170 likes | 291 Views
IPv6 and Privacy. Alper Yegin DoCoMo USA Labs. Privacy. Right to privacy : Right of an individual to decide for himself/herself when and on what terms his or her attributes should be revealed. You don’t have to be a criminal to care about privacy.
E N D
IPv6 and Privacy Alper Yegin DoCoMo USA Labs
Privacy • Right to privacy: Right of an individual to decide for himself/herself when and on what terms his or her attributes should be revealed. • You don’t have to be a criminal to care about privacy. • Companies and organizations are willing to pay $$$ to invade “your privacy” • Privacy aspects of a new technology • Must not degrade privacy • Enhancing privacy is highly desirable
Types of Privacy • Privacy is jeopardized when the correlation between user identity, location, data content, etc. is revealed • Identity privacy • Data privacy • Location privacy • www.isoc.org/briefings/015/index.shtml
Identity Privacy • Broken if user cannot perform anonymous IP communication • Hide identity from • The access network (e.g., access point/router) • On-link (neighbor) hosts • Intermediaries (e.g., web proxy, ALGs, ISP) • Correspondents (e.g., web servers)
IPv6 and Identity Privacy • Stateless address auto-configuration (RFC2462) and address architecture (RFC3513) caused privacy issues IPv6 prefix = 3ffe:501:8:0/64 MAC address = 00:60:1d:23:4e:fa IPv6 address = 3ffe:501:8:0:0260:1dff:fe23:4efa
Autoconfiguration • Embedded HW address in IPv6 address • Peer can tie IP traffic to a (known) user • Similar to Pentium serial number issue • Profiling is even easier than using cookies • Serious issue, but simple solution • http://playground.sun.com/pub/ipng/html/specs/ipv6-address-privacy.html
Privacy Extensions • Privacy extensions for stateless address auto-configuration in IPv6 (RFC3041) • Use a random suffix • Observable privacy • http://www.it.kth.se/~aep/ (Alberto Escudero-Pascual) • HW addresses are still observable on the link • Vulnerable to on-link hosts • Not an “IP” problem!
IPv6 and Data Privacy • End-to-end IPsec is “the” solution • Not last-hop link-layer ciphering • Not VPNs, TLS, HTTPS IX neighbor ISP ISP NAP Internet your peer “you” • IPv6 enables end-to-end IPsec
Secure Channels • Zeroknowledge, Anonymizer.com • Limited applicability • Use IPsec tunnels neighbor IX ISP ISP Internet “you” web server IPsec gateway
IPv6 and Location Privacy • Mobile IPv6 and route optimization “you” access router home agent CoA HAddr access router HAddr->CoA Internet access router web server HAddr->CoA
Approaches • (Selectively) disable route optimization • Integration of Geopriv extensions to Mobile IPv6 • Mobile IPv6 for location privacy • Home agent is a redirection server • Another issue: Movement privacy
Fine Tuning • Compromise between location privacy and route optimization: HMIPv6 “you” access router home agent LCoA HAddr access router RCoA->LCoA HAddr->RCoA RCoA Internet MAP access router web server HAddr->RCoA • Same level of privacy as NATs, without breaking Internet architecture
Privacy-aware Applications • Logic to select source IP addresses • Default Address Selection for Internet Protocol version 6 (RFC 3484) • “public addresses preferred over temporary (RFC 3041) addresses” • Application control • IPv6 Socket API for Address Selection (draft-chakrabarti-ipv6-addrselect-api-02)
IPv6 Addresses • Fixed IP address is a handle to correlate various data streams • Traffic analysis • One IP address per application can prevent this • Take advantage of abundance of IPv6 addresses
Summary • “Privacy” is a big deal • IP communication comes with its own privacy considerations • None of the IPv6 features degrade privacy • IPsec and address management related features of IPv6 enhance privacy