Could IPv6 improve network security? And, if so, at what cost?

Abstract

Industry stakeholders and Internet experts generally agree that IPv6-based networks in many ways would be technically superior to IPv4-based networks. The redesigned header structure in IPv6, including new flow labels, and the enhanced capabilities of the new protocol could provide significant security benefits to Internet users, network administrators, and applications developers. However, there is disagreement about the characteristics and timing of the potential security benefits associated with IPv6. Some experts believe that widespread IPv6 adoption could spur increased research and development of and interest in transitioning to a new network security model, in which techniques such as Internet Protocol Security (IPSec) could be more commonly and effectively used. However, the costs of a transition to IPv6 could be substantial, and the benefits are still rather speculative. Further, there is uncertainty about whether and to what extent IPv6 adoption will occur. This paper investigates the question of whether IPv6 could help improve computer network security and, if so, at what cost. Based on a study conducted for the Department of Commerce IPv6 Task Force, our paper provides a qualitative assessment of the potential security effects of a transition to IPv6, as well as a quantitative analysis of the likely costs of IPv6 adoption to be borne by users, Internet service providers, and vendors in the United States. The results of our analysis should be useful to both industry and government in decisions related to investments in network security and IPv6