Advanced Addressing Scheme Securely Connects Billions of Devices and Things
Digitization and automation is now a familiar feature in many homes. Mobile connectivity is not just for phones anymore. Today, we have lots of things that generate data or environments that we want to control (locally or remotely). And our access point for control is not limited to our smartphones – televisions, tablets, smartwatches, health monitors and even kitchen appliances can all serve as “digital control points.” Ubiquitous connectivity and control are fundamental elements of the Internet of Things (IoT) value proposition. The challenge of delivering seamless user experiences through communications between all of our devices and things that we want to control is becoming more broad and complex. According to the 2017 Cisco Mobile Visual Networking Index (VNI), there will be nearly 12 billion global mobile-connected devices and machine-to-machine (M2M) connections by 2021, approximately 1.5 per capita. Globally, mobile networks will support about 4 billion new mobile-connected devices and connections from 2016 to 2021.
The chart above indicates that nearly a third of all mobile devices and connections (about 3.3 billion) will be some form of M2M by 2021, However, the full vision and potential of IoT can only be realized if real-time information is transmitted securely to a wide variety of users and things. IPv6 is a key enabling component of of this aspirational networking goal. Service providers around the world understand the fundamental importance of IPv6 and the inherent innovation possibilities that it it can unlock. Service Providers like Comcast see IPv6 as much more than just a more scalable addressing scheme.
“The interesting thing with IPv6 is that we’re going to rethink how address space is used,” said Kevin McElearney, SVP of network engineering for Comcast. “Right now, everybody thinks that IP addresses are devices, but if the Internet of Things is really the Internet of virtual things then every device could have 100 or 1,000 addresses so it’s going to get interesting if you want to start addressing things like blocks of storage, application calls, or services.”
The Cisco Mobile Visual Networking Index (VNI) forecasts that globally, there will be 8.4 Billion IPv6-capable devices/connections by 2021, up from 3.4 Billion in 2016.
Here’s specifically how IPv6 addresses the three primary characteristics for successful IoT growth:
Real time information: One of the key metrics to evaluate the quality of information is whether it can be acted upon in a timely fashion. ‘Real time actionable information’ can be life-saving, be it the multitude of wearable health monitoring devices monitoring a patient’s health vitals or communication devices that enable pilot and air-traffic control communication. IPv6 enables faster communication by eliminating significant administrative overhead that exists in the IPv4 networks today – faster packet processing through elimination of IP checksums, faster routing through elimination of multi-layered routing and shorter routing tables and bandwidth efficiency through multi-casting in place of broadcasting, to name a few.
Security: While there are significant technological benefits that IPV6 provides in enabling IoT, one of the key benefits is the processing and transport of information in a secure fashion. IPSec, which provides end-to-end confidentiality, authentication and data integrity, is already present in IPv6. What that means is from the point where the data originates to its point of destination the data is secured and encrypted thus reducing cyber attacks where data can be hacked during transit.
User Adoption: With the plethora of devices and things that users are surrounded with, the key component of user adoption is ‘ease of setup’ and ‘ease of use’. Users now expect devices to come without extensive product manuals and work upon first power-on as soon as they remove it from the box. IPv6 offers this ‘out of the box’ experience through static IP addresses for each device or M2M connection, which eliminates the need for extensive manual configuration to connect new digital devices or things to a network. IPv6 connections can be pre-configured for first-time use, thus enabling and simplifying IoT.
So, even though the initial value of the IPv6 protocol was seen as a solution the acute IP address shortage, we now know that it delivers much more than just scalability. IPv6 can also help service providers build larger, more efficient networks with greater mobile connectivity and interoperability (especially for IoT). These networking transformations can support greater business innovations and revenue generation opportunities for service providers.
Interesting article. I have been to many conferences where the IoT has been touted, and seen some excellent examples of its use in the “wild”
I am wondering though if you would be able to address some issues I am thinking about in the security domain.
a)don’t need NAT for IPv6 we will have direct addressing of our IoT devices ie they will be in some cases directly connected to the internet.
b) there are also numerous sites that publish default passwords of IoT devices.
c) there are a large no of IPv6 addresses making spoofing so much easier.
Hi Peter, Thanks so much. All very good questions. Yes, no NATs will be needed with a complete IPv6 deployment and that will enable devices to connect directly to the internet. NATs are not responsible for security though. There is a nice blog on the Internet Society which talks about NAT, IPv6 and security as well. And yes, IPv6 has a few gaps and cannot prevent attacks on layers above the network layer in the network protocol stack which include brute -force attacks and password guessing attacks on authentication modules. Spoofing IPv6 addresses is as easy as spoofing IPv4 addresses (assuming that IPsec Authentication Header [AH] is not used in either of the protocol families). The mitigation technique is also identical: bogon filters (dropping obviously wrong source/destination addresses) and unicast reverse path forwarding checks. As the address space of IPv6 is larger, a purely random source address has a small probability of having a recognized prefix and hence a high probability of being dropped by the first router. While I don’t consider myself a security expert, you can visit Cisco Security Solutions for Service Providers to see the companies full portfolio of solutions. For further information, you can watch Cisco security experts on the public Security and IoT webinar.
In response to Kevin McElearney quote, maybe we shouldn’t be using IP addresses to address virtual things. Maybe it is time to think this through and come up with a IoT layer that addresses devices as UUIDs or equivalents.
Hi Gregg, That’s an interesting perspective. Individual service providers may have unique or different strategies based on the types IoT applications they are delivering and the number of M2M modules that need to be securely connected. This also may be a good discussion to bring up at various IPv6 forums like http://www.nav6tf.org, http://www.ipv6tf.org, http://www.ipv6forum.com, http://www.worldipv6launch.org
Comments are closed.