Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Extensions for Stateless Address Autoconfiguration in IPv6 "Requirements for unobservability" Alberto Escudero-Pascual TSLab - IMIT Royal Institute.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Extensions for Stateless Address Autoconfiguration in IPv6 "Requirements for unobservability" Alberto Escudero-Pascual TSLab - IMIT Royal Institute."— Presentation transcript:

1 Privacy Extensions for Stateless Address Autoconfiguration in IPv6 "Requirements for unobservability" Alberto Escudero-Pascual TSLab - IMIT Royal Institute of Technology Stockholm, Sweden +46 70286 7989 Abstract Stateless address autoconfiguration defines the mechanism for a IPv6 node to generate an address without the need of an external DHCP server based on the interface identifier. In the case of Ethernet the Interface Identifier is based on the EUI-64 identifier derived from the interface's built-in 48-bit IEEE 802 address (MAC address). The IPv6 address generated via Stateless Autoconfiguration contains the same interface identifier regardless of the location the mobile node is attached to the Internet. RFC3041 presents a privacy extension to Stateless Autoconfiguration based on the idea of generating random interface identifiers periodically. The paper introduces the concept of "unobservability" of the privacy extension and studies in which scenarios a third party will be able to determine with high probability if a node is running RFC3041 or not. The paper shows the privacy implications of the universal/local bit of the current IPv6 addressing architecture and presents a set of suggested changes to enhance privacy. Conclusions and recommendations In the Figure[1] we show all possible scenarios considering the amount of knowledge available to the attacker. In all the cases the attacker starts checking if the universal/local bit of the interface identifier is set to zero. If the node is not running MobileIP with CGA and there is not a DHCP server available in the victim's subnet, the attacker assumes that the victim is running RFC3041 or has con figured the address manualy. Finally, the attacker can observe the addresses associated with a certain hardware address and determine if the victim is running RFC3041. A better privacy protection can be achieved if the random interface identifier can not be distinguished from a common one. i.e. An eavesdropper can not determine if certain node is using or not the stateless address configuration privacy extension. Unobservability can be garanteed as follows: All the hosts generate their interface identifier randomly by default. (sugested change in RFC2373). The universal/local bit is not reserved and hosts always rely in duplicate address detection (DaD). Alternatively, the host generates an interface identifier based on the addresses present in the link. The main idea is that the mobile node should keep statistical records of the presence of the different OUIs in the media and generate a rando identifier based on that information. The host learns about the nodes in the media by sending a neigbor discovery message to the all hosts multicast address. <loc:SLO xmlns:loc="http://www-nrc.nokia.com/ietf-spatial/2001/05/08/location" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www-nrc.nokia.com/ietf-spatial/2001/05/08/location http://www-nrc.nokia.com/ietf- spatial/2001/05/08/location.xsd"> N59.40.54 E017.94.36 +12.99 010 50 2.5 2001-13-11T12:00:01+02:00 2.0 1 M240 M30 T25 179 $GP,,,...* $GPGLL,5924.3131,N,01756.5752,E,134703.77,A,A*61 About the author Alberto Escudero Pascual has been doctoral student at the Royal Institute of Technology since January 2000. He has been consultant in security and privacy world wide since 1996. He received his Diploma Degree (M.Sc.) in Telecommunication Engineering from the Polytechnical University of Madrid in the area of renewable energies in 1998. Between 1998-1999 he has been doing research at the Bioengineering and Telemedicine Group (UPM) in low cost internet access in developing countries and at the Consejo Superior de Investigaciones Cientificas (CSIC). In June 2001 he obtained a Tek. Lic. Degree in the subject of location privacy in mobile internet. During the last ten years his research interests include wireless internet access in developing countries, community networks, privacy and security in mobile internet, privacy-enhancing technologies and privacy threats in the next generation Internet. He is currently participating in different European Union Forums in the area of Cybercrime and Data Protection. In December 2001 he presented his Ph.D. Proposal titled: "Privacy in the next generation Internet: Data Protection in the context of European Union Policy". “If you want to remain private, you don’t carry a banner saying: PRIVACY, PLEASE” IPDAGARNA 2001 LOCATION ADQUISITION HARDWARE LOCATION DATA RECORDS XML LOCATION DATA

Download ppt "Privacy Extensions for Stateless Address Autoconfiguration in IPv6 "Requirements for unobservability" Alberto Escudero-Pascual TSLab - IMIT Royal Institute."

Similar presentations

Fast L3 Handoff in 802.11 Wireless LANs Andrea G. Forte Sangho Shin Henning Schulzrinne.

Fast L3 Handoff in Wireless LANs Andrea G. Forte Sangho Shin Henning Schulzrinne.
ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.

ZyXEL Confidential Address Autoconfiguration Feng Zou SW2 ZyXEL Communications Corp. 04/11/2006.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
1 May, 2007: American Registry for Internet Numbers (ARIN) “advises the Internet community that migration to IPv6 numbering resources is necessary for.

1 May, 2007: American Registry for Internet Numbers (ARIN) “advises the Internet community that migration to IPv6 numbering resources is necessary for.
1 IPv6. 2 Problem: 32-bit address space will be completely allocated by 2008. Solution: Design a new IP with a larger address space, called the IP version.

1 IPv6. 2 Problem: 32-bit address space will be completely allocated by Solution: Design a new IP with a larger address space, called the IP version.
© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.
IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.

IPV6. Features of IPv6 New header format Large address space More efficient routing IPsec header support required Simple automatic configuration New protocol.
 Reference:  Vehicle has 2 MANET routers, interconnected via Ethernet  Vehicle has access to 3 wireless networks  Applications on MANET Routers use.

 Reference:  Vehicle has 2 MANET routers, interconnected via Ethernet  Vehicle has access to 3 wireless networks  Applications on MANET Routers use.
Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.

Host Autoconfiguration ALTTC, Ghaziabad. IPv4 Address and IPv6 equivalents ALTTC, Ghaziabad.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.

© 2007 Levente Buttyán and Jean-Pierre Hubaux Security and Cooperation in Wireless Networks Chapter 4: Naming and addressing.
IP Version 6 (IPv6) Dr. Adil Yousif. Why IPv6?  Deficiency of IPv4  Address space exhaustion  New types of service  Integration  Multicast  Quality.

IP Version 6 (IPv6) Dr. Adil Yousif. Why IPv6?  Deficiency of IPv4  Address space exhaustion  New types of service  Integration  Multicast  Quality.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
Doc.: IEEE 802.11-11/1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: 2011-09-19 Authors:

Doc.: IEEE /1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:
IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.

IPv6 Address Provisioning In IPv6 world there are three provisioning aspects wich are independent of whether the IPv6 node is a Host or CE router: IPv6.
Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology.

Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology.
LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.

LANMAN2002 Stockholm. Sweden Privacy Enhanced Architecture for Location Based Services (PE-LBS) Alberto Escudero-Pascual Royal Institute of Technology.
System Configuration: DHCP and Autoconfiguration Chapter 6.

System Configuration: DHCP and Autoconfiguration Chapter 6.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.

Similar presentations

Ads by Google