Editorial: How Secure is IPv6?by Samuel Bucholtz - Jun 8 2011, 23:44
The massive Internet transition from IPv4 to IPv6 is not without some risks to security. The biggest challenge CISOs will face is the ‘blank slate’ effect of a brand new Internet protocol. After all, we’ve had decades to learn IPv4 inside and out; now that we have a new protocol, we have to start over at the beginning.
Will hackers exploit the IPv6 transition to create a new wave of attacks against businesses? Yes and no. In theory, hackers could use the transitional period to exploit a weak user base knowledge of the new protocol; but, remember, there is a learning curve here for black hats too. It’s also important to note that IPv6 does come with better security options and requirements than its predecessor.
Here are five security issues I foresee with the IPv6 transition:
Poor Implementation and Misconfiguration:
We know very little about IPv6 compared to what we know about IPv4, and a migration of this scale, going from something we’re confident in to something that’s very new to us in many ways, is the perfect storm of implementation mistakes and misconfigurations. This is a big deal, since implementation and misconfiguration are likely the top two reasons security goes wrong in the real world.
Dual Stack Attacks:
The transition from IPv4 to IPv6 is going to take a while, so we’re going to see a hybrid IPv4-IPv6 environment. IPv4 and IPv6 have their own sets of specific security problems, which doubles the trouble for security professionals, and opens up the opportunity for attacks that exploit the interaction between IPv4 and IPv6. This interim period will see a lot of insecurity-via-complexity.
Integration with DNSSEC and IPsec:
DNSSEC, in a nutshell, protects DNS, as used on IP networks, from forged DNS data, by signing records with public-key cryptography (e.g., DNS cache poisoning). While it does offer integrity via authentication, it does not offer confidentiality. IPsec encrypts and authenticates IP communication, offering both confidentiality and integrity.
Both are necessary, I feel, but they will likely face an uphill battle in support, due to implementation complexities. They’re not catch-all security nets, either; for example, neither will protect IPv6 networks from DDoS attacks - they may mitigate some of the effects, at best.
Device and Application Support:
Ideally, devices and applications will have already begun to take on protocol independent strategies, so they can easily toggle between IPv4, dual stack, and IPv6 modes. However, having multiple options like this could make compilation more of a hassle.
That, and there are differences in things like address parsing, data types and structures, single/multiple interface addresses, URL embedding, etc. – needless to say, programmers will have their hands full.
Protocol Design (by this I mean new functions like mobility support) is Untested:
Mobile IPv6 is as efficient as native IPv6, because of the way it handles routing, unlike IPv4; it allows for static IP addresses for mobile devices. However, the security specifications are still evolving, and there don’t appear to be any guarantees that mobile IPv6 is at least as secure as IPv6, or even IPv4.
The goal here is to handle the routing part securely, and without real-world testing, it’s unclear as to how well we know how to do that. This falls back to the problem of knowing very little about IPv6 in practice, as opposed to IPv4, which we've had for decades.
Needless to say, the dawn of IPv6 marks a new era of challenges for the security community. CISOs must make IPv6 transitioning a top priority within their organizations. Failing to do so could put any company or organization at a significantly greater risk of attack.
Samuel Bucholtz is co-founder of Casaba, LLC in Seattle. Casaba, provides security testing services to key software developers like Microsoft. Casaba is part of Microsoft’s SDL Pro Network.