IoT Bricks over v6

Understanding IPv6 Usages in Smart Homes

Tianrui Hu, Daniel J. Dubois, David Choffnes
Background
Percentage of users that access Google over IPv6

2
https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption
Background

IPv6 ready

https://en.wikipedia.org/wiki/Comparison_of_IPv6_
support_in_operating_systems 3
Background

IPv6 ready

IPv6 not ready

Nintendo Switch OS https://en.wikipedia.org/wiki/Comparison_of_IPv6_
support_in_operating_systems 3
 Background

Most general purpose computing and networking consumer devices: IPv6 ready

4
Icons by Freepik, Flaticon, Icons8
 Background

Household penetration rate Internet-enabled smart home

(Excluding smart TVs)

US: 52.4%
EU: 24.9%
Worldwide: 18.9%

Data source: Statista

5
 Background

Household penetration rate Internet-enabled smart home

(Excluding smart TVs)

US: 52.4% IPv6 provides improved

EU: 24.9% remote access
Worldwide: 18.9%

Data source: Statista

5
 Background

Household penetration rate Internet-enabled smart home

(Excluding smart TVs)

US: 52.4% IPv6 provides improved

EU: 24.9% remote access
Worldwide: 18.9%

Data source: Statista

(How) do smart home IoT devices use IPv6

5
Research Questions

Goal 1: Are consumer IoT devices ready for IPv6?

- If not, why?

- To what extent are IPv6 features supported?

- What IP version do IoT devices prefer in a dual-stack network?

Goal 2: What are the privacy and security implications?

6
 Methodology

Testbed:
93 IP-based devices from 7 categories and 45 manufacturers

7
 Methodology

Testbed: Experiments: 6 different settings

93 IP-based devices from 7 categories and 45 manufacturers
● IPv4-only
● IPv6-only (3 configurations)
● Dual-stack (2 configurations)

7
 Methodology
Check out our paper for more details on methodology

Testbed: Experiments: 6 different settings

93 IP-based devices from 7 categories and 45 manufacturers
● IPv4-only
● IPv6-only (3 configurations)
● Dual-stack (2 configurations)

7
 Methodology
Check out our paper for more details on methodology

Testbed: Experiments: 6 different settings

93 IP-based devices from 7 categories and 45 manufacturers
● IPv4-only
● IPv6-only (3 configurations)
● Dual-stack (2 configurations)

Functionality Test:
Check if primary function operates as expected

7
 Methodology
Check out our paper for more details on methodology

Testbed: Experiments: 6 different settings

93 IP-based devices from 7 categories and 45 manufacturers
● IPv4-only
● IPv6-only (3 configurations)
● Dual-stack (2 configurations)

Functionality Test:
Check if primary function operates as expected

● Toggling device state via the

companion app (e.g., on/off and
open/close)
● Streaming YouTube on TVs
● etc.

7
Results

8
Are consumer IoT devices ready for IPv6?

IPv6-only experiments

- 93 devices

9
Are consumer IoT devices ready for IPv6?

No*

IPv6-only experiments

- 93 devices

- 8 functional in IPv6-only network

10
To what extent are IPv6 feature supported?

IPv6-only experiments

- 93 devices

- 59 have IPv6 traffic

- 8 functional in IPv6-only network

11
To what extent are IPv6 feature supported?

IPv6-only experiments

- 93 devices

- 59 have IPv6 traffic

- 51 assign an IPv6 address

- 8 functional in IPv6-only network

12
To what extent are IPv6 feature supported?

IPv6-only experiments

- 93 devices

- 59 have IPv6 traffic

- 51 assign an IPv6 address

- 22 query DNS in IPv6

- 8 functional in IPv6-only network

13
To what extent are IPv6 feature supported?

IPv6-only experiments

- 93 devices

- 59 have IPv6 traffic

- 51 assign an IPv6 address

- 22 query DNS in IPv6

- 19 send data to IPv6 Internet destination

- 8 functional in IPv6-only network

14
To what extent are IPv6 feature supported?

IPv6-only experiments

- 93 devices - 34 devices no IPv6 support at all

- 59 have IPv6 traffic - 8 have IPv6 traffic but no address assigned

- 51 assign an IPv6 address - 29 assign an IPv6 address but no IPv6 DNS

- 22 query DNS in IPv6 - 3 query DNS in IPv6 but no data over IPv6

- 19 send data to IPv6 Internet destination - 11 send data to IPv6 Internet destinations but

- 8 functional in IPv6-only network remain non-functional

Why
15
Cases on incomplete support

● 11 support all IPv6 features but remain non-functional in IPv6-only networks

16
Cases on incomplete support

● 11 support all IPv6 features but remain non-functional in IPv6-only networks

Reliance on IPv4-only domains - essential for the functionality

16
Cases on incomplete support

● 11 support all IPv6 features but remain non-functional in IPv6-only networks

Reliance on IPv4-only domains - essential for the functionality

Failure to provide (server) and/or use (client) IPv6 DNS AAAA entries

16
Cases on incomplete support

17
Cases on incomplete support

● DNS client is not fully ready for IPv6

○ In IPv6 networks: 19 devices → A only DNS, no AAAA

— Incomplete AAAA support

17
Cases on incomplete support

● DNS client is not fully ready for IPv6

○ In IPv6 networks: 19 devices → A only DNS, no AAAA

— Incomplete AAAA support

○ In dual-stack networks: 33 devices → AAAA DNS via IPv4 not IPv6

— AAAA support, but not in IPv6

17
Cases on incomplete support

● DNS client is not fully ready for IPv6

○ In IPv6 networks: 19 devices → A only DNS, no AAAA

— Incomplete AAAA support

○ In dual-stack networks: 33 devices → AAAA DNS via IPv4 not IPv6

— AAAA support, but not in IPv6

● DNS server is not fully ready for IPv6

○ Active DNS AAAA queries:

■ 8 functional devices: 73% of destinations AAAA available

■ 85 non-functional devices: 31.1% of destinations AAAA available

17
Cases on incomplete support

● 29 devices with IPv6 address do not send any DNS in IPv6

18
Cases on incomplete support

● 29 devices with IPv6 address do not send any DNS in IPv6

Lack of IPv6 Global Unique Address - They use IPv6 local addresses for HomeKit, Matter, etc.

18
Functional vs Non-functional Devices

- Google Home Mini

- Google Nest Mini
- Chromecast Google TV
- Nest Hub Max
- Nest Hub
- Meta Portal Mini
- Apple TV
- Tivo Stream

19
Functional vs Non-functional Devices

Manufacturer has a significant impact on IPv6 support

- Google Home Mini

- Google Nest Mini
- Chromecast Google TV
- Nest Hub Max
- Nest Hub
- Meta Portal Mini
- Apple TV
- Tivo Stream

19
Functional vs Non-functional Devices

Manufacturer has a significant impact on IPv6 support

- Google Home Mini

- Google Nest Mini
- Chromecast Google TV
- Nest Hub Max
- Nest Hub
- Meta Portal Mini
- Apple TV
- Tivo Stream

19
Functional vs Non-functional Devices

Manufacturer has a significant impact on IPv6 support

- Google Home Mini

- Google Nest Mini
- Chromecast Google TV
- Nest Hub Max
- Nest Hub
- Meta Portal Mini
- Apple TV
- Tivo Stream

19
Functional vs Non-functional Devices

Manufacturer has a significant impact on IPv6 support

- Google Home Mini

- Google Nest Mini
- Chromecast Google TV
- Nest Hub Max
- Nest Hub
- Meta Portal Mini
- Apple TV
- Tivo Stream

Device Category has a significant impact on IPv6 support

Smart TVs, Speakers, Gateways >> Home Automation, Health, Camera, Appliance

20
Functional vs Non-functional Devices

Manufacturer has a significant impact on IPv6 support

- Google Home Mini - Android-based

- Google Nest Mini - Android-based
- Chromecast Google TV - Android-based
- Nest Hub Max - Google Fuchsia OS
- Nest Hub - Google Fuchsia OS
- Meta Portal Mini - Android-based
- Apple TV - Apple tvOS
- Tivo Stream - Android-based

Device Category has a significant impact on IPv6 support OS/software stack

Smart TVs, Speakers, Gateways >> Home Automation, Health, Camera, Appliance

20
Research Questions

Goal 1: Are consumer IoT devices ready for IPv6?

- If not, why?

- To what extent are IPv6 features supported?

- What IP version do IoT devices prefer in a dual-stack network?

Goal 2: What are the privacy and security implications?

21
What IP version do IoT devices prefer in a dual-stack network?

In dual-stack networks:

● 2.8% of domains use IPv4-only despite receiving valid AAAA records

● 11.2% domains from IPv6-only experiments fully switch to IPv4 when available

[RFC 6724] recommends prioritizing IPv6 over IPv4 - not the case for smart homes

22
Research Questions

Goal 1: Are consumer IoT devices ready for IPv6?

- If not, why?

- To what extent are IPv6 features supported?

- What IP version do IoT devices prefer in a dual-stack network?

Goal 2: What are the privacy and security implications?

23
What are the privacy and security implications?

Background on IPv6 self-assignment:

IPv6 Addressing [RFC 4291 - 2006]

48-bit MAC address

(stable, unique, traceable)

24
What are the privacy and security implications?

Background on IPv6 self-assignment:

IPv6 Addressing [RFC 4291 - 2006]

48-bit MAC address

(stable, unique, traceable)

2001:FFFF:FFFF:FFFF : 6e56:97ff:fe35:39f4 ← Tracking ID

24
What are the privacy and security implications?

Background on IPv6 self-assignment:

IPv6 Addressing [RFC 4291 - 2006]

48-bit MAC address

(stable, unique, traceable)

2001:FFFF:FFFF:FFFF : 6e56:97ff:fe35:39f4 ← Tracking ID

Latest RFCs: SHOULD NOT do this

● Alissa Cooper, Fernando Gont, and Dave Thaler. 2016. Security and Privacy Considerations for IPv6
Address Generation Mechanisms. RFC 7721. https: //doi.org/10.17487/RFC7721
● Saidi, Said Jawad, Oliver Gasser, and Georgios Smaragdakis. "One bad apple can spoil your IPv6 24
privacy." ACM SIGCOMM Computer Communication Review 52.2 (2022): 10-19.
What are the privacy and security implications?

Analysis of traceable EUI-64 addresses in IoT devices:

● 8 devices use them for DNS requests

● 5 devices use them for data communication with 27 destination domains

25
What are the privacy and security implications?

Analysis of traceable EUI-64 addresses in IoT devices:

● 8 devices use them for DNS requests

● 5 devices use them for data communication with 27 destination domains

Classify based on the owner of the domains

An analytic service
First Party Support Party Third Party

25
What are the privacy and security implications?

Analysis of traceable EUI-64 addresses in IoT devices:

● 8 devices use them for DNS requests

● 5 devices use them for data communication with 27 destination domains

Classify based on the owner of the domains

An analytic service
First Party Support Party Third Party

Disclosure: Google, Amazon, Samsung acknowledged our findings

25
What We Learned

26
Discussion
●

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

○ IPv4 still meets the connectivity needs

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

○ IPv4 still meets the connectivity needs

○ Interoperability issues & privacy and security considerations

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

○ IPv4 still meets the connectivity needs

○ Interoperability issues & privacy and security considerations

● Need joint efforts from stakeholders

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

○ IPv4 still meets the connectivity needs

○ Interoperability issues & privacy and security considerations

● Need joint efforts from stakeholders

● Policymakers and standards bodies: incentives for consumer IoT vendors to improve IPv6 support

27
Discussion
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6

● Lack of incentives

○ Device vendors, network providers, and network administrators all must develop and
maintain IPv6 support (software, DNS, server, etc.)

○ IPv4 still meets the connectivity needs

○ Interoperability issues & privacy and security considerations

● Need joint efforts from stakeholders

● Policymakers and standards bodies: incentives for consumer IoT vendors to improve IPv6 support

● New Local IPv6-based Standards: Matter – not the solution but a first step
27
Our Research Overview

28
Our Smart Home IoT Measurement Research over 7 years

120+ smart home devices

All network traffic collected

Automated controlled testing

on IoT companion app

29
Our Smart Home IoT Measurement Research over 7 years

120+ smart home devices ● 12 publications

All network traffic collected ● Public network datasets
● Public software
○ Testbed
○ etc.
● Remotely accessible IoT testbed:
under construction now
○ See https://sphere-
project.net/ for more details
● Collaboration with EU labs and
California labs: GDPR, CCAP

Automated controlled testing

on IoT companion app Open to more collaboration!

29
Thank you!
● Smart home is NOT fully ready for IPv6 – IoT Bricks over v6
● Lack of incentives
● Need joint efforts from all stakeholders
● Create incentives

Our papers, datasets, code available here:

https://moniotrlab.khoury.northeastern.edu

Northeastern University Mon(IoT)r Research Group:

[email protected]

Tianrui Hu: [email protected]

https://www.linkedin.com/in/hutr96/

30