an almost limitless number of unique IP addresses. The size of the IPv6 address space makes it less vulnerable to malicious activities such as IP scanning. IPv6 packets can support a larger payload than IPv4 packets resulting in increasedthroughput andtransport efficiency.

Resulting Impact

IPv6 Features;

• New header format

IPv6 header has a new format that is designed to keep header overhead to a minimum. This is made possible by moving both optional fields and non-essential fields to extension headers that are placed after the IPv6 header.

Due to its vast difference IPv6 headers and IPv4 headers are not interoperable. A host or router must use an implementation of both IPv6 and IPv4 in order to process and recognize both header formats.IPv6 is not a superset of functionality that is backward compatible with IPv4.Even though IPv6 addresses are four times as large as IPv4 addresses the new IPv6 header is only twice as large as the IPv4 header.The streamlined IPv6 header is more efficiently processed at intermediate routers.

• Stateless and stateful address configuration

IPv6 supports both stateful address configuration, such as address configuration in the presence of a DHCP server, and stateless address configuration (address configuration in the absence of a DHCP server) to simplify host configuration. Hosts on a link automatically configure themselves with IPv6 addresses for the link (called link-local addresses) and with addresses derived from prefixes advertised by local routers instateless address configuration. Hosts on the same link can automatically configure themselves with link-local addresses and communicate without manual configurationeven in the absence of a router.

• Large address space

IPv6 has 128-bit (16-byte) source and destination IP addresses. The large address space of IPv6 has been designed to allow for multiple levels of subnetting and address allocation from the Internet backbone to the individual subnets within an organization also 128 bits can express over 3.4 possible combinations.

There are plenty of addresses available for future use even though only a small number of the possible addresses are currently allocated for use by hosts. With a much larger number of available addresses, address-conservation techniques, such as the deployment of NATs, are no longer necessary.

• Routing infrastructure and Hierarchical and efficient addressing

IPv6 global addresses used on the IPv6 portion of the Internet are designed to create an efficient, hierarchical, and summarizable routing infrastructure that is based on the common occurrence of multiple levels of Internet service providers.

• Built-in security

Support for IPsec is an IPv6 protocol suite requirement. This requirement provides a standards-based solution for network security needs and promotes interoperability between different IPv6 implementations.

• New protocol for neighboring node interaction

The Neighbor Discovery protocol for IPv6 is a series of Internet Control Message Protocol for IPv6 (ICMPv6) message that manage the interaction of neighboring nodes (nodes on the same link). Neighbor Discovery replaces the broadcast-based Address Resolution Protocol (ARP), ICMPv4 Router Discovery, and ICMPv4 Redirect message with efficient multicast and unicast Neighbor Discovery messages.

• Better support for prioritized delivery

The new fields in the IPv6 header state how traffic isidentified and handled. Flow Label field in the IPv6 header is used for Traffic identification and allows routers to provideand identify special handling for packets belonging to a flow which is a series of packets between a source and destination. Support for prioritized delivery can be done even when the packet payload is encrypted with IPsec because the traffic is identified in the IPv6 header.

• Extensibility

Unlike options in the IPv4 header, which can only support 40 bytes of options,IPv6 can easily be extended for new features by adding extension headers after the IPv6 header. The size of IPv6 extension headers is only constrained by the size of the IPv6 packet.

In the late 1970s it was unimaginable that the IPv4 address space that was designed could be exhausted. However, due to an allocation practice that did not anticipate the recent explosion of hosts on the Internet andchanges in technology, the IPv4 address space was consumed to the point that by 1992 it was clear a replacement would be necessary.

The replacement was IPv6 for obvious reasons stated above. However, despite the recent IPv6 World Day demonstration, which showed that our IPv6 technologies are ready to go and that they can live and work with IPv4, we're not moving quickly at all to the next generation of the Internet.

The slow adaptation from IPv4 to IPv6 is due to these limiting factors;

• Complexity (Available skill & Technology is acquired externally)

• Cost to convert (Varies on the scale of the organizations)

• Compatibility (Need support for IPv4 and IPv6 addresses)

• Implementation time (Varies on the scale of the organizations)

• Network Externalities (Additional Hardware and Software)

• Observability (The ability to observe benefits)

• Sponsorship (governmental/ private or none)

• Tradability (the ability to pilot test the system)

Today the existence of IPv6 in organizations is presents however it is scarce and slow in implementation. When the demand for IPv6 increase due to the limitations of IPv4 we would mostly likely see a drastic change.

The question "Will IPv6 turn out to be limited as IPv4 in the future?" arises, if the future hold more electronic device which need IP addresses such as televisions, washing machines, house hold utilities, vehicles etc. and with the ever growing population, we might see a new Transmission Control Protocol/ Internet Protocol version