keiji maekawa graduate school of informatics, kyoto university yasuo okabe academic center for...
Post on 27-Mar-2015
217 Views
Preview:
TRANSCRIPT
Keiji MaekawaGraduate School of Informatics, Kyoto University
Yasuo OkabeAcademic Center for Computing and Media Studies, Kyoto
University
Mobility and location privacy Capability of preventing others from
learning one’s location Your location might be leaked out to
others…▪ Correspondents▪ Eavesdroppers
Alice is now connecting from
that college’s network .
Alice is now connecting from
that college’s network .
Alice(Mobile Node) Bob
(Correspondent Node)
Eve
This person in my network is probably Alice!
This person in my network is probably Alice!
Alice(Mobile Node)
Desired conditions Anonymity against eavesdroppers▪ They cannot identify the sender and the receiver of
packets.
Both end-points can authenticate each other,but they don’t know about exact location.This is surely from
Alice, though I don’t know where she is.
This is surely from Alice, though I don’t know where she is.
Bob
Eve
Who the hell is this???
Who the hell is this???
Case study: Mobile IP Home Address is the identifier. Care-of Address is the locator.
Correspondent Node
Correspondent Node
Mobile Node
Mobile Node
Home AgentHome Agent
Mobile Node
Mobile Node
Mobile Node
Mobile Node
MN’s Home Network
Never knows MN’s location
Never knows MN’s location
Always knows MN’s location
Always knows MN’s location
Case study: Mobile IP (Route Optimization) CN, HA, and eavesdroppers on the path can trace
the MN’s location simply looking at IP headers.
Correspondent Node
Correspondent Node
Mobile Node
Mobile Node
Home AgentHome Agent
Mobile Node
Mobile Node
Mobile Node
Mobile Node
MN’s Home Network
It is difficult to design a protocol so that ANY node doesn’t know the MN’s location. Including trusted nodes such as Home
Agent It’s trade-off between privacy and
performance. In some case, privacy may be more
important than performance.
Related Works HIP and BLIND
Problem Statement What is to be solved
Our Proposal Protocol Design
Conclusion
ID/locator separation Host Identity is a public key pair Host Identity Tag (HIT) is the identifier▪ 128-bit hash of Host identity
Base Exchange 2 round trip key exchange Exchange public keys for authentication Establish SAs (IPsec ESP)
Rendezvous Mechanism HIT & IP address stored in a Rendezvous
Server (RVS)▪ MN’s IP address is kept up to date
The first (I1) packet is forwarded▪ Then, end-points start to communicate directly
RVSRVS
AA BB
Registration / Location Update
To: HIT of B IP of RVS
MN sends UPDATE messages to CN and RVS on roaming. Sessions in upper layers are kept
AA BB AA
UPDATE
RVSRVS
UPDATE
Complete identity protection Only end-points can recognize the IDs in
packets. Eavesdroppers can’t identify them.
AA BBHIT(A) HIT(B)
HIT(A) HIT(B)
???
src/dst IDs are Blinded HIT with nonce N BHIT= hash(N || HIT) Nonce is randomly generated in each
session Extended Base Exchange
A variation of Diffie-HellmanAA BBHIT(A)
HIT(B)HIT(A) HIT(B)
BHIT(A)BHIT(B)
InitiatorInitiator ResponderResponder
I1: BHIT[I] → BHIT[R] , Nonce
BHIT[I] = hash(Nonce || HIT[I])BHIT[R] = hash(Nonce || HIT[R])
Determines HIT[R] by trying all own
HITs.
Determines HIT[R] by trying all own
HITs.
R1: BHIT[R] → BHIT[I] , DH[R]Generates the Key by DH
Encrypt HI[I] with the Key
Generates the Key by DH
Encrypt HI[I] with the Key
I2: BHIT[I] → BHIT[R] , DH[I] , { HI[I] }
R2: BHIT[R] → BHIT[I] , { HI[R] }
Generates the Key by DH
Decrypt HI[I] with the Key
Encrypt HI[R] with the Key
Generates the Key by DH
Decrypt HI[I] with the Key
Encrypt HI[R] with the Key
Location privacy for the BLIND Forwarding Agent (FA)
SPINAT FA conceals MN’s location from CN FA doesn’t know both IDs.
AA BBFAFA
HIP communication
Not know A’s ID
Not know A’s address
Goal To achieve both Mobility and Location
Privacy Approach
The protocol is based on BLIND▪ Good identity protection
Introduce mobility into BLIND
To realize mobility with BLIND Rendezvous mechanism dealing with
blinded HIT Movement transparency support
Problems are: RVS cannot resolve blinded HIT. Raw HITs should be concealed.
HIP-in-HIP tunneling Establish SAs with RVS with BLIND, then
securely send a packet with raw HITs as a HIP option.
The raw HIT info is deletedat RVS on forwarding.
AA
BB
FF
RVSRVS
Blinded Channel
BHIT[B]+HIT[B]
BHIT[B]
Mobility support by Forwarding Agents Use a temporary HIT for FA registration
Intra-FA handover MN sends update message only to FA.▪ MN is identified by the temporary HIT
This roaming is traced by FA and nodes in MN-FA.
AABBFF
AA
Inter-FA handover The MN registers to another FA with a
new temporary HIT after roaming. All identifiers are changed at once. There’s possibly packet loss.▪ Expects retransmission in upper layers
AA
F2F2 AHIT(A)IP(A) THIT(A)’ IP(A)’
SPI’ THIT(A)’ IP(A)’
SPI’
BB
IP(A)’
IP(A)’
THIT(A)’THIT(A)’
F1F1
THIT(A) IP(A) SPI THIT(A) IP(A) SPIRVSRVS
updateupdate
Single Points of Failure There may be some extensions for
robustness. Forwarding Agents▪ Multiplexing
Rendezvous Server▪ DHT-based
Collusion If CN and FA collude, MN’s ID and
location can be combined. When some incident happens,
police can inspect MN’s location.
Implementation and evaluation is ongoing.
We proposed the Mobile BLIND Framework Achievement▪ Anonymity for eavesdroppers▪ Conceal location from correspondents▪ Movement Transparency
Extensions to BLIND▪ Blind Rendezvous Mechanism▪ Mobility support by extended Forwarding
Agents
top related