1 / 23

Cryptographically Protected Prefixes for Location Privacy in IPv6

Cryptographically Protected Prefixes for Location Privacy in IPv6. Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro Kawahara and Ravi Jain. DoCoMo Communications Laboratories USA, Inc. * Multimedia Laboratories, NTT DoCoMo, Inc. Outline.

melodie-foreman
Télécharger la présentation

Cryptographically Protected Prefixes for Location Privacy in IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptographically Protected Prefixesfor Location Privacy in IPv6 Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro Kawahara and Ravi Jain DoCoMo Communications Laboratories USA, Inc. * Multimedia Laboratories, NTT DoCoMo, Inc.

  2. Outline • Location Privacy Problem in IP networks • Related Works • Proposal of Cryptographically Protected Prefixes (CPP) • Simple Architecture (easily understandable) • Secure Architecture • Security Considerations • Implementation and Performance Measurements • Conclusions

  3. Prefix (es) Suffix Location Privacy Problems in IP Networks Just as our postal addresses are hierarchically arranged with country, state, city, …, the IP addresses are also structured for routing efficiency. IP networks use prefix based routing • Subnets often have geographical correspondence • All hosts in a subnet have same subnet prefix • IP address shows whom you are together with • IP address shows your geographical location

  4. Related Works • Network Layer Solutions • Mobile IPv6 • Hierarchical Mobile IPv6 (HMIPv6) • Application Layer (Overlay) Solutions • Onion Routing • Freedom Network • Crowds, Tarzan, etc.

  5. Mobile IP with Route Optimization How do they provide Location Privacy Overlay Approaches (Onion routing, Freedom) Mobile IP with Home Agent This user does not know the correspondent’s care-of-address which shows the user’s actual location. Internet Care-of-Address Home Address HA Foreign Network Onion/Freedom Overlay Routers Home Network Both approaches cannot provide communications with the optimal route between two endpoints

  6. Qualitative Comparison of Related Works Desired Location Privacy, Comparable with today’s CS Telecom Goal of our project No Additional Routing Delay Optimal Quality of Service Mobile IPv6 Route Optimization Limited Triangular Routing HMIPv6 Triangular Mobile IP Home Agent Huge Routing/ Performance Overhead App Overlay (Onion, Freedom) Several Subnets Subnet Level Visited Domain Home Domain Global Degree of Location Privacy

  7. Design Policies of Our Approach (CPP) • Provide Location Privacy within a domain • Optimal Routing (No additional Routing Delay) It is important for some real-time applications. • Full Compatibility with other Internet Protocols (Mobile IP, IPsec, Diffserv, etc.) • No Single Point of Failure

  8. Structure of IP address IPv4 Address Both IPv4 and IPv6 addresses have the similar structure consisting of Network Prefix and Host Suffix, and the Network Prefix is related to the geographical location. 32bits Network Prefix Host Suffix IPv6 Address 128bits Network Prefix Host Suffix typically 64bits typically 64bits Advantages of applying to IPv6 • Large space of network prefix provides strong anonymity of the location. • The fixed boundary between prefix and suffix can simplify the system.

  9. Basic Concept Replacing the actual prefix with a host-specific encrypted prefix Routable IPv6 address P0 PR Mi Prefix Encryption Prefix-encrypted IPv6 address P0 P`(R,i) Mi Prefix Decryption Routable IPv6 address P0 PR Mi • End-hosts use prefix-encrypted IPv6 address for their communications. • Routers obtain the routable IPv6 address through the decryption of the encrypted prefix. (Routers have the key for decryption.)

  10. Simple Architecture (easily understandable) Routers inside Privacy Domain share the secret key and obtain the routable prefix prior to routing table searches. P0 P’(R,i) Mi Privacy Domain 0 P0 P’(R,i) Mi 1 P0 P’(R,i) Mi P0 P’(R,i) Mi P0 P’(R,i) Mi 4 2 PR Routers outside Privacy Domain look at the prefix P0 and route the packet to the privacy domain, there are no longer matches than P0 outside privacy domain 3 PR P0 P’(R,i) Mi PR 5 PR Routers inside Privacy Domain decrypt the secondary prefix P`(R, i) to find the actual routing prefix and route the packet accordingly until the packet reaches the desired destination

  11. What changes in the Routers Prefix Of Destination DestinationRoute Destination Address Conventional Routers Extract Prefix Dispatcher Longest Prefix Match Pre Processing Packet Packet Packet Prefix ofDestination DestinationRoute Destination Address Key Routers Modified for Location Privacy Dispatcher Decrypt Longest Prefix Match PreProcessing Small change, can be implemented in hardware for acceleration Packet Packet Packet There is no change in conventional routing protocols (RIP, OSPF, etc.)

  12. Secure Architecture Routers are assigned levels based on their “hop-count” from the border router. Border Gateway Level 1 R1 Router Level 2 R7 R2 Routers at different level use different key and decrypt different part of prefix which is necessary and sufficient for routing table searches. Level 3 R8 R3 R4 Level 4 R5 R6 A compromised router cannot get all user’s location. Host

  13. Structure of IP addresses with CPP Common Prefix for Global Routing The Prefix consists of several small encrypted components – one corresponding to each level Key version bit for key rotation P0 V X1 X2 X3 …… Xn M (the suffix) 128 Bits P1 H(L1, M) Pk H(Ln, M) H( ) is a encryption or hash function Any router at level “k” can use its level key Lk to decrypt Pk and given P1,…Pk-1 from the upper level router with hop-by-hop option, it obtains routable prefix and forward packets correctly to next hop.

  14. Security Considerations • Eavesdropping on the same link Eavesdroppers can realize the location of the other hosts on the same network link by snooping the traffic of the link. CPP should use some other techniques to prevent traffic analysis. • Guessing Attack Attackers use connection trials in various subnets and guess H(Li, M) using plain prefixes of the location where the response is received. Privacy Domain changes the secret key for some interval. CPP Extended Address (to be explained next) • ICMP packets ICMP packets from a router in the middle of the connection give the sender the hints of the receiver’s location. Router must not use the real source address for ICMP packets. No Traceroute

  15. Guessing Attacks and CPP Extended Address Guessing Attacks Attackers try to obtain H(Li, Mv) for tracking the victim who has the suffix Mv, because once they obtain H(Li, Mv), they can easily track the victim. Reason behind this attack is that H(Li, Mv) is a constant value regardless of its location. CPP Extended Address Using H(Li, <Mv, P1, … , Pi-1, Xi+1, … Xk>) instead of H(Li, Mv) provides more robust security against Guessing Attacks. Probability that the adversary obtains the prefix components P1 … Pj of the victim’s address is , sis the number of subnets searched where with

  16. Implementation FreeBSD 4.8 Kernel Structure Modified ip6_input() function Transport Protocol Cryptographic Functions used: AES, SHA-1 Time measurement of one packet forwarding ip6_input ip6_forward ip6_output decrypt & lookup ip6intr nd6_output routing table start of measure end of measure input queue output queue Network Interfaces

  17. Performance Results Software Router Specification: OS: FreeBSD 4.8 CPU: 1GHz Memory: 512MB

  18. Conclusions CPP alleviates IPv6 location privacy problem Traditional Approaches CPP Routing Overhead No Routing Overhead Full Compatibility with other Internet protocols Poor Compatibility with other Internet protocols Stateful and Per-packet processing No state, Good Performance Require Small Changes in Routers

  19. Rekey (Backup slides) Routers change the key(A) and the key(B) alternately, and encrypt prefixes with the newer key. The duration from finishing changing the key to starting changing the other key must be more then the lifetime of prefixes. more than prefix lifetime more than prefix lifetime more than prefix lifetime Key(B) rekey Key(B) Key(A) rekey Key(A) rekey Key(A) Advertised Addresses (encrypted with the newer key) Scambled address (A) Scambled address (B) Scambled address (A) Scambled address (B) Scambled address (A) Timeline rekey is long enough to rekey on all routers even if it is done manually.

  20. Implementation (backup slide) P0(48 bits) Q(16 bits) M(64 bits) 128 bits input message adding zero-padding of 64 bits to M target prefix offset router’s secret key (128 bits) AES or SHA-1 (block cipher or Hash) 128 bits output message prefix components of higher routers Exclusive-OR real prefix components needed for routing table searches hop-by-hop option concatenation

  21. Inter-domain Extension (Backup slide) • All domains use the same P0 (2001:1234:). P0 does not reveal the user’s domain. • All domains use the different global AS numbers. BGP message BGP message Prefix: 2001:1234 AS number: 2 Prefix: 2001:1234 AS number: 1 Domain A Domain B P0 prefix: 2001:1234:: AS number: 1 P0 prefix: 2001:1234:: AS number: 2 Europe USA Asia Given the multiple BGP messages of the same set of destinations, the one with the highest degree of preference is selected. BGP message Domain C Prefix: 2001:1234 AS number: 3 P0 prefix: 2001:1234:: AS number: 3 Packets destined to P0 would be delivered to the nearest CPP domain

  22. Inter-Domain Extension (Backup slide) CPP address P0 X1 X2 X3 X4 M (Host Suffix) shows which domain the host(i) resides in. Nearest border gateway P1 P2 P3 P4 Domain A Domain B tunneling host(i) Europe USA International traffic is slightly triangle route Asia Domain C Domestic traffic is always optimal route

  23. A little more about CPP (Backup slide) • For optimal routing, the suffix is computed such that any router can determine if it is a cross over router • We use it for optimal routing, but can also be used for other techniques. • How do we do this • Each router R in Privacy Domain has a unique key KR • M is chosen for subnet of router “r” such that: H(KR, M) equals ZERO if R C H(KR, M) not equals ZERO if R C Where C is set of all cross over routers for router “r” Fine Detail: No two cross over routers can have same level, if they are directly connected Set of all cross over routers:C={R1, R2, R3, R4} R1 R2 R5 R9 R3 R6 R8 R4 R7 “r”

More Related