论文信息 - Cryptographically Protected Prefixes for Location Privacy in IPv6

Cryptographically Protected Prefixes for Location Privacy in IPv6

There is a growing concern with preventing unauthorized agents from discovering the geographical location of Internet users, a kind of security called location privacy. The typical deployments of IPv6 in mobile networks allow a correspondent host and any passive eavesdroppers to infer the user's rough geographical location from the IPv6 address. We present a scheme called Cryptographically Protected Prefixes (CPP), to address this problem at the level of IPv6 addressing and forwarding. CPP randomizes the address space of a defined topological region (privacy domain), thereby making it infeasible to infer location information from an IP address. CPP can be deployed incrementally. We present an adversary model and show that CPP is secure within the model. We have implemented CPP as a pre-processing step within the forwarding algorithm in the FreeBSD 4.8 kernel. Our performance testing indicates that CPP pre-processing results in a 40–50 percent overhead for packet forwarding in privacy domain routers. The additional end to end per packet delay is roughly 20 to 60 microseconds.

[1] Charles E. Perkins,et al. Mobility support in IPv6 , 1996, MobiCom '96.

[2] Robert Tappan Morris,et al. Tarzan: a peer-to-peer anonymizing network layer , 2002, CCS '02.

[3] Claude Castelluccia,et al. Hierarchical Mobile IPv6 Mobility Management (HMIPv6) , 2005, RFC.

[4] R. Prim. Shortest connection networks and some generalizations , 1957 .

[5] Mihir Bellare,et al. Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6] Ronggong Song,et al. Review of Network-Based Approaches for Privacy , 2002 .

[7] Nick Mathewson,et al. Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8] David Chaum,et al. Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[9] R. W. Gosper. Decision procedure for indefinite hypergeometric summation. , 1978, Proceedings of the National Academy of Sciences of the United States of America.

[10] Jogesh Warrior,et al. They know where you are [location detection] , 2003 .

[11] Alberto L. Escudero,et al. Flying Freedom: Location Privacy in Mobile Internetworking , 2001 .

[12] Stephen Deering,et al. Internet Protocol Version 6(IPv6) , 1998 .

[13] Radia J. Perlman,et al. Key Exchange in IPSec: Analysis of IKE , 2000, IEEE Internet Comput..

[14] Silvio Micali,et al. How to construct random functions , 1986, JACM.

[15] Randall J. Atkinson,et al. Security Architecture for the Internet Protocol , 1995, RFC.

[16] G. Rw. Decision procedure for indefinite hypergeometric summation , 1978 .

[17] GrunwaldDirk,et al. Enhancing location privacy in wireless LAN through disposable interface identifiers , 2005 .

[18] Edsger W. Dijkstra,et al. A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[19] Lakshminarayanan Subramanian,et al. An investigation of geographic mapping techniques for internet hosts , 2001, SIGCOMM.

[20] Victor Shoup,et al. Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[21] Hannes Federrath,et al. Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[22] Michael K. Reiter,et al. Crowds: anonymity for Web transactions , 1998, TSEC.

[23] J. Moy,et al. OSPF: Anatomy of an Internet Routing Protocol , 1998 .

[24] Stephen E. Deering,et al. IPv6 Global Unicast Address Format , 2003, RFC.

[25] Thomas Narten,et al. Neighbor Discovery for IP Version 6 (IPv6) , 1996, RFC.

[26] Gene Tsudik,et al. Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[27] Lakshminarayanan Subramanian,et al. An investigation of geographic mapping techniques for internet hosts , 2001, SIGCOMM 2001.

[28] Stephen E. Deering,et al. Internet Protocol Version 6 (IPv6) Addressing Architecture , 2003, RFC.

[29] Iesg. IAB/IESG Recommendations on IPv6 Address Allocations to Sites , 2001 .

[30] Hugo Krawczyk,et al. A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[31] George Danezis,et al. Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[32] Silvio Micali,et al. Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[33] Paul F. Syverson,et al. Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[34] Douglas R. Stinson,et al. Some Observations on the Theory of Cryptographic Hash Functions , 2006, Des. Codes Cryptogr..

[35] Thomas Narten,et al. IPv6 Stateless Address Autoconfiguration , 1996, RFC.

[36] Christian Huitema,et al. Routing in the Internet , 1995 .

[37] Yakov Rekhter,et al. BGP/MPLS VPNs , 1999, RFC.

[38] Mihir Bellare,et al. The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[39] Michael Alan Caplinger,et al. Cover story: they know where you are , 2003 .

[40] Dan S. Wallach,et al. Wireless LAN location-sensing for security applications , 2003, WiSe '03.

[41] Ian Goldberg,et al. A pseudonymous communications infrastructure for the internet , 2000 .