1 / 24

IEEE 802 EC Privacy Recommendation Study Group October 1 st , 2014, Conference Call

IEEE 802 EC Privacy Recommendation Study Group October 1 st , 2014, Conference Call. 2014-10-01 Juan Carlos Zuniga, InterDigital Labs (EC SG Chair ). Wednesday , October 1 st , 2014, 10:00-11:00am EDT WebEX : Meeting Number: 747 061 585 Meeting Password: privecsg

lucas-barnett
Download Presentation

IEEE 802 EC Privacy Recommendation Study Group October 1 st , 2014, Conference Call

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEEE 802 EC Privacy Recommendation Study GroupOctober 1st, 2014, Conference Call 2014-10-01Juan Carlos Zuniga, InterDigital Labs (EC SG Chair)

  2. Wednesday, October 1st, 2014, 10:00-11:00am EDT WebEX: Meeting Number: 747 061 585 Meeting Password: privecsg To join this meeting (also from mobile devices): 1. Go to https://premconf.webex.com/premconf/j.php?MTID=m17cc57d9646de0109b3432d205fd2ecb 2. If requested, enter your name and email address. 3. If a password is required, enter the meeting password: privecsg 4. Click "Join". 5. Follow the instructions that appear on your screen. To view in other time zones or languages, please click the link: https://premconf.webex.com/premconf/j.php?MTID=m5675de0a96840130c93226c1e8f24e9d Teleconference information Show global numbers: https://www.myrcplus.com/cnums.asp?bwebid=8369444&ppc=542167&num=1&num2=1719-867-1571 Attendee access code: 542167 Conference Call Details

  3. All participants in this meeting have certain obligations under the IEEE-SA Patent Policy. Participants [Note: Quoted text excerpted from IEEE-SA Standards Board Bylaws subclause 6.2]: “Shall inform the IEEE (or cause the IEEE to be informed)” of the identity of each “holder of any potential Essential Patent Claims of which they are personally aware” if the claims are owned or controlled by the participant or the entity the participant is from, employed by, or otherwise represents “Personal awareness” means that the participant “is personally aware that the holder may have a potential Essential Patent Claim,” even if the participant is not personally aware of the specific patents or patent claims “Should inform the IEEE (or cause the IEEE to be informed)” of the identity of “any other holders of such potential Essential Patent Claims” (that is, third parties that are not affiliated with the participant, with the participant’s employer, or with anyone else that the participant is from or otherwise represents) The above does not apply if the patent claim is already the subject of an Accepted Letter of Assurance that applies to the proposed standard(s) under consideration by this group Early identification of holders of potential Essential Patent Claims is strongly encouraged No duty to perform a patent search Participants, Patents, and Duty to Inform

  4. All participants should be familiar with their obligations under the IEEE-SA Policies & Procedures for standards development. Patent Policy is stated in these sources: IEEE-SA Standards Boards Bylawshttp://standards.ieee.org/develop/policies/bylaws/sect6-7.html#6 IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/develop/policies/opman/sect6.html#6.3 Material about the patent policy is available at http://standards.ieee.org/about/sasb/patcom/materials.html If you have questions, contact the IEEE-SA Standards Board Patent Committee Administrator at patcom@ieee.org or visit http://standards.ieee.org/about/sasb/patcom/index.html This slide set is available at https://development.standards.ieee.org/myproject/Public/mytools/mob/slideset.ppt Patent Related Links

  5. If anyone in this meeting is personally aware of the holder of any patent claims that are potentially essential to implementation of the proposed standard(s) under consideration by this group and that are not already the subject of an Accepted Letter of Assurance: Either speak up now or Provide the chair of this group with the identity of the holder(s) of any and all such claims as soon as possible or Cause an LOA to be submitted Call for Potentially Essential Patents

  6. Other Guidelines for IEEE WG Meetings All IEEE-SA standards meetings shall be conducted in compliance with all applicable laws, including antitrust and competition laws. • Don’t discuss the interpretation, validity, or essentiality of patents/patent claims. • Don’t discuss specific license rates, terms, or conditions. • Relative costs, including licensing costs of essential patent claims, of different technical approaches may be discussed in standards development meetings. • Technical considerations remain primary focus • Don’t discuss or engage in the fixing of product prices, allocation of customers, or division of sales markets. • Don’t discuss the status or substance of ongoing or threatened litigation. • Don’t be silent if inappropriate topics are discussed … do formally object. --------------------------------------------------------------- See IEEE-SA Standards Board Operations Manual, clause 5.3.10 and “Promoting Competition and Innovation: What You Need to Know about the IEEE Standards Association's Antitrust and Competition Policy” for more details.

  7. Link to IEEE Disclosure of Affiliation http://standards.ieee.org/faqs/affiliationFAQ.html Links to IEEE Antitrust Guidelines http://standards.ieee.org/resources/antitrust-guidelines.pdf Link to IEEE Code of Ethics http://www.ieee.org/web/membership/ethics/code_ethics.html Link to IEEE Patent Policy http://standards.ieee.org/board/pat/pat-slideset.ppt Resources – URLs

  8. Welcome Chair's slides IEEE Slides Call meeting to order Group’s updates Presentations and discussions at IEEE 802 interim meetings IETF-IEEE coordination meeting IETF MAC address randomization trial status Technical Topics Threat Model for Privacy at Link Layer Privacy Issues at Link Layer Proposals regarding functionalities in IEEE 802 protocols to improve Privacy Proposals regarding measuring levels of Privacy on Internet protocols Implications of MAC address changes Other Next Steps Agenda

  9. Business#1 • Call Meeting to Order • Meeting called to order by chair at • Minutes taker • Roll Call

  10. Business#2 • Agenda bashing • Approval of minutes • Reports • Group’s updates • Presentations and discussions at IEEE 802 interim meetings • IETF-IEEE coordination meeting • IETF Trial

  11. Priv Rec EC SG presentation and discussion at 802.1/802.3 Interim meeting in Ottawa, Canada – Sept 9 and 10 Priv Rec EC SG presentation and discussion at IEEE 802 Wireless (802.11, 802.15, 802.22, etc.) meeting in Athens, Greece – week of September 15 Priv Rec EC SG presentation and discussion at IETF-IEEE Exec Coordination meeting in Newark, NJ – Sept 29 IEEE 802 EC Privacy SG - updates

  12. Local MAC address - Claiming protocol without a server Client generates a proposed address and initiates a claim, waits for response and uses address if no conflict detected Proposed address might have a set value for the first 24 bits (CID+Local+U’cast) and a randomly generated value for the other 24 Most suited to small* (~1000 nodes) networks which can operate without a (coordination) server Requires that all nodes receive each other’s traffic (or something in the network can proxy for nodes that don’t receive the claim). Similar protocols exist for IPv6 (RFC 4862) and FCoE (FC-BB-6 VN2VN) IEEE 802.1 - 802c PAR

  13. Certain applications may require tracking an individual (e.g. eHealth location tracking) Recommendation should not prevent these applications from choosing to be tracked Recommended practices document should explain the scenarios in which privacy features should be applicable and should also allow to opt-in in case privacy is not a concern Besides identifiers, other privacy features could still be applicable Message size, message sequence, use of authentication and encryption, etc. IEEE 802.15 – Should allow to opt-in for tracking

  14. MAC addresses used also on backhaul to maintain user’s context across multiple APs Keeping MAC address constant for the duration of a session should mitigate AP association and backhauling issues Note: Need to clearly define what is a session, as it could be interpreted differently depending on the context IEEE 802.11 – Implications of MAC address changes on Wi-Fi backhaul network

  15. Apparently applicable to fixed device (i.e. base station), need to clarify further Could be only needed for the IETF PAWS protocol, in which case it is out-of-scope for IEEE 802 IEEE 802.22 – FCC requirement to disclose WS user’s identity

  16. Key generation binding with MAC address Should maintain MAC address for duration of session Compile and share results from trial Identify key statistics that should be gathered during trial IEEE 802.21 – Use of AAA in network trial

  17. Identifiers in IoT may not relate to an individual Must clearly define which devices should take into account which Privacy recommendations Other privacy considerations may still be relevant, such as packet size, packet sequence, etc. IEEE 802.24 – Applicability of Privacy Recommendations to fixed devices

  18. Trial setup (VPN, SSID, announcement, wiki page) Implications of MAC address randomization on IETF protocols (i.e. Higher layers) Recommended practices should take into account functionalities in other layers Threat model to be developed jointly by IETF and IEEE 802 IETF-IEEE802 Exec Meeting – Coordination

  19. Trial setup @ IETF Venue Different SSID (e.g. ietf_Trial_RandMACadd), to be advertised Separate VLAN, DHCP, Switching and AAA infrastructure Use only 2.4 GHz infrastructure (b/g/n) Different credentials needed to join this network Credentials and Wiki Sign-in page (to keep track of # people, # devices, types of clients, etc.) Require participants to use specific MACadd tools and setup a DHCP client name/ID per user – to debug and find out potential issues Client Should follow expected 802.1 rules for MAC address generation Should keep track of MAC addresses being used – could help in case of collision or other issues Should setup DHCP client name DHCP server Very small lease time for this VLAN (Later on, a special rule could be added for MACs with local bit set) Trial at IETF meeting

  20. Statistics to be collected Network # associations in this SSID DHCP logs (MAC, DHCP client ID, time/date) DHCP pool size in time Switch table size in time AAA logs Client MAC address usage log DHCP client name/ID Other? Protocol Implications of MAC address changes

  21. Wiki page to register participating users Define a set of supplicant clients which can: Generate a MAC address within the local domain, with the unicast bit set Maintain the CID (OUI) part of the original address intact Keep a log of used MAC addresses (association/probe?) Ask users to setup DHCP client name/ID and register it in the Wiki page MAC address trial - client requirements

  22. Business#3 • Technical presentations

  23. Business#4 • Next steps • Continue call for proposals to discuss technical topics • Threat Model for Privacy at Link Layer • Privacy Issues at Link Layer • Proposals regarding functionalities in IEEE 802 protocols to improve Privacy • Proposals regarding measuring levels of Privacy on Internet protocols • Implications of MAC address changes • Other… • Discuss the need and scope of a recommended practices document applicable to IEEE 802 protocols

  24. Business#4 • Upcoming meetings • 22 October 2014 (10:00 AM ET), Teleconference • November 2-7, 2014, IEEE 802 Plenary meeting in San Antonio, TX, USA • 2 Evening slots – Tuesday and Thursday • 802 EC plenary – Report SG’s update and request EC for renewal • (other teleconferences TBD - if SG is renewed) • (March 8-13, 2015, IEEE 802 Plenary meeting in Berlin, Germany - if SG is renewed) • AOB • Meeting adjourned at

More Related