Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptographically Protected Prefixes for Location Privacy in IPv6 Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro.

Similar presentations


Presentation on theme: "Cryptographically Protected Prefixes for Location Privacy in IPv6 Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro."— Presentation transcript:

1 Cryptographically Protected Prefixes for Location Privacy in IPv6 Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro Kawahara and Ravi Jain DoCoMo Communications Laboratories USA, Inc. * Multimedia Laboratories, NTT DoCoMo, Inc.

2 Outline Location Privacy Problem in IP networks Related Works Proposal of Cryptographically Protected Prefixes (CPP) Simple Architecture (easily understandable) Secure Architecture Security Considerations Implementation and Performance Measurements Conclusions

3 Location Privacy Problems in IP Networks Prefix (es)Suffix IP networks use prefix based routing All hosts in a subnet have same subnet prefix Subnets often have geographical correspondence IP address shows your geographical location IP address shows whom you are together with Just as our postal addresses are hierarchically arranged with country, state, city, …, the IP addresses are also structured for routing efficiency.

4 Related Works Network Layer Solutions Mobile IPv6 Hierarchical Mobile IPv6 (HMIPv6) Application Layer (Overlay) Solutions Onion Routing Freedom Network Crowds, Tarzan, etc.

5 How do they provide Location Privacy Mobile IP with Home Agent Overlay Approaches (Onion routing, Freedom) Both approaches cannot provide communications with the optimal route between two endpoints HA Foreign Network Home Network Home Address Care-of-Address This user does not know the correspondent’s care-of-address which shows the user’s actual location. Internet Onion/Freedom Overlay Routers Mobile IP with Route Optimization

6 Qualitative Comparison of Related Works Degree of Location Privacy Quality of Service Mobile IP Home Agent App Overlay (Onion, Freedom) Mobile IPv6 Route Optimization HMIPv6 Desired Location Privacy, Comparable with today’s CS Telecom No Additional Routing Delay Subnet Level Several Subnets Visited Domain Home Domain Global Optimal Limited Triangular Routing Triangular Huge Routing/ Performance Overhead Goal of our project

7 Design Policies of Our Approach (CPP) Provide Location Privacy within a domain Optimal Routing (No additional Routing Delay) It is important for some real-time applications. Full Compatibility with other Internet Protocols (Mobile IP, IPsec, Diffserv, etc.) No Single Point of Failure

8 Structure of IP address Network Prefix IPv4 Address Host Suffix 32bits IPv6 Address Network PrefixHost Suffix 128bits typically 64bits Both IPv4 and IPv6 addresses have the similar structure consisting of Network Prefix and Host Suffix, and the Network Prefix is related to the geographical location. Advantages of applying to IPv6 Large space of network prefix provides strong anonymity of the location. The fixed boundary between prefix and suffix can simplify the system.

9 Basic Concept Replacing the actual prefix with a host-specific encrypted prefix P `(R,i) MiMi P0P0 PRPR MiMi Prefix Encryption Prefix Decryption Routable IPv6 address  End-hosts use prefix-encrypted IPv6 address for their communications.  Routers obtain the routable IPv6 address through the decryption of the encrypted prefix. (Routers have the key for decryption.) Prefix-encrypted IPv6 address Routable IPv6 address P0P0 P0P0 PRPR MiMi

10 Simple Architecture (easily understandable) Privacy Domain Routers outside Privacy Domain look at the prefix P 0 and route the packet to the privacy domain, there are no longer matches than P 0 outside privacy domain P0P0 P’(R,i) MiMi 0 1 Routers inside Privacy Domain decrypt the secondary prefix P`(R, i) to find the actual routing prefix and route the packet accordingly until the packet reaches the desired destination 2 3 4 5 Routers inside Privacy Domain share the secret key and obtain the routable prefix prior to routing table searches. P0P0 P’(R,i) MiMi P0P0 MiMi P0P0 MiMi P0P0 MiMi P0P0 MiMi PRPR PRPR PRPR PRPR

11 What changes in the Routers Pre Processing Destination Address Packet Longest Prefix Match Prefix Of Destination Destination Route Packet Dispatcher Extract Prefix Packet Destination Address Packet Prefix of Destination Destination Route Packet Dispatcher Decrypt Packet Key Conventional Routers Longest Prefix Match Pre Processing Small change, can be implemented in hardware for acceleration Routers Modified for Location Privacy There is no change in conventional routing protocols (RIP, OSPF, etc.)

12 Secure Architecture R1 R7 R8 R2 R3 R5R6 R4 Host Router Border Gateway Routers are assigned levels based on their “hop-count” from the border router. Level 1 Level 2 Level 3 Level 4 Routers at different level use different key and decrypt different part of prefix which is necessary and sufficient for routing table searches. A compromised router cannot get all user’s location.

13 Structure of IP addresses with CPP M (the suffix) P0P0 V P 1 H(L 1, M) The Prefix consists of several small encrypted components – one corresponding to each level Key version bit for key rotation Common Prefix for Global Routing P k H(L n, M) Any router at level “k” can use its level key L k to decrypt P k and given P 1,…P k-1 from the upper level router with hop-by-hop option, it obtains routable prefix and forward packets correctly to next hop. 128 Bits X1X1 X2X2 X3X3 ……XnXn H( ) is a encryption or hash function

14 Security Considerations Eavesdropping on the same link Eavesdroppers can realize the location of the other hosts on the same network link by snooping the traffic of the link. CPP should use some other techniques to prevent traffic analysis. Guessing Attack Attackers use connection trials in various subnets and guess H(L i, M) using plain prefixes of the location where the response is received. Privacy Domain changes the secret key for some interval. CPP Extended Address (to be explained next) ICMP packets ICMP packets from a router in the middle of the connection give the sender the hints of the receiver’s location. Router must not use the real source address for ICMP packets. No Traceroute

15 Guessing Attacks and CPP Extended Address Guessing Attacks Attackers try to obtain H(L i, M v ) for tracking the victim who has the suffix M v, because once they obtain H(L i, M v ), they can easily track the victim. Reason behind this attack is that H(L i, M v ) is a constant value regardless of its location. CPP Extended Address Using H(L i, ) instead of H(L i, M v ) provides more robust security against Guessing Attacks. Probability that the adversary obtains the prefix components P 1 … P j of the victim’s address is where, s is the number of subnets searched with

16 Implementation input queueoutput queue ip6intr ip6_inputip6_forwardip6_output nd6_output Transport Protocol Network Interfaces routing table decrypt & lookup FreeBSD 4.8 Kernel Structure start of measure end of measure Modified ip6_input() function Time measurement of one packet forwarding Cryptographic Functions used: AES, SHA-1

17 Performance Results Type of Router  UnmodifiedUsing SHA-1Using AES One Packet Forwarding Time 6 micro sec11 micro sec9 micro sec Packet Rate 166,666 pps90,909 pps111, 111 pps Data Rate (1Kbyte per packet) 1300 Mbps727 Mbps888 Mbps Software Router Specification: OS:FreeBSD 4.8 CPU:1GHz Memory:512MB

18 Conclusions CPP alleviates IPv6 location privacy problem Traditional Approaches Routing Overhead Stateful and Per-packet processing CPP No state, Good Performance No Routing Overhead Full Compatibility with other Internet protocols Require Small Changes in Routers Poor Compatibility with other Internet protocols

19 Rekey (Backup slides) Timeline Key(A) Key(B) Key(A) rekey Scambled address (A) Scambled address (B) Scambled address (A) Scambled address (B) Scambled address (A) Advertised Addresses (encrypted with the newer key) more than prefix lifetime more than prefix lifetime more than prefix lifetime Routers change the key(A) and the key(B) alternately, and encrypt prefixes with the newer key. The duration from finishing changing the key to starting changing the other key must be more then the lifetime of prefixes. rekey is long enough to rekey on all routers even if it is done manually.

20 Implementation (backup slide) P0(48 bits)Q(16 bits) M(64 bits) 128 bits input message adding zero-padding of 64 bits to M router’s secret key (128 bits) 128 bits output message offset target prefix Exclusive-OR prefix components of higher routers hop-by-hop option concatenation real prefix components needed for routing table searches AES or SHA-1 (block cipher or Hash)

21 Inter-domain Extension (Backup slide) Domain B Domain A Domain C EuropeUSA Asia P0 prefix: 2001:1234:: AS number: 2 P0 prefix: 2001:1234:: AS number: 1 P0 prefix: 2001:1234:: AS number: 3 Prefix: 2001:1234 AS number: 2 BGP message Prefix: 2001:1234 AS number: 1 BGP message Prefix: 2001:1234 AS number: 3 BGP message All domains use the same P0 (2001:1234:). P0 does not reveal the user’s domain. All domains use the different global AS numbers. Given the multiple BGP messages of the same set of destinations, the one with the highest degree of preference is selected. Packets destined to P0 would be delivered to the nearest CPP domain

22 Inter-Domain Extension (Backup slide) Domain B Domain A Domain C EuropeUSA Asia shows which domain the host(i) resides in. tunneling host(i) Nearest border gateway P0X1X2X3X4M (Host Suffix) P1P2P3P4 CPP address Domestic traffic is always optimal route International traffic is slightly triangle route

23 A little more about CPP (Backup slide)  For optimal routing, the suffix is computed such that any router can determine if it is a cross over router We use it for optimal routing, but can also be used for other techniques.  How do we do this Each router R in Privacy Domain has a unique key K R M is chosen for subnet of router “r” such that: H(K R, M) equals ZERO if R C H(K R, M) not equals ZERO if R C Where C is set of all cross over routers for router “r” Fine Detail: No two cross over routers can have same level, if they are directly connected “r” R1 R2 R3 R4 Set of all cross over routers: C ={R1, R2, R3, R4} R5 R6 R7 R8 R9


Download ppt "Cryptographically Protected Prefixes for Location Privacy in IPv6 Jonathan Trostle, Hosei Matsuoka*, Muhammad Mukarram Bin Tariq, James Kempf, Toshiro."

Similar presentations


Ads by Google