Posted: 06 Oct 2008 07:00 AM CDT
Most internet users will be unaware and unconcerned by the computer science and technology that underpins their daily web surfing, emails, chats, and Twitter updates. But, there are, of course, thousands of incredibly bright people working behind the scenes to make the internet work. One aspect of the backroom work that goes on, is the development of the software systems that carry the packets of information across the internet, whether that’s to open a web page in your browser, connect your net phone to a friend across the ocean, or trap spam on its way to your inbox.
At the moment, the internet is mainly running on a system known as Internet Protocol version 4, or IPv4. Version 4 was first mooted in 1981, years before the Web was invented and certainly long before broadband, Youtube, MySpace and VoIP entered the public consciousness. What IPv4 does is to try and deliver the packets of information across a network. It’s imperfect, because it doesn’t ensure the packets are delivered in the right order, or even that they are delivered at all. In fact, it is known technically as a “best effort” protocol. As such, IPv4 requires another layer over the top of it that makes sure all packets are delivered and sorts them into the correct order before they are used to render a web page, download an email, or Tweet that Plurk.
Another disadvantage of IPv4 is that it can handle a mere 232 addresses. That may seem like a huge number, but work it out and it actually only comes to well over four billion. However, with billions more people on the planet, millions of organisations, collectives and companies, one can see that 232 is rather a small number if everyone wants an internet address.
However, while IPv4 has been in place for decades and IPv6 is not even quite fully packaged up and ready for delivery,researchers are already spotting security flaws in IPv6. Writing in the International Journal of Internet Protocol Technology, a team in New Zealand has highlighted several security issues that developers and device users may face once IPv6 goes online, particularly across the mobile internet. With every third person using a Blackberry, an iPhone, A Google Android phone or similar, mobile security will soon rise to the top of the agenda for hackers, crackers, and those who seek to defeat them.
Michael Dürr and Ray Hunt of the Department of Computer Science and Software Engineering, at the University of Canterbury, in Christchurch, New Zealand, explain that in parallel with the design and development of IPv6, run several protocol extensions for mobile support, which are labelled MIPv6.
Over the last decade, access network technologies available to connect stationary as well as mobile devices to the internet have reached a remarkable diversity. Wireless systems such as Bluetooth, 802.11x, GSM, UMTS and WiMAX have shown very significant development and each individually can provide reasonable internet connectivity with more or less acceptable data rates.
However, the different characteristics of each technology means that an overarching MIPv6 to unite them all in a way that is transparent to users is now needed. Sciencetext has previously covered the issue of connecting 3G devices to wi-fi networks for instance. Such unity in always-on connectivity across disparate, interwoven networks, brings new security challenges not yet addressed by the underlying protocols. The various insecurities all boil down to attacker Charlie eavesdropping on Alice and Bob, sabotaging their connection, changing the information being sent between Alice and Bob, or causing a denial of service to prevent Alice and Bob communicating at all. The various insecurities fall into the following categories all of which are technically feasible with the current state of MIPv6:
Some threats will remain too expensive for the cyber-saboteur to consider, but intrinsically, “IPv6 cannot guarantee overall security due to its inherent architectural characteristics,” the researchers explain:
IPv6 (as well as its predecessor, IPv4) are based on a routing infrastructure, that must be trusted. The protocol itself can only be regarded as secure as the routing infrastructure constituting the internet.
By highlighting the insecurities of MIPv6, the researchers hope to provide insights into how risks and potential attacks could be limited. “Some security risks can only be mitigated, but not completely removed,” they say.
Michael Durr, Ray Hunt (2008). An analysis of security threats to mobile IPv6 International Journal of Internet Protocol Technology, 3 (2) DOI: 10.1504/IJIPT.2008.020468
*3.4×1038 is the number 34 followed by 37 zeroes: 340,000,000,000,000,000,000,000,000,000,000,000,000 (340 billion, billion, billion, billion)
Posted: 06 Oct 2008 04:34 AM CDT
This year the Nobel committee has awarded the Prize for Physiology or Medicine to Harald zur Hausen for his discovery of human papilloma viruses (HPV) causing cervical cancer and to Françoise Barré-Sinoussi and Luc Montagnier for their discovery of human immunodeficiency virus (HIV). The announcement was made via the Nobel organisation’s Twitter page and on their site.
zur Hausen (born 1936) works at the German Cancer Research Centre Heidelberg. Barré-Sinoussi (born 1947) is at the Regulation of Retroviral Infections Unit, Virology Department, Institut Pasteur Paris, France and Montagnier (born 1932) is at the World Foundation for AIDS Research and Prevention also in Paris. The full press release for the announcement of the Medicine Prize is here.
You can get up to the minute alerts on the chemistry, physics, and other Nobels announced later this week via the Nobel site and their new alerting systems with SMS, RSS, Twitter and more (thanks to new publicity guy and friend of Sciencebase Simon Frantz and his colleagues).
Physics is announced October 7 (dark energy/dark matter perhaps?), Chemistry (another aspect of biology, no doubt) October 8, Literature on Thursday, we give Peace a chance on Friday, finally the Economics Prize on Monday 13th (hopefully it won’t go to a merchant banker, given the state of the global economy at the moment). You can get a list of past winners of the Nobel Prize for Medicine here.
|You are subscribed to email updates from The Science Network |
To stop receiving these emails, you may unsubscribe now.
|Email Delivery powered by FeedBurner|
|Inbox too full? Subscribe to the feed version of The Science Network in a feed reader.|
|If you prefer to unsubscribe via postal mail, write to: The Science Network, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610|