Transcript A Location Privacy Framework with Mobility Using Host Identity

Keiji Maekawa
Graduate School of Informatics, Kyoto University
Yasuo Okabe
Academic Center for Computing and Media Studies, Kyoto University

Mobility and location privacy
 Capability of preventing others from learning
one’s location
 Your location might be leaked out to others…
▪ Correspondents
▪ Eavesdroppers
Alice
(Mobile Node)
Eve
Alice is now connecting
from that college’s
network .
This person in my
network is
probably Alice!
Bob
(Correspondent
Node)

Desired conditions
 Anonymity against eavesdroppers
▪ They cannot identify the sender and the receiver of packets.
 Both end-points can authenticate each other,
but they don’t know about exact location.
This is surely from Alice,
though I don’t know
where she is.
Alice
(Mobile Node)
Bob
Eve
Who the hell is
this???

Case study: Mobile IP
 Home Address is the identifier.
 Care-of Address is the locator.
Never knows MN’s location
Always knows MN’s location
Mobile
Node
Home
Agent
Correspon
dent Node
MN’s Home
Network
Mobile
Node
Mobile
Node

Case study: Mobile IP (Route Optimization)
 CN, HA, and eavesdroppers on the path can trace
the MN’s location simply looking at IP headers.
Mobile
Node
Home
Agent
Correspon
dent Node
MN’s Home
Network
Mobile
Node
Mobile
Node

It is difficult to design a protocol so that ANY
node doesn’t know the MN’s location.
 Including trusted nodes such as Home Agent

It’s trade-off between privacy and performance.
 In some case, privacy may be more important than
performance.

Related Works
 HIP and BLIND

Problem Statement
 What is to be solved

Our Proposal
 Protocol Design

Conclusion

ID/locator separation
 Host Identity is a public key pair
 Host Identity Tag (HIT) is the identifier
▪ 128-bit hash of Host identity

Base Exchange
 2 round trip key exchange
 Exchange public keys for authentication
 Establish SAs (IPsec ESP)

Rendezvous Mechanism
 HIT & IP address stored in a Rendezvous Server (RVS)
▪ MN’s IP address is kept up to date
 The first (I1) packet is forwarded
▪ Then, end-points start to communicate directly
To: HIT of B
IP of RVS
A
RVS
Registration /
Location Update
B

MN sends UPDATE messages to CN and RVS
on roaming.
 Sessions in upper layers are kept
UPDATE
A
B
A
UPDATE
RVS

Complete identity protection
 Only end-points can recognize the IDs in packets.
 Eavesdroppers can’t identify them.
HIT(A)
HIT(B)
A
B
???
HIT(A)
HIT(B)

src/dst IDs are Blinded HIT with nonce N
 BHIT= hash(N || HIT)
 Nonce is randomly generated in each session

Extended Base Exchange
 A variation of Diffie-Hellman
HIT(A)
HIT(B)
A
B
BHIT(A)
BHIT(B)
HIT(A)
HIT(B)
BHIT[I] = hash(Nonce || HIT[I])
BHIT[R] = hash(Nonce || HIT[R])
Initiator
Responder
I1: BHIT[I] → BHIT[R] , Nonce
Determines HIT[R] by
trying all own HITs.
R1: BHIT[R] → BHIT[I] , DH[R]
Generates the Key by DH
Encrypt HI[I] with the Key
I2: BHIT[I] → BHIT[R] , DH[I] , { HI[I] }
R2: BHIT[R] → BHIT[I] , { HI[R] }
Generates the Key by DH
Decrypt HI[I] with the Key
Encrypt HI[R] with the Key


Location privacy for the BLIND
Forwarding Agent (FA)
 SPINAT
 FA conceals MN’s location from CN
 FA doesn’t know both IDs.
Not know A’s ID
A
FA
HIP communication
Not know A’s address
B

Goal
 To achieve both Mobility and Location Privacy

Approach
 The protocol is based on BLIND
▪ Good identity protection
 Introduce mobility into BLIND

To realize mobility with BLIND
 Rendezvous mechanism dealing with blinded HIT
 Movement transparency support

Problems are:
 RVS cannot resolve blinded HIT.
 Raw HITs should be concealed.

HIP-in-HIP tunneling
 Establish SAs with RVS with BLIND, then securely
send a packet with raw HITs as a HIP option.
 The raw HIT info is deleted
BHIT[B]+HIT[B]
at RVS on forwarding.
RVS
F
BHIT[B]
A
Blinded Channel
B

Mobility support by Forwarding Agents
 Use a temporary HIT for FA registration

Intra-FA handover
 MN sends update message only to FA.
▪ MN is identified by the temporary HIT
 This roaming is traced by FA and nodes in MN-FA.
A
A
F
B

Inter-FA handover
 The MN registers to another FA with a new
temporary HIT after roaming.
 All identifiers are changed at once.
 There’s possibly packet loss.
▪ Expects retransmission in upper layers
THIT(A)
IP(A) SPI
RVS
F1
A
AHIT(A)
THIT(A)’
IP(A)
IP(A)’
B
update
update
F2
THIT(A)’
IP(A)’
SPI’

Single Points of Failure
 There may be some extensions for robustness.
 Forwarding Agents
▪ Multiplexing
 Rendezvous Server
▪ DHT-based

Collusion
 If CN and FA collude, MN’s ID and location can be
combined.
 When some incident happens,
police can inspect MN’s location.

Implementation and evaluation is ongoing.

We proposed the Mobile BLIND Framework
 Achievement
▪ Anonymity for eavesdroppers
▪ Conceal location from correspondents
▪ Movement Transparency
 Extensions to BLIND
▪ Blind Rendezvous Mechanism
▪ Mobility support by extended Forwarding Agents