The influence of IPv6 security mechanism on the existing network security system

As a new version of the IP protocol, IPv6 not only solves the current problem of lack of IP addresses, but also improves the confidentiality and integrity of the network layer due to the introduction of encryption and authentication mechanisms. Therefore, it can be said that IPv6 achieves network layer security. However, this kind of security is not absolute. The article discusses the security features of IPv6, and points out that the widespread application of IPv6 needs further study.

1 IPv6 security mechanism

1.1 Definition of IPv6

IPv6 (Internet Protocol Version 6) is the next-generation IP protocol designed by IETF to replace the current version of IPv4 protocol. The protocol family adopted by the current global Internet is the TCP / IP protocol family, and the network layer protocol is IP, which is also the core protocol of the TCP / IP protocol family. With the development of electronic network technology, computers will gradually enter people's daily lives, and all of our lives will enter the Internet. It is in this environment that IPv6 came into being.

1.2 Features of IPv6

IPv6 is a new-generation Internet protocol that can increase the number of IP addresses without limit, and has features such as excellent network security performance and huge address space. The characteristics are as follows:

(1) The address space is huge: The IPv6 address space is expanded from 32 bits of IPv4 to 128 bits, and the address space is increased by a factor of 96.

(2) The address hierarchy is rich and the allocation is reasonable: the IPv6 terminal management organization allocates a certain TLA to certain backbone network ISPs, and then the backbone network ISP selectively allocates NLA to each small and medium-sized ISP, while Internet users Obtain a single IP address from a small or medium ISP.

(3) Flexible IP packet header format: IPv6 replaces the variable-length option field in IPv4 with a fixed-format extension header, and the appearance of the option part also changes.

(4) Improve IP layer network security performance: IPv6 requires the mandatory implementation of the Internet network security protocol IPSec and standardization. The protocol supports authentication header protocol, encapsulated security payload protocol and key exchange IKE protocol. These three protocols will be the future Internet security standards.

In addition to the above features, IPv6 also has features such as stateless automatic configuration, simplified message header format, support for multiple types of services, and allowing the protocol to continue to evolve.

2 Comparison of IPv4 and IPv6

2.1 Advantages of IPv6 protocol

The advantages of the IPv6 protocol over the IPv4 protocol are: first, it has a larger address space; second, it uses a smaller routing table; third, it adds enhanced multicast (MulTIcast) support and flow support (FlowControl); fourth, Added support for Auto ConfiguraTIon; Fifth, it has higher security.

2.2 Comparison of IPv4 and IPv6 representation methods and functions

The IPv6 protocol is a modification and expansion of the IPv4 protocol, which fundamentally solves the problems such as the exhaustion of IPv4 network addresses and the rapid expansion of the routing table.

2.3 Comparison of IPv4 and IPv6 address types and allocation methods

The IP address is a hierarchical address. The 32-bit address of IPv4 is divided into a network address and a host address. The address is assigned based on the category. There are three main ways: A, B, and C, and two special network addresses, D and E. IPv6 addresses are 128 bits long, and there are three types of IPv6 addresses, namely unicast addresses, multicast addresses, and anycast addresses. Compared with IPv4's block-like address allocation method, IPv6 protocol can perform layered address allocation according to users' needs.

2.4 Comparison of IPv4 and IPv6 security strategies

As a simple network interworking protocol, IPv4 has a series of security vulnerabilities. Applications can only complete security operations through their own private and certified operating mechanisms. IPv6 fully supports IPsec, which requires the provision of standards-based network security solutions in order to meet and improve the ability of different IPv6 protocols to achieve interoperability. IPsec uses the encapsulated security payload header (ESP) and authentication header (AH) to achieve the following security *: ① access mechanism; ② connectionless integrity; ③ data source authentication; ④ attack on packet replay Defense; ⑤ encryption; ⑥ limited business confidentiality.

3 IPv6 security mechanism and existing network security system

The security mechanism of IPv6 and its impact on the existing network security system are as follows: On the one hand, the rapid development of the network has caused the limitation of IPv4 in the design of resources to be highlighted, directly leading to the crisis of insufficient network addresses, and this crisis is increasingly showing an increasing trend On the other hand, out of consideration for security and information privacy, more and more commercial organizations and government departments are no longer willing to send their sensitive information and communicate in clear text on unsafe networks, which leads to The rapid growth of encryption and authentication requirements.

3.1 Security of the current IP network

The IPv6 security mechanism has the following three recognized indicators for the security of the network layer: (1) identity verification; (2) integrity; (3) confidentiality. Integrity and identity verification are often closely linked, while confidentiality is often achieved by using public key encryption, which also helps to authenticate the source. In addition to the above three points, in order to ensure network security, the following problems that threaten network security should also be solved: (1) denial of service attacks; (2) fooling attacks: that is, entities send packets of false origin.

3.2 IPv6 enhances network layer security

The current IPv4 protocol is difficult to guarantee the security of the Internet, and the corresponding IPv6 has security considerations for all commands and execution procedures, and provides encryption and authentication mechanisms based on the network layer. Applications above the network layer are not visible. The security of IPv6 is mainly realized by the AH and ESP marks of IP and the correct related key management protocol.

(1) Authentication header

The IPv6 protocol enables the receiver of the data packet to verify whether the data is really sent from its source address through AH, and provides password verification or integrity test for the transmitted data. The role of AH is as follows: (1) Provide strong integrity for IP packets *; (2) Provide strong authentication for IP packets; (3) If IPv6 uses a public key digital signature algorithm in complete *, AH can Provide indestructible services for IP packets; (4) prevent repeated attacks by using the sequence number field. AH can be used in transmission mode and tunnel mode, which means that it can be used not only to provide authentication and protection services for direct packet transmission between two nodes, but also for sending to a security gateway or by security All packet streams sent by the gateway are encapsulated.

(2) Encapsulated security payload

In addition to the authentication header, IPv6 also provides a standard extension header, namely encapsulated security payload (ESP), which is used to implement end-to-end data encryption at the network layer to deal with network eavesdropping. In general, the ESP header provides several different services [4]: ​​(1) provide the confidentiality of the data packet through encryption; (2) authenticate the data source by using public key encryption; (3) pass through The serial number mechanism provided by AH provides anti-replay services; (4) Provide limited service flow confidentiality by using a security gateway. The default cipher algorithm used by ESP is the data encryption standard for cipher packet link (DES-CBC). Any other suitable algorithms such as various RSA algorithms can also be used.

3.3 The new challenge of IPv6 security mechanism to the current network security system

Although IPv6 has many advantages, it does not ensure the safe operation of the system. There are many reasons, the most important is that network security is a problem that encompasses all levels and aspects, rather than a problem that can be solved only by a secure network layer. Even from the network layer alone, IPv6 is not perfect. After all, it still retains many of the original IPv4 options and service functions, such as fragmentation and TTL. Hackers have used these options to attack the IPv4 protocol or evade detection, so there is no guarantee that IPv6 can escape similar attacks. At the same time, due to the introduction of encryption and authentication mechanisms in IPv6, it may also cause new attacks.

4 Conclusion

In summary, IPv6 not only solves the problem of lack of IP addresses, but also simplifies the protocol header, and successfully introduces two new extended headers AH and ESP. They help IPv6 solve the problems of identity authentication, data integrity and confidentiality, and make IPv6 truly achieve network layer security. This is a big improvement over IPv4. However, since IPv6 security mechanisms are not yet mature, these security mechanisms have caused a huge impact on the current network security system. Therefore, in order to adapt to new network protocols and new development directions, it is extremely urgent to find new ways to solve network security problems.

Qunsuo is the best supplier Manufacturer of Desktop Dot Matrix Printer

1. Adopt the new technology and material of high quality shell, beautiful appearance, and equipped with a larger capacity of paper bin.

2. Bluetooth, USB and serial port are optional for easy connection.

3. Equipped with paper shortage alarm, overheating protection, HP back, black calibration functions, high intelligence.

4. Equipped with original Epson printing movement for longer service life.

5. Applicable to logistics, traffic police, postal, urban management, tobacco, meter reading, supermarkets, clothing and other industries and fields.

Desktop Dot Matrix Printer

76mm Desktop Dot Matrix Printer

Dot Matrix Printer,Portable Dot Matrix Printer,Bluetooth Dot Matrix Printer,Android Handheld Dot Matrix Printer

Shenzhen Qunsuo Technology Co., Ltd ,

This entry was posted in on