Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Published byNatalie Saunders Modified over 10 years ago

Similar presentations

Presentation on theme: "Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University."— Presentation transcript:

1 Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University

2 Mobility and location privacy Capability of preventing others from learning ones location Your location might be leaked out to others… Correspondents Eavesdroppers Alice is now connecting from that colleges network. Alice (Mobile Node) Bob (Correspondent Node) Eve This person in my network is probably Alice!

3 Alice (Mobile Node) Desired conditions Anonymity against eavesdroppers They cannot identify the sender and the receiver of packets. Both end-points can authenticate each other, but they dont know about exact location. This is surely from Alice, though I dont know where she is. Bob Eve Who the hell is this???

4 Case study: Mobile IP Home Address is the identifier. Care-of Address is the locator. Correspon dent Node Mobile Node Home Agent Mobile Node MNs Home Network Never knows MNs location Always knows MNs location

5 Case study: Mobile IP (Route Optimization) CN, HA, and eavesdroppers on the path can trace the MNs location simply looking at IP headers. Correspon dent Node Mobile Node Home Agent Mobile Node MNs Home Network

6 It is difficult to design a protocol so that ANY node doesnt know the MNs location. Including trusted nodes such as Home Agent Its trade-off between privacy and performance. In some case, privacy may be more important than performance.

7 Related Works HIP and BLIND Problem Statement What is to be solved Our Proposal Protocol Design Conclusion

8 ID/locator separation Host Identity is a public key pair Host Identity Tag (HIT) is the identifier 128-bit hash of Host identity Base Exchange 2 round trip key exchange Exchange public keys for authentication Establish SAs (IPsec ESP)

9 Rendezvous Mechanism HIT & IP address stored in a Rendezvous Server (RVS) MNs IP address is kept up to date The first (I1) packet is forwarded Then, end-points start to communicate directly RVS A A B B Registration / Location Update To: HIT of B IP of RVS

10 MN sends UPDATE messages to CN and RVS on roaming. Sessions in upper layers are kept A A B B A A UPDATE RVS UPDATE

11 Complete identity protection Only end-points can recognize the IDs in packets. Eavesdroppers cant identify them. A A B B HIT(A) HIT(B) ???

12 src/dst IDs are Blinded HIT with nonce N BHIT= hash(N || HIT) Nonce is randomly generated in each session Extended Base Exchange A variation of Diffie-Hellman A A B B HIT(A) HIT(B) BHIT(A) BHIT(B)

13 Initiator Responder I1: BHIT[I] BHIT[R], Nonce BHIT[I] = hash(Nonce || HIT[I]) BHIT[R] = hash(Nonce || HIT[R]) Determines HIT[R] by trying all own HITs. R1: BHIT[R] BHIT[I], DH[R] Generates the Key by DH Encrypt HI[I] with the Key Generates the Key by DH Encrypt HI[I] with the Key I2: BHIT[I] BHIT[R], DH[I], { HI[I] } R2: BHIT[R] BHIT[I], { HI[R] } Generates the Key by DH Decrypt HI[I] with the Key Encrypt HI[R] with the Key Generates the Key by DH Decrypt HI[I] with the Key Encrypt HI[R] with the Key

14 Location privacy for the BLIND Forwarding Agent (FA) SPINAT FA conceals MNs location from CN FA doesnt know both IDs. A A B B FA HIP communication Not know As IDNot know As address

15 Goal To achieve both Mobility and Location Privacy Approach The protocol is based on BLIND Good identity protection Introduce mobility into BLIND

16 To realize mobility with BLIND Rendezvous mechanism dealing with blinded HIT Movement transparency support

17 Problems are: RVS cannot resolve blinded HIT. Raw HITs should be concealed.

18 HIP-in-HIP tunneling Establish SAs with RVS with BLIND, then securely send a packet with raw HITs as a HIP option. The raw HIT info is deleted at RVS on forwarding. A A B B F F RVS Blinded Channel BHIT[B]+HIT[B] BHIT[B]

19 Mobility support by Forwarding Agents Use a temporary HIT for FA registration Intra-FA handover MN sends update message only to FA. MN is identified by the temporary HIT This roaming is traced by FA and nodes in MN-FA. A A B B F F A A

20 Inter-FA handover The MN registers to another FA with a new temporary HIT after roaming. All identifiers are changed at once. Theres possibly packet loss. Expects retransmission in upper layers A A F2 AHIT(A) IP(A) THIT(A) IP(A) SPI B B IP(A) THIT(A) F1 THIT(A) IP(A) SPI RVS update

21 Single Points of Failure There may be some extensions for robustness. Forwarding Agents Multiplexing Rendezvous Server DHT-based

22 Collusion If CN and FA collude, MNs ID and location can be combined. When some incident happens, police can inspect MNs location.

23 Implementation and evaluation is ongoing.

24 We proposed the Mobile BLIND Framework Achievement Anonymity for eavesdroppers Conceal location from correspondents Movement Transparency Extensions to BLIND Blind Rendezvous Mechanism Mobility support by extended Forwarding Agents

25

Download ppt "Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University."

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Security Issues In Mobile IP

Security Issues In Mobile IP
Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.

Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday 26.09.2005 C. Today I³SI³HIPHI³.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

Similar presentations

Ads by Google