Has China stolen a march on the West, developing an Internet architecture that is not only based on IPv6, but is also inherently secure from both internal and external attack?
According to Info Security Magazine, "China's next-generation Internet is streets ahead of the West," while New Scientist says "China's next-generation Internet is a world beater." Both headlines are in response to a paper authored by China's top Internet architects and published last month in the Philosophical Transactions of the UK's Royal Society.
That paper was part of a Royal Society forum "Web science: A new frontier." It detailed implementations of next-generation architecture networks on a national scale, working out practical solutions to these problems -- which other papers addressed in abstract and academic terms.
China already has a native IPv6 backbone network up and running nationwide, connecting 22 cities. Most Chinese ISPs have their own IPv6 backbone networks, and these networks are building and trialling new applications not possible on IPv4. Apps include high-performance HDTV program access, a home gateway for controlling household appliances, and intelligent traffic management offering real-time traffic data acquisition. (What would the FBI give for that?)
In addition, the national backbone network, CNGI-CERNET2, uses an organic security architecture, Source Address Validation Architecture (SAVA), which eliminates spoofing and enables tracking of malicious activity.
Before anyone hits the panic button, these are all research and development implementations. The authors of the paper emphasized that implementation of large-scale pure IPv6 networks is still "a major global challenge." The Great Wall of China once protected the nation against intruders. Its newest Internet is reported to be impenetrable from current internal and external attacks.
(Source: jrover / Flickr)
At the same time, it is difficult to assess the status of the US and Europe in their road to IPv6 implementation. Part of the difference may be that, as the authors point out, US and European IPv6 and future Internet projects -- such as the National Science Foundation FIND (Future Internet Design) and Geni (Global Environment for Network Innovation) -- are taking a clean slate approach, inventing and building a completely new Internet from scratch.
China, on the other hand, opted for a "persevere with evolution and innovate" approach. The nation can also leverage centralized control to produce focused design and development, backed by strong central mandate.
The US approach is obviously different, and for the moment appears haphazard. Although the US government mandated that all departments must be IPv6-capable by September 2012, the success rate was low. Some departments felt they didn't have the technical capacity and didn't try, while others treated it as another "unfunded mandate." Of those that did make the effort, many stumbled over the technical difficulties involved.
These arise from the fact that IPv4 and IPv6 are incompatible, which means that dual protocol stack systems will be the order of the day for the foreseeable future. Unfortunately, these are both expensive and insecure, as the authors of the Chinese paper emphasized.
In addition to the technical difficulties, some agencies held an attitude of "we'll wait until we have to," described by Internet co-creator Vint Cerf as "understandable but inexcusable."
Given the increased intensity in US/China relations, IPv6 implementation is likely to become more than a race to market for bragging rights and a few extra dollars. Attitudes will change and demand will accelerate responses in the US. The pace of adoption will probably accelerate exponentially. In China, danger will be any potential loss of momentum in central direction will dilute as distance from Beijing increases. This could leave some of the nation's newfound Internet strength vulnerable in world markets.
However, if the Chinese government can implement its Source Address Validation architecture successfully and unilaterally at a national level, it could have serious and far-reaching repercussions. Since SAV is organic and an inherent part of Internet design, it will automatically cut off any traffic not validated to the same standard -- i.e., the rest of the Internet -- unless the government chooses to allow it. In other words: ultimate censorship.
It would also mean China became virtually invulnerable to current methods of cyberattack, a rather large advantage in any overt or covert cyber hostilities.
— George Taylor worked in IT in both the public and private sectors for more than 20 years. He is a Subject of the Crown.