1 / 12

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-06.txt

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-06.txt. Ying Qiu, Fan Zhao, Rajeev Koodli. Outline. Updates in Ver06 Message formats: to be added to Ver07 Comments. Updates in Ver06. CN processing

byrd
Download Presentation

Mobile IPv6 Location Privacy Solutions UPDATE draft-irtf-mobopts-location-privacy-solutions-06.txt

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile IPv6 Location Privacy SolutionsUPDATEdraft-irtf-mobopts-location-privacy-solutions-06.txt Ying Qiu, Fan Zhao, Rajeev Koodli

  2. Outline • Updates in Ver06 • Message formats: to be added to Ver07 • Comments Mobopts, IETF70, Vancouver

  3. Updates in Ver06 • CN processing • privacy keygen token = First (64, HMAC(Kcn, (home address set to all zeros | nonce | 2))) • privacy keygen token = First (64, HMAC_SHA1 (Kcn, (Home Init Cookie | nonce | 2)))

  4. Message formats: to be added to Ver07 • Using the RR signaling to generate pHoA Home Test Init Message: add one ‘P’ bit +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Home Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P = 1: CN generates the privacy keygen token: privacy keygen token = First (64, HMAC_SHA1 (Kcn, (Home Init Cookie | nonce | 2))) P = 0: RFC 3775

  5. Message formats: to be added to Ver07 • Using the RR signaling to generate pHoA Home Test Message: no format change to the payload of Home Keygen Token +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Home Nonce Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + Home Init Cookie + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + (Home Keygen Token) Privacy Keygen Token + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . Mobility options . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  6. Message formats: to be added to Ver07 Using the RR signaling to generate pHoA Binding Update Message (MN -> CN): a new Mobility Option (IANA approval) or a new ‘P’ bit sufficient enough? Destination Option = pseudo home address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|H|L|K|P| Reserved | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...... | type=6?? | Length=8(?) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Home Nonce Index | Care-of Nonce Index | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + privacy factor: Home Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Mobopts, IETF70, Vancouver

  7. Message formats: to be added to Ver07 Using cryptography algorithms to generate pHoA Home Test Init Message: a new ‘Q’ bit Q=1: CN needs to generate Kpm +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |P|Q| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Home Init Cookie + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility Options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Mobopts, IETF70, Vancouver

  8. Message formats: to be added to Ver07 Using cryptography algorithms to generate pHoA Binding Update Message: a new mobility option and a new ‘Q’ bit Destination Option = pseudo home address identity_address= the first pseudo home address used throughout the current communication session +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence # | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A|H|L|K|P|Q| Reserved | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ...... | type=6(??) | Length=16(?) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + privacy factor: Enc(Kbm, identity_address) + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | . . . Mobility options . . . | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Mobopts, IETF70, Vancouver

  9. Message formats: summary • IANA Considerations • A new mobility option: privacy factor • A new type of the Destination Option: containing the pseudo HoA, the CN can first compute the String and recover the HoA. • Two new flags in the reserved fields of the HoTI and BU messages • P: indicate to use the RR Signaling to generate pHoA • Q: indicate to use cryptography algorithms to generate pHoA Mobopts, IETF70, Vancouver

  10. Comments • Why using cryptography algorithms to generate pHoA • With the RO mode, this avoids the profiling attack based on the HoA by eavesdroppers on the MN-CN path. • Allow different HoAs to be used with even the same CN during different sessions. • We agree that with the IPSec ESP tunnel mode, HoA can be concealed from eavesdroppers on the HA-MN path. • The availability of the shared key between MN and HA • IKEv2 • Home Address allocation during bootstrapping • Can work together.

  11. Comments • pHoA changes packet processing • Yes, more local computation but no additional signaling • During handover, the previous MN-HA/MN-CN paths are mostly overlapped with the new MN-HA/MN-CN paths. • Depends on deployment and the location of eavesdroppers

  12. Q & A Thank You

More Related