Tag Archive for IPv6

| December 10, 2013
Comments Off on 6LoWPAN ?

6LoWPAN ?

6LoWPAN ?BYOD, BYON, IoT, IPv6, SaaS, SDN, MDM, M2M, TCP/IP, IEEE, EIEIO, IMHO, tech is drowning in drowning in acronyms. And now Stacey Higginbotham at GigaOM explains 6LoWPAN.  6LoWPAN stands for IPv6 over Low-Power Wireless Personal Area Networks. 6LoWPAN is the lightweight version of traditional internet protocol (IP) designed for the internet of things.

Misco reports that Internet-connected devices will number 9.6 billion by the end of 2013 and the figure will jump to 28 billion by 2020. Currently, the 9.6 billion Internet-connected devices connect to another device, a phone, or a corporate gateway. In order for a true internet of things to emerge, these devices should have the ability to connect directly to a web service.

Device to cloud

IPv6Instead of device-to-device, it’s device to cloud. The article surmises that since most of today’s devices use IP to connect to the web, engineers would like to use IP to connect devices to the web as well. The only problem is that IP is a heavy, energy-intensive beast. This is one that reason, the Internet’s standard’s setting organization, the IETF, proposed 6LoWPAN in 2004.

The numeral 6 in the standard, is short for IPv6. Ms.Higginbotham explains that if you’re envisioning tens of billions of connected sensors then IPv6 is the way to go. However, supporting the 128-bit numbering system required by IPv6 also takes computing and memory overhead that tiny sensors don’t have. It also requires longer packet headers and such that can clog low bit-rate networks. Since the 6 is IPv6 and the Lo references the low-power aspect of the protocol.

Internet of ThingaThe WPAN or Wireless Personal Area Network is a nod to the wireless mesh network that the protocol supports. Because this isn’t directly analogous to the traditional network stacks, it’s hard to limit the technology to a particular layer in the network.

Sensors in a connected network can run the gamut from a video camera that’s plugged into a wall to a battery-powered water sensor hiding under the washing machine. GigaOM says the standard is flexible enough that some nodes might be able to do more than just send information. Others can be designed to sleep until an event wakes them for a data transmission. In short, it’s complicated, which makes defining a network stack or standards for the internet of things tough.

6LoWPAN will use multiple radio protocols

WirelessThe WPAN in 6LoWPAN will use multiple radio protocols. It can work over several radio networks that use the IEEE 802.15.4 standard, the most popular being ZigBee. The IETF is also working with the Bluetooth Special Interest Group to build 6LoWPAN support for the Bluetooth protocol.

GigaOM notes that the Bluetooth SIG already has taken steps to cut power consumption to meet the demands of the internet of things, so it clearly is also aware of the need for the IPv6 addressing scheme if every bra, door lock, or porta-potty is going to hop on the InterTubes without a phone or computer.

ZigBeeCharles McLellan at ZDNet explains that IBM (IBM) has teamed up with wireless sensor network specialist Libelium to deliver a wireless sensor platform starter kit comprising IBM’s Mote Runner SDK and Libelium’s Waspmote sensor platform, Waspmote Mote Runner development platform allows researchers to explore the benefits of 6LoWPAN.

Tech titans betting on 6LoWPAN

Ms. Higginbotham says that IBM getting behind the standard with this announcement is just one more big-name betting on 6LoWPAN as the communications protocol for the internet of things. She says a few months ago ARM purchased Sensinode, a company that has literally written the book (MP4) about 6LoWPAN. Cisco (CSCO) has an investment in 6LoWPAN with its 2010 purchase of Arch Rock, for its smart grid initiative.

Platforms such as Electric Imp, Ayla Networks, and ThingSquare, all of which offer modules and services to connect devices directly to the internet, are also gaining ground with test programs and early adopters, helping make the case for 6LoWPAN. So as devices start going directly to the cloud and bypassing phones and computers, having a protocol that supports modern addressing at relatively low power and low overhead will become more important. And that’s what this terribly awkward acronym provides.

 rb-

6LoWPAN is what will drive the rapid growth of the IoT. The Business Insider says that IoT grows from 1.9 billion devices today, to 9 billion by 2018. To put that in perspective, BI claims that by 2018 IoT will be roughly equal to the number of smartphones, smart TVs, tablets, wearable computers, and PCs combined.

You can insert your own joke about the feds collecting data from a porta-potty.

What do you think? Is 6LoWPAN the best way to connect IoT devices to the cloud?

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| September 17, 2013
Comments Off on Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?

Did NSA Subvert IPv6 Security?Cryptographer and Electronic Frontier Foundation (EFF) board member Bruce Schneier has given advice on how to be as secure as possible. “Trust the math,he says. “Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.

subverting the implementations of encryption

All UR emails R mine

Mr. Schneier confirms to Infosecurity that the growing consensus is that Bullrun‘s greatest success is in subverting the implementations of encryption and not in the ability to crack the encryption algorithms themselves. The general belief is that the NSA has persuaded, forced or possibly even tricked companies into building weaknesses or backdoors into their products that can be exploited later.

Infosecurity says the bottom line, however, is that the fabric of the internet can no longer be trusted. Meanwhile, John Gilmore, co-founder of EFF and a proponent of free open source software, has raised a tricky question: has NSA involvement in IPv6 and IPSEC discussions effectively downgraded its security? IPSEC is the technology that would make IP communications secure.

EFF.orgMr. Gilmore told the author that he was involved in trying to make IPSEC “so usable that it would be used by default throughout the internet.” But “NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents.

The result was “so complex that every real cryptographer who tried to analyze it threw up their hands and said, ‘We can’t even begin to evaluate its security unless you simplify it radically‘” – something that never happened EFF’s Gilmore observed.

Mr. Gilmore doesn’t explicitly say that the NSA sabotaged IPSEC, but the fact remains that in December 2011, IPSEC in IPv6 was downgraded from ‘must include’ to a ‘should include.’ He does, however, make very clear his belief in NSA involvement in other security standards.

Discussing cellphone encryption, the EFF co-founder says “NSA employees explicitly lied to standards committees” leading to “encryption designed by a clueless Motorola employee.

To this day, Mr. Gilmore notes that “no mobile telephone standards committee has considered or adopted any end-to-end (phone-to-phone) privacy protocols.  This is because the big companies involved, huge telcos, are all in bed with NSA to make damn sure that working end-to-end encryption never becomes the default on mobile phones.

 rb-

Following the Snowden leaks revealing Bullrun – the NSA program to crack the world’s encryption – the article states that there is an emerging consensus that users can no longer automatically trust any security.

Other articles say that NSA has compromised SSL so the NSA has access to credit cards and your 4G phones. This is another unnecessary attack on US e-commerce business who is going to buy something online when your account numbers are in the hands of US government hackers.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| September 15, 2012
One comment

IPv4 IPocalypse Strikes Europe

IPv4 IPocalypse Strikes EuropeThe IPocalypse has stuck in Europe. RIPE NCC, the Regional Internet Registry (RIR) for Europe, the Middle East, and parts of Central Asia announced on 09-14-12 that it is down to its last “/8” worth of IPv4 addresses. ArsTechnica reports it is no longer possible to get new IPv4 addresses in Europe, the former USSR, or the Middle East, with one small exception: every network operator that is a “RIPE member” or “local Internet registry” (LIR) can get one last block of 1024 IPv4 addresses. To fulfill these requests, the RIPE NCC is keeping that last /8, which has 16.8 million addresses, in reserve.

None of this comes as a surprise, according to the author, given that global IPv4 IPocalypse struck when the global pool of free IPv4 addresses dried up in February 2011. APNIC, which distributes IP addresses in the Asia-Pacific region, ran out of IPv4 addresses in May 2011. The remaining three Regional Internet Registries are AfriNIC (Africa), LACNIC (Latin America and the Caribbean), and ARIN (North America), which all have enough IPv4 addresses to last at least two more years.

Since the depletion of IPv4 address space in the APNIC region, little information has surfaced about how network operators in the region have managed the situation. The article states, the lack of IPv4 addresses only impacts organizations and consumers who need more addresses, or who need addresses for the first time. Existing IPv4 users remain unaffected by the global IPocalypse, and so the immediate impact is limited. Also, large network operators get large address blocks from the RIRs and they typically have a pool of unused addresses of their own, so few will be experiencing immediate problems.

Every year for the past five years, some 200 million new IPv4 addresses have been put into use. Ars cautions, without a steady supply of fresh addresses, many Internet-related activities are going to become problematic in the years to come. Fortunately, 20 years ago the Internet Engineering Task Force (IETF) foresaw the IPv4 IPocalypse, where the 3.7 billion 32-bit IPv4 addresses would run out, would become a problem, and started working on a replacement: IPv6. However, the IPv4 depletion didn’t happen as fast as the IETF originally predicted, and IPv6 adoption has languished.

rb-

So IPv6 adoption got a big kick in the implementation from World IPv6 Launch. Eventually, IPv6 will replace IPv4, but the transition won’t be pretty. I have covered some of the IPv6 issues here, here, and here. Give it some time, Europe and the rest of us will survive the IPv4 IPocalypse.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| August 23, 2012
One comment

Privacy on IPv6 Networks

Privacy on IPv6 Networks

Internet service providers, websites, and equipment vendors around the globe took part in the World IPv6 launch in June, Internet companies including AT&T (T), Cisco (CSCO), Comcast (CMCSA), Facebook (FB), Google (GOOG), Microsoft (MSFT), Verizon Wireless (VZ), and Yahoo (YHOO) decided to permanently turn on IPv6. A small fraction of Internet users and devices have started communicating via IPv6 networks, with more and more transitioning to the new protocol over the coming months and years. There are security and privacy implications in the switch to IPv6.

IPv6All kinds of devices will get new IPv6 numbers as the addressing format grows. The IPv6 addresses for these networked devices can be generated in a number of different ways and the choice of how they are created has potentially wide-reaching effects for security and privacy Center for Democracy & Technology explains. One of the original methods for assigning new addresses involved using a unique device identifier (known as a MAC address) as the suffix of the IPv6 address. This method creates a permanent, unique address for a device, potentially allowing any server that the device communicates with to indefinitely track the user.

IPv6 designers soon realized the potential security and privacy problems of MAC-based addresses; as a result, they created an alternate method known as “privacy extensions” or “privacy addresses” the article reports. The privacy extensions use a randomly generated number instead of a MAC address. In order to protect privacy on an IPv6 network, the random number is unrelated to any device identifier and in practice lasts no more than a week (and often much less time), ensuring that the user’s IP address cannot be used for long-term user tracking.

SmartphoneIt is up to operating system vendors to choose which IP address assignment method will be the default on their devices. The author says that some vendors have made good choices, particularly within the last year. Microsoft has long led the charge on IPv6 privacy, with privacy extensions on by default in all versions of Microsoft Windows since the release of Windows XP nearly a decade ago. Apple followed suit last year, with privacy extensions activated by default in all versions of Mac OS X since 10.7 (Lion) and with the release of iOS 4.3 for iPhone and iPad. Google did likewise in its Android 4.0 release last year.

The CDT says that as long as Internet users choose to upgrade their operating systems to the latest versions, they should be protected against perpetual security and privacy threats from IPv6 network address tracking.

rb-

mobile OS's send private information about their users to the networHowever, I wrote about reports from H.Security that mobile operating systems do not protect security or privacy on IPv6 networks. The report says mobile OSs send private information about their users to the network. The H.Security article says this is not a flaw in IPv6, rather it is lazy programming in some cases. The article points out that neither Apple’s iOS nor Android devices have the option to enable Privacy Extensions or the option to disable IPv6. apparently, the only thing smartphones need is a control option in the user interface to protect mobile OS users’ privacy and security on an IPv6 network.

Related articles
  • Romania Has the Fastest IPv6 Adoption Rate (maindevice.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| July 17, 2012
3 comments

IPv6 Compromise Smartphones Users’ Privacy

IPv6 Compromise Smartphones Users' PrivacyNow that the IPv4 address pool is depleted and the IPocalypse is at hand, wrinkles are emerging in IPv6.  One of the wrinkles is with mobile devices. Most of the cool mobiles devices have been able to handle IPv6 for a while. Apple’s (AAPL) iPhones, iPads, and iPods have been capable of handling IPv6 Since version 4 of the iOS operating system and most Google (GOOG) Android devices have been capable since version 2.1. H  Security is reporting that these mobile operating systems send information about their users to the network.

Smartphone risksA device on an IPv6 network usually determines half of their address (the “interface identifier”) themselves, but H Security says that smartphones are sloppy with this task. According to the article, smartphones simply add the same two bytes to their globally unique MAC address and use it as their identifier. As a result, they transfer a unique hardware ID whenever they communicate with an IPv6-enabled server.

The basic problem isn’t an IPv6 issue because there are other methods for generating the address. The article says that a device can generate a random interface identifier and replace it on a regular basis. This is called the Privacy Extensions method and is the factory-set option in Windows; it can also be enabled in other operating systems. The article points out that devices running Apple’s iOS or Android offer neither the option to enable Privacy Extensions nor the option to disable IPv6, anyone who uses an affected device on an IPv6-enabled wireless network will send their ID.

IPocalypseThe only thing the smartphones are lacking is a control option in the user interface, as the Privacy Extensions do come as part of their kernel. For instance, on a (jailbroken) iOS 4 device with root access, they can be enabled with the same command that enables them on a desktop device running Mac OS X:

sysctl -w net.inet6.ip6.use_tempaddr=1

The blog claims the problem is only affecting a small number of users because IPv6 is not yet in widespread use. However, more ISPs plan to offer IPv6 in addition to the old IPv4 in the future. In addition, there are routers like the Cisco (CSCO) Linksys E3000, which will automatically set up an IPv6 connection via a 6to4 conversion when their internet access is purely IPv4.

The author concludes that the issue is particularly sensitive because such devices tend to be used by one specific person. As a result, the MAC address, which is accessible to any server operator and network monitor, allows this user to be identified.

rb-

If this sounds familiar, it is I wrote about mobile apps uploading  UDID’s here.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries   Recent Entries »