Giao thc internet phin bn 6 (IPv6) l g ? IPv6 l g ?

Giao thc internet phin bn 6 (IPv6) nh ngha: L tp nhng c t v nng cp IP phin bn 4. IP phin bn 6 (IPv6) ang c y Ban Chuyn Trch Internet Engineering Task Force (IETF) Standars Committee xem xt; n cn c coi l giao thc Internet th h mi v c thit k nhng gi thng tin c nh dng cho IP4 hay IP6 u c th lm vic c. Nhng gii hn v dung lng a ch v tc tm ng thp thc y vic pht trin IPv6; vi dung lng 128 bit v cch nh a ch n gin hn, giao thc mi s gii quyt phn no nhng vn au u trn. Cc tnh nng c tng cng khc l m ha 64 bit v t ng cu hnh c thit k sn ca a ch IP. Khi ng xng sng ca Internet chuyn sang chun mi c tn l IP Version 6 (IPv6), cc mng cng tc cng s phi chuyn i c th bt kp tro lu. Tuy nhin, theo kin thng nht ca gii quan st vin th y l qu trnh lu di v gian kh. Nguyn nhn ca vic chuyn i t IPv4 sang IPv6 mt phn l do s thiu ht s lng a ch IP. S lng a ch ny tr nn b hn ch khi c qu nhiu my tnh v thit b khc ni vo Internet. Nhng u im ca giao thc mi v s n gin trong vic trin khai cc thit b IP cng nh kh nng bo mt c tng cng s tr gip cho ngi dng cng tc. Nhng cng ty ln nht cn phi bt u qu trnh chuyn i ny sm nht. Theo khuyn co ca mt cng ty nghin cu, cng ty no c trn 1000 a ch IP th phi c k hoch ngay t by gi. Qu trnh chuyn i ny cng c bit quan trng i vi nhng khch hng ph thuc vo Internet hoch nh ti nguyn x nghip, trao i d liu in t v thng mi in t. Nhng ng dng ny thng l loi i hi nhiu bng thng cho x l giao dch, mi trng tng tc hay cc ng dng pht tin v ting ni qua IP. T VNG V IPV6 6bone: nn th nghim IPv6 da trn giao thc IPv4; dng c ch ng ng v chng kp. Anycast: mt loi gi thng tin IPv6, cho php cp nht hiu qu nht bng dn ng cho mt trong cc nhm my ch. Dual stacking: c ch truyn IPv6 Transition Mechanics for IPv6 Hosts and Routers; c t c ch chng kp nh mt phng php chuyn i t IPv4 sang IPv6 v h tr cho c IPv4 cng nh IPv6 trong cc my ch v b dn ng. Dynamic Host Control Protocol (DHCP): chin lc gim nhng vn thng gp do thiu a ch IP; cho php nh v a ch IP mt cch t ng. Internet Engineering Task Force (IETF): chu s gim st ca Ban Kin Trc Internet (IAB) thuc Hip Hi Internet (IA); chu trch nhim pht trin v trin khai cc giao thc Internet. a ch IP (a ch Internet): xc nh thng tin ngi gi v ngi nhn trn cc gi thng tin. c mt trn Internet, mt t chc cn c a ch mng. a ch trong phin bn IPv4 l 32 bit; trong phin bn IPv6 l 128 bit, gia tng theo cp s m s a ch c th c. Multicast: cho php truyn thng gia mt ngi gi v nhiu ngi nhn. Trong IPv6, cho php nhn d

liu bng thng cao nh video v m thanh. Network Address Translation (NAT): chin lc gim nhng vn thng i km vi thiu a ch IP; cho php truy cp n nhng a ch IP ring, khng ng k. By gi hay tng lai? Vn gy tranh ci nhiu nht l nn lm g v vo thi im no. Mt s ngi cho rng giao thc ny s c mt trc khi cc mng din rng cn c chuyn i t 3-5 nm nhng mt s khc th li ni s chuyn i ny cn c ch sm hn v i hi ca n l khng nh. Phn cng, phn mm v cc ng dng mng cn c nng cp lm vic vi nhng trng a ch mi, di hn. Cc c s IP ln phi c sn Network Address Translation (NAT) v Dynamic Host Control Protocol (DHCP) gii quyt nhng vn khi gn a ch mi v gia tng tnh nng ca vic nh danh a ch ny. Hin thi, trong vng hai nm ti, nhng nh qun tr mng vn cn nhiu vn ln hn cn gii quyt l nm 2000 v chuyn sang cng ng chung chu u. Ban chuyn trch cng ngh Internet (IETF) chu trch nhim thc y v hin thc IPv6; t chc ny cng c k hoch hin thc v mi trng th nghim gi l 6bone, t ti c v hin lin kt nhng thit b IPv6 trn 32 quc gia. Thch thc m IETF phi gii quyt l hon tt vic chuyn i sang IPv6 trc khi IPv4 v; h cng c k hoch thc hin tng bc qu trnh chuyn i ny. S c giai on m c hai giao thc cng tn ti trn Internet cng cng. Cc chuyn gia c tnh qu trnh chuyn i ny mt khong t 4-10 nm.

TNH NNG TNG CNG TRONG IPv6 SO VI IPv4 M rng a ch v tnh nng dn ng: kch thc a ch IP ln n 128 bo m rng IPv6 s l giao thc Internet lu di. Kh nng m rng ca vic nh tuyn mt-nhiu c ci tin truyn mt cch hiu qu cc ng dng bng thng cao nh video v audio. Tc mng: nhng thay i thc hin trong nh dng a ch gip gim yu cu v bng thng v cho php tng tnh hiu qu v linh hot ca vic nh tuyn v pht tip thng tin. Kh nng bo mt thit k sn: nhng m rng h tr kh nng kim tra tnh hp l, tch hp v bo mt d liu l mt phn ca IPv6. Kh nng gn cc mc u tin cho cc gi thng tin: cc gi thng tin c th c gn nhn c thao tc c bit, chng hn u tin. Gi thng tin v hi m video c th c u tin cao hn gi v mail thng thng.

*******************************************************************

Mt s vn bo mt cho IPv6 (IPv6 Security)

Gii thiu Giao thc mi IPv6 (Internet Protocol version 6) c nhng ci tin ng k, gii quyt nhiu vn tn ti v mt bo mt trong giao thc IPv4 c. Vic tch hp giao thc IPSec (IP security) l bt buc trong IPv6, iu ny khin cho giao thc IPv6 tr nn an ton hn giao thc IPv4 c. Tuy nhin, bn cnh tnh mm do, giao thc IPv6 cng t ra mt s vn bo mt mi. Giao thc IP di dng (Mobile IP protocol) c xy dng trn giao thc IPv6 nhng gii php cho vn bo mt ca giao thc ny vn ang c pht trin. Hn na, tnh nng mm do trong vic cu hnh ng (Stateless Address Auto-Configuration) cng gy ra vn bo mt nghim trng nu nh thit lp cu hnh khng ng. Mc d v mt tng quan, giao thc IPv6 tng cng bo mt cho ton b h thng mng da trn TCP/IP nhng k tn cng vn c kh nng khai thc cc phn khc trong giao thc. Bi vit ny s tp trung vo vi kha cnh c nng cao v mt bo mt ca giao thc IPv6 so vi IPv4 v cc nguy c vn tn ti i vi giao thc IPv6 mi ny.

nh minh ha: pcworld.com Giao thc IP thnh hnh l IPv4 c pht trin t thp k 1970. Giao thc ny c nhiu gii hn v khng gian a ch cp pht v thiu tnh nng bo mt. V vy IETF (Internet Engineering Task Force) pht trin mt phin bn mi khc phc cc khuyt im ca phin bn c

ng thi nng cao hiu sut, tin li trong vic cu hnh, qun tr. Cc ch tiu k thut c bn ca giao thc mi c cp trong nhiu RFC (Request for Comment) nh RFC 2460 [1] (IPv6 Protocol), RFC 4861 [2] (IPv6 Neighbour Discovery), RFC 4862 [3] (IPv6 Stateless Address Auto-Configuration), RFC 4443 [4] (Internet Control Message Protocol for IPv6 (ICMPv6)), RFC 4291 [5] (IPv6 Addressing Architecture), and RFC 4301[6] (Security Architecture for IP or IPsec). IPv6 c coi nh giao thc IP th h sau (next generation IP IPng). C s khc nhau r rt gia cc header ca IPv6 (Hnh 1) v IPv4 (Hnh 2).

Hnh 1: Header ca IPv6

Hnh 2: Header ca IPv4 Mt s tnh nng ci tin tiu biu so vi IPv4 c gii thiu trong IPv6 nh sau: - nh dng header mi - Khng gian a ch ln hn (128 bit so vi 32 bit ca IPv4) - Vic nh a ch v s dng trong h thng nh tuyn c cu trc v hu hiu hn - T ng cu hnh a ch - IP security bt buc - H tr QoS (Quality of Service) tt hn - C giao thc tng tc vi node ln cn (neighbouring node interaction)

- Kh nng m rng T cc tnh nng tiu biu trn, IPv6 ci thin, nng cao bo mt so vi IPv4: Khng gian a ch ln iu ny khin cho k thut qut cng (port scanning) dng bi k tn cng nh l mt cng c tm hiu, thu thp mng tr nn tn km, mt nhiu thi gian hn. c tnh mt khong 10 gi vi bng thng rng c th qut ton b khng gian a ch IPv4 (32 bit) tm cc a ch ang trc tuyn hay ang c s dng. Thi gian dng qut s gia tng ng k khi khng gian a ch m rng t 32 bit sang 128 bit. thc s l mt ro cn vi k tn cng mun thu thp cc a ch trc tuyn bng phng php qut cng. Tuy nhin, khng c s khc v mt k thut qut cng trong hai giao thc IPv6 v IPv4 ngoi tr mt khng gian a ch cn qut qu ln trong IPv6. Cho nn, cc bin php phng chng port scanning trong IPv4 nh lc (filter) a ch ni mng (internal- use address) b nh tuyn ngoi bin hay lc cc dch v khng dng ti cc tng la (firewall) vn tip tc s dng trong mng IPv6. a ch c to m ha (Cryptographically Generated Address) Trong IPv6, c th to mt kha dng lm ch k in t (public signature key) cho mi mt a ch IP. a ch ny c gi l a ch c to m ha CGA (Cryptographically Generated Address) [7]. Tnh nng ny gia tng mc bo v c dng trong c ch pht hin b nh tuyn ln cn (neighbourhood router discovery mechanism) cho php ngi dng cui cung cp bng chng s hu (proof of ownership) a ch IP ca mnh. Tnh nng ny hon ton mi phin bn IPv6 v n em li cc li im sau: - CGA khin cho vic gi mo (spoof) v nh cp a ch trong IPv6 kh khn hn - Cho php cc thng ip c m bo tnh nguyn vn bng ch k in t - Khng yu cu phi nng cp hay thay i h thng mng IP Security IP Security [8] hay ngn gn IP Sec cung cp cc dch v m ha cht lng cao, tng thch vi nhiu h thng v hot ng lp IP (IP layer). IP Sec l ty chn trong IPv4 nhng l bt buc trong IPv6. IP sec tng cng tnh nng bo mt cho lp IP nguyn thy bng cch cung cp tnh nng xc thc (authenticity), tnh nguyn vn (integrity), tnh b mt (confidentiality) v iu khin truy nhp (access control) thng qua vic s dng hai giao thc AH (Authentication header) v ESP (Encapsulating Security Payload). Thay th ARP (Address Resolution Protocol) bng ND (Neighbourhood Discovery) Trong IPv4, a ch lp 2 (L2) khng c rng buc trc tip vi a ch lp 3. Kt ni gia hai a ch L2, L3 ny phi thng qua mt giao thc tn l ARP (address Resolution Protocol). Giao thc ny c nhim v nh x a ch L3 thnh cc a ch L2 cc b tng ng. ARP c nhiu

vn bo mt trong qu kh, nh gi ARP (ARP spoofing) chng hn. Trong IPv6, ARP khng cn thit na bi v phn xc nh giao din ID (Interface Identifier) ca a ch L3 ca IPv6 c suy ra trc tip t L2 ca thit b (MAC address). a ch L3 cng vi phn ID c trng ca thit b c dng phm vi ton cc (global level) trong mng IPv6. Kt qu l cc vn bo mt lin quan n ARP c gii quyt trong IPv6. Giao thc ND c m t trong RFC 4861 [2] (Neighbourhood Discovery) thay th ARP trong IPv6. Cc tn cng IPv4 vn tip tc xy ra ti IPv6 Mc d c nhiu tnh nng bo mt c tng cng, nhng IPv6 khng th gii quyt tt c cc tn ti trong IPv4. Giao thc IPv6 khng th ngn c cc cuc tn cng lp trn lp mng (network layer). Cc cuc tn cng c th l: - Tn cng lp ng dng: cc cuc tn cng lp 7 m hnh OSI nh trn b m (buffer overflow), virus, m c, tn cng ng dng web, - Tn cng brute-force hay d mt khu trong cc m-un xc thc - Thit b gi (rogue device) : cc thit b a vo mng nhng khng c php. Cc thit b ny c th l mt my PC, mt thit b chuyn mch (switch), nh tuyn (router), server DNS, DHCP hay mt thit b truy cp mng khng dy (Wireless access point), - Tn cng t chi dch v: vn tip tc tn ti trong IPv6 - Tn cng s dng quan h x hi (Social Engineering): la ly mt khu, ID,email spamming, phishing, Chuyn tip t IPv4 sang IPv6 C nhiu cng c cho php ng dng IPv4 chy trn mng cung cp dch v IPv6 v ngc li, ng dng IPv6 chy trn mng cung cp dch v IPv4. Tuy nhin, k tn cng c th thc hin vic khai thc l hng ny nu vn bo mt khng c ch trng, xem xt k lng. Nhiu k thut cho php chuyn tip lu lng t hai mng IPv4, IPv6 sang nhau nh 6to4 (nh ngha trong RFC 3056 [9]), Simple Internet Transition (SIT) [10], v IPv6 over UDP (nh l Teredo [11]). Trong cc mng chuyn tip lu lng IPv6 trn IPv4, nhiu tng la cho php lu lng UDP i qua, cho php lu lng IPv6 over UDP xuyn qua tng la m ngi qun tr khng h hay bit. K tn cng c th li dng cc ng hm 6to4 (6to4 tunnel) ln trnh, vt qua h thng pht hin truy nhp tri php IDS (Intrusion Detection System). Vi h thng tng la c ch cho php lc cc lu lng IPv4 m khng c kh nng lc cc lu lng IPv6 v n gin l cho qua tt c cc lu lng IPv6 ny. Do k tn cng cng c th tn dng cc nhc im nu trn tn cng h thng bng vic dng cc gi tin IPv6. i vi vic bo mt ca cc my ch (host security), cn phi nhn thc rng cc ng dng vn tip tc b tn cng, d b tn thng trong mng hn hp IPv4-IPv6 (IPv4-IPv6 mixed

networks). V vy nu lu lng cn thit b chn th lu lng ny nht thit cn b chn trn c hai h thng IPv4 v IPv6 v trn tt c cc thit b bo mt nh tng la, IDS, VPN, etc. Tm li, phin bn mi ca giao thc IP ci tin nhiu tnh nng bo mt. Tuy nhin, IPv6 cng t ra cc vn bo mt mi v cn phi c tip tc nghin cu v hon thin nhm p ng cc p lc gia tng v an ninh, an ton d liu trong khng gian iu khin.