The move to IPv6 and taking the next step with PeerTLS via blockchain

While many people still consider IPv6 as an up-and-coming technology, it is already being used across the world by billions of people. Most advanced countries today now have over 50% of Internet traffic going over IPv6, and in the United States 95% or more of wireless carriers already support the protocol, says Lawrence Hughes, Senior Software Engineer of Cybersecurity at Abbott.

Before his role at Abbot, Hughes was the co-founder/CEO of Sixscape Communications. He is also the author of the recently released book Third Generation Internet Revealed: Reinventing Computer Networks with IPv6 1st ed. Edition.

Speaking at the recent IEEE 5th Future Networks World Forum in Montreal, Hughes noted that 41% of all connections to Google from the entire world are over IPv6 and that many people are using it every day on their phones without even realising it.

‘This is a true generational change. Like going from ARPANet to IPv4 in 1983,’ he said.

The importance of PeerTLS

‘IPv6 has 128-bit addresses which provide trillions of public addresses. This allows every node in the world (even phones) to have a globally unique public IP address which means it can accept incoming connections from any other node – assuming no firewalls block it,’ said Hughes.

‘You can now run servers on any nodes, including phones, or make end-to-end connections directly from my node to yours – no intermediary server required, as is required with IPv4 and NAT. With PeerTLS, we can now establish secure connections directly between any two nodes on the Internet, for example from my phone directly to yours.’

With PeerTLS, both nodes use a client certificate that identifies a person or device instead of a node – as is the case with a server certificate.

First, PeerTLS can provide true end-to-end encryption. There is no intermediary node where traffic will be in plaintext. Second, it can provide certificate-based mutual strong authentication, so both parties know for certain who the other party is.

This is not possible with traditional TLS, especially when multiple links are involved. This also allows very strong whitelisting and blacklisting that can be enforced during the TLS handshake.

Intermediary servers break TLS

Hughes explained that TLS works ok if there is only a single connection between the two ends. This is not necessarily problematic on the web where all connections are only one link (from browser to server).

‘With email, FTP, and most other protocols with intermediary nodes, we each connect to the server, and each of these connections can be secured with TLS, but there is no way for TLS to secure a path all the way from me to you. With email, there may be multiple intermediary servers between us.’

With direct end-to-end connections over IPv6 there is only one link between users for email, file transfer, chat and even VoIP, Hughes explained.

‘Everyone has a client and everyone has a personal server. My client connects directly to your server. Your server is running on your node, so you don’t have to retrieve my message from an intermediary server. It’s already on your node.

‘TLS can secure that one link easily. This is true edge computing or decentralised messaging. We no longer need intermediary servers, except maybe for delayed messages or group chats. This is also very difficult for anybody to snoop on. Especially if it is encrypted end-to-end. Most interception takes place on intermediary servers.’

A perfect fit for IoT and Blockchain

IoT devices often need to communicate with one another as peers, ideally not through some intermediary node. With IPv6 and PeerTLS, they can not only do this but do it with true end-to-end encryption and strong mutual authentication, Hughes said.

‘Likewise, in blockchain-based systems, there is a need for nodes to exchange information with each other as peers. Today that must be via intermediary servers which break TLS and introduce unnecessary vulnerabilities. With PeerTLS they can communicate directly with each other as peers in a highly secure manner. Of course, every node will need IPv6.’