January 2007 Newsletter

We are just two months away from the first ever joint US IPv6 Summit and Coalition Summit for IPv6. We have a stellar speaker lineup this year, with many of the most powerful voices in the IPv6 landscape, including Major General Dennis C. Moran, Vice Director for Command, Control, Communications, and Computer Systems (J6), OJCS; Rep. Robert Goodlatte, Co-Chairman, Congressional Internet Caucus; and Lt. General James Soligan, Deputy Commander, NATO Allied Command Transformation. Please join us March 26th-29th, 2007 at the Hyatt Regency in Reston, VA, for an eye-opening look into both domestic and International IPv6 strategies, transition plans, applications and developing technologies. Early Bird prices are still in effect -- to register now, go to http://www.coalitionsummit.com.
This issue of 6Sense has a special focus on both security and consumer electronics trends in IPv6.
In this January, 2007 issue of 6Sense:
Steve Bellovin and Angelos Keromytis of Columbia University, and Bill Cheswick, the co-founder of Lumeta, offer a provocative look at the propagation of worms in an IPv6 network -- and why we cannot rest on the laurels of inherent IPv6 security.
Adam Stein of MU Security provides an insightful discussion regarding the "attack surfaces" of IPv6 networks and what can be done to reduce major risk factors.
Chris Harz of IPv6 Summit, Inc. reports on the latest consumer electronics trends at the CES 2007 show, and what implications they may have for IPv6 products and services.
Please note that 6Sense welcomes submissions from anyone who wants to contribute to the creation and strengthening of the IPv6 industry and international IPv6 community. We invite you to share your unique insights with our readers.
We hope that you enjoy this issue, and will join us in furthering the vision of an expanding IPv6 future this March.

Worm Propagation Strategies in an IPv6 Internet

In recent years, the Internet has been plagued by a number of worms. One popular mechanism that worms use to detect vulnerable targets is random IP address-space probing. This is feasible in the current Internet due to the use of 32-bit addresses, which allow fast-operating worms to scan the entire address space in a matter of a few hours. The question has arisen whether or not their spread will be affected by the deployment of IPv6. In particular, it has been suggested that the 128-bit IPv6 address space (relative to the current 32-bit IPv4 address space) will make life harder for the worm writers: assuming that the total number of hosts on the Internet does not suddenly increase by a similar factor, the work factor for finding a target in an IPv6 Internet will increase by approximately 296, rendering random scanning seemingly prohibitively expensive.
Some worms, such as Melissa, spread by email. These worms will not be affected by the adoption of IPv6; though the space of possible email addresses is vast, these worms typically consult databases such as Microsoft Outlook's address book.
On the other hand, life will indeed be harder for address-space scanners, such as Code Red and Slammer. Clever heuristics can cut the search space dramatically. More specifically, multi-level searching and spreading techniques can negate the defender's advantage. However, the code size required for worms will increase, which may help prevent Slammer-like attacks. This has created the impression that an IPv6 Internet would be impervious to similar kinds of worms.
In the past, there have been two forms of address-space scans. Some worms use a uniformly distributed random number generator to select new target addresses. This strategy is indeed unlikely to succeed in an IPv6 world. Other worms preferentially spread locally, by biasing the search space toward addresses within the same network or subnet. This will be a more successful strategy, though at first glance the 80-bit local space (nearly twice Avogadro’s number!) would seem to be a formidable obstacle. We observe that certain strategies can improve the attacker’s odds. In particular, by taking advantage of local knowledge and patterns in address-space assignment, the attack program can cut the search space considerably.

Security Analysis of IPv6 Networks

Many manufacturers, government bureaus, Department of Defense critical assets and infrastructure agencies are converting proprietary systems to IP-based networks. This transition from homogenous IPv4 networks or SCADA networks to mixed IPv4 and IPv6 networks exposes much larger possible attack surfaces. The attack surface becomes more complex with diverse IT Systems, SCADA Control Systems, weapon platforms, or combat systems. Additionally, previous software bugs once isolated in proprietary networks expand to become exploitable vulnerabilities once exposed to an open IP network. This problem requires a methodical and repeatable analysis, including a Security Analyzer system to document and isolate vulnerabilities before they are exploited.
As a new protocol stack, IPv6 leverages vulnerabilities similar to those in IPv4 as well as others unique to IPv6. Being first to market with a security analysis system capable of evaluating IPv4 and/or IPv6 is a significant advantage for any vulnerability assessment, penetration testing and fuzzing products. As IPv6 becomes a requirement for government infrastructure in 2008 and a core part of Microsoft's Vista operating system, the market opportunities for Security Analyzers grows exponentially. Security Analyzers offer three immediate benefits to IPv6 systems and applications:
Problem: Structural issues with many type-length-value extension headers may be exploitable in IPv6.
Using Security Analyzers: Rapid identification and detailed auditing of IPv6 weaknesses prior to malicious exploits.
Problem: Fragmentation support in IPv6 opens up potential attack vectors.
Using Security Analyzers: Identification of both IPv4 and IPv6 fragment attacks.
Problem: IPv6 addresses contain many more semantics and a wider range of accepted variations than those of IPv4.
Using Security Analyzers: Automates parsing structurally valid addressing in proper context through either multicast or unicast transport.

CES 2007: Geeks, Gadgets and IPv6

The Consumer Electronics Show (CES) is the largest trade show in America, with over 150,000 visitors and 65 miles of aisles zigzagging around the equivalent of 35 football fields of floor space at the Las Vegas Convention Center, the Sands Convention Center, and various other venues around Las Vegas, Nevada. It is the annual trek to Mecca for anyone interested in consumer electronics, including television sets, car and home stereo systems, cell phones, cameras (both still and video), MP3 players and accessories, and the like.
Besides being a concentrator of what are sometimes called "boy toys," the CES is also an important part of the story of the future of IPv6, of the consumer demands for products and services that will be dramatically better, cheaper or more secure when enabled with IPv6, and which will eventually lead to ubiquitous v6 availability – and profitable ledger numbers for hundreds of existing and startup companies that cater to that demand. Our IPv6 community has mostly discussed the "push" aspect of v6 – what infrastructure IT executives need to provide, and what the technical characteristics of that infrastructure should be – and paid relatively little attention to the "pull" for IPv6 – what popular applications and consumer trends are evolving that could transmogrify the developmental status of v6 from "nice to have" to "must have" – for a mass-consumer audience.