170 likes | 315 Vues
Mobile IPv6 Location Privacy Solutions draft-irtf-mobopts-location-privacy-solutions-01.txt. Ying Qiu, Fan Zhao, Rajeev Koodli. Outline. Analysis of Location Privacy in MIP6 Hiding Mobile Node's Location Movement Information Pseudo Home Address Hiding HoA in Home Binding Update procedure
E N D
Mobile IPv6 Location Privacy Solutionsdraft-irtf-mobopts-location-privacy-solutions-01.txt Ying Qiu, Fan Zhao, Rajeev Koodli
Outline • Analysis of Location Privacy in MIP6 • Hiding Mobile Node's Location Movement Information • Pseudo Home Address • Hiding HoA in Home Binding Update procedure • Hiding HoA in RR procedure • Traffic Packets between MN and CN in RO mode • Hiding CoA via Reverse Tunneling Mode • Location Privacy with Unmodified RR Signaling • Route-Optimized Binding Update to CN • Reverse-tunneled Binding Update to CN Mobopts, IETF65, Dallas
Analysis of Location Privacy in MIP6 • Current MIP6 specification doesn’t consider location privacy • Both CoA and HoA are visible to onlookers in the following messages: • Home Binding Update and Acknowledgement • Correspondent Binding Update and Acknowledgement • Prefix Discovery • Data packets between MN and CN in the RO mode • HoA is visible in the HoTI/HoT message on the HA-CN path. • In RO mode, CoA can’t be hidden from CN. • In RT mode, CoA can be hidden from CN and onlooker. Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (1) Pseudo Home Address • Not to reveal the real Home Address • Use some other field to substitute the real HoA • The field must be communicated securely • The field itself must not become a target of profiling • The field is recovered from the real HoA by the HA and CN Pseudo_HoA = HMAC_SHA1(Kph, Previous Pseudo_HoA)) where, Kph is the symmetric key between MN and HA Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (2) Hiding HoA in Home Binding Update Procedure(i) • BU message: IPv6 header source = CoA destination = HA Destination option header Home Address option (Pseudo_HoA) ESP header in transport mode Mobility header Home Binding Update Alternative CoA option (CoA) Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (3) Hiding HoA in Home Binding Update Procedure (ii) • BA message: IPv6 header source = HA destination = CoA Destination option header Home Address option (Pseudo_HoA) ESP header in transport mode Mobility header Home Binding Acknowledgement Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (4) Hiding HoA in RO mode (i) • HoTI in MN-HA path: IPv6 header source = CoA destination = HA ESP header in tunneling mode IPv6 header source = HoA destination = CN Mobility header HoTI • HoTI in HA-CN path: IPv6 header source = HA destination = CN Destination option Pseudo_HoA Mobility header HoTI Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (4) Hiding HoA in RO mode (ii) • HoT in CN-HA path: IPv6 header source = CN destination = HA Destination option Pseudo_HoA Mobility header HoT • HoT in HA-MN path: IPv6 header source = HA destination = CoA ESP header in tunneling mode IPv6 header source = CN destination = HoA Mobility header HoT Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (5) Hiding HoA in RO mode (iii) • Correspondent Binding Update: • CoTI/CoT no change • BU message IPv6 header source = CoA destination = CN Destination option E(Kbm, Pseudo_HoA); a) hide the relationship between CoA and Pseudo_HoA b) recoverable by CN Mobility header BU=(Pseudo_HoA, home nonce index, ...) • where • Kbm = SHA1 (home keygen token | care-of keygen token) ; no change • home keygen token = First (64, HMAC_SHA1(Kcn, (Pseudo_HoA | nonce | 0))) • care-of keygen token = First (64, HMAC_SHA1(Kcn, (CoA | nonce | 1))); no change Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (6) Hiding HoA in RO mode (iv) • Traffic Packets between MN and CN: • Packets from MN to CN: IPv6 header source = CoA destination = CN Destination option Pseudo_HoA Payload • Packets from CN to MN: IPv6 header source = CN destination = CoA Routing Header Pseudo_HoA Payload Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (7) Hiding CoA via Reverse Tunneling Mode • To hide its CoA from the CN and its HoA from an onlooker, the data packets between MN and CN traffic through HA in reverse tunneling mode. (modified according to Vijay comments) • In path MN-HA: • IPv6 header • source = CoA • destination = HA • ESP header in tunnel mode • IPv6 header • source = HoA • destination = CN • Payload • In path HA-CN: • IPv6 header • source = HoA • destination = CN • Payload • In path CN-HA: • IPv6 header • source = CN • destination = HoA • Payload • In path HA-MN: • IPv6 header • source = HA • destination = CoA • ESP header in tunnel mode • IPv6 header • source = CN • destination = HoA • Payload Mobopts, IETF65, Dallas
Hiding Mobile Node's Location Movement Information (8) The increment of Sequence Numbers seq#_increment = First(8, HMAC_SHA1(Kbm, home nonce index | care nonce index)); Seq# = previous Seq# + seq#_increment. If seq#_increment = 0, then seq#_increment = 1. If new Seq# > 216-1, new Seq# = 216-1. Mobopts, IETF65, Dallas
Location Privacy with Unmodified RR Signaling (1) Brief Idea • both CN and MN derive a shared privacy management key, Kpm, from the keygen tokens achieved in the home address and care-of address test procedures; • afterwards, MN uses Kpm to hide its home address in the Binding Update to CN; • finally CN authenticates the received Binding Update and restores the MN'S home address therein. Mobopts, IETF65, Dallas
Location Privacy with Unmodified RR Signaling (2) Route-Optimized Binding Update to CN (1) • make the home address invisible to onlookers by replacing the real HoA with a Pseudo HoA • CN generates after getting HoTI Privacy_Keygen_Token = First (64, Kcn(HoA set to all zeros | nonce | 0)) • MN computes after getting HoT Kpm = SHA1 (Privacy_Keygen_Token | care-of keygen token) and Pseudo_Home_Address = String XOR HoA where, String = First (128, HMAC_SHA1 (Kpm, (CoA | Home Nonce Index | Care-of Nonce Index))) Mobopts, IETF65, Dallas
Location Privacy with Unmodified RR Signaling (3) Route-Optimized Binding Update to CN (2) • CN compute Kpm when receives a BU with Pseudo_HoA. • The computation is similar to how it would compute Kbm, except that the Privacy Keygen Token is computed with HoA set to all zeros. • CN computes the String and recovers the HoA with Kpm. • CN compute the home keygen token, the Kbm, and verify the MAC for the Binding Update. • If Binding Update processing is successful, the Pseudo Home Address is considered valid. • CN then stores the nonce indices, and the Kbm itself. • CN sends a normal Binding Acknowledgment to the MN. • The String is computed once by both the MN and the CN, and hence the Pseudo Home Address as computed above remains constant, until one of the address cookies expires or the MN undergoes a handover. Mobopts, IETF65, Dallas
Location Privacy with Unmodified RR Signaling (4) Reverse-tunneled Binding Update to CN • MN may send the BU not directly to CN, but via HA IPv6 header source = CoA destination = HA ESP header in tunneling mode IPv6 header source = HoA destination = CN Mobility header BU Alternate Care-of Address option (care-of address) • CN, after getting the BU, computes the Kbm first. • verifies the MAC for the Binding Update • recovers the HoA from the Pseudo HoA, then verifies if it is actually the HoA present in the source IP address. Mobopts, IETF65, Dallas
Q & A Thank You