2G1319 Communication Systems Design Department of Microelectronics and Information Technology, KTH csd2002-ipv6privacy@2g1319.ssvl.kth.se MIX Network for Location Privacy First Draft O. Sirovatcenko April 27, 2002 Contents 1 Introduction 2 2 Mobility Support 2 3 Location Privacy and MIX Network 3 4 Conclusions 6
1 Introduction Location-based services bring many advantages, new services, and applications, but at the same time they also bring many risks to individuals. The location information availability may reveal information of strategic use, e.g. location of governmental buildings, military collocation where the location is almost as important and useful as the contents of transited messages. In this report an attempt is made to solve the location privacy by using the MIX technology. In Section 2 background information of the mobility support is presented. This information will be used in Section 3, where the location privacy will be analyzed. 2 Mobility Support A mobile node, MN, is always associated with its home address managed by the Home Agent, HA, independently of the MN attachment point. Additionally, it is also addressable by one or more care-of addresses. A care-of address is an IP address associated with a MN in a particular foreign network. Care-of address is required through stateless or stateful, e.g. DHCPv6 [?], Address Autoconfiguration, according to the methods of IPv6 Neighbor Discovery or other methods. When a mobile node moves from one care-of address to a new care-of address on a new link, it is desirable for packets arriving at the previous care-of address to be tunnelled to the current mobile node s care-of address. To provide the location privacy, the MN identity such as the IP address should be hidden. The main task is to hide the care-of address of the MN. There are several threats related to location privacy and the mobility support. Some of them are listed below. Standard Mobile IP: HA can fully track MNs, since it binds the care-of address and the real IP address of the MN. This case will be considered in more details in the subsequent section. Mobile IP with route optimization: route optimization is a fundamental part of the protocol, i.e. it is not an optional parameter as in Mobile IPv4. This functionality allows the direct routing from any correspondent node to any MN, without the need to pass through the mobile node s home network and be forwarded by its HA. In this case the correspondent node is aware of the IP address of the MN. Thus, this functionality should be avoided when the location privacy is of great importance. Both these cases are depicted in Fig. 1. 2
Home Agent Home Network Internet Mobile Anchor Point Carrier IP Network Route Optimization Functionality Tunneled packets Binding Update message Correspondent Node Transmitted packets Figure 1: Mobility support 3 Location Privacy and MIX Network In this section basic analysis regarding location privacy on the standard Mobile IP is conducted. To guarantee the location privacy, i.e. to hide any identity information (mainly, the IP address of the MN ), the relation between the care-of address and the IP address on the home network should be camouflaged. The MIX technique [5] can be used to solve this problem. As is mentioned in the Project Plan [2], one aspect in the location privacy is that neither the home network nor the corresponding node should know where the mobile host is located. To hide the location of the MN from the home network, the MIX network can be introduced between the home network and the network a MN is roaming in, see Fig. 2. As is stated in Section 2, the corresponding node knows about the MN location if the route optimization functionality is used. In other cases, the information is transmitted via the HA. Additionally [2], the network in which the mobile host is roaming in should not know what home network the host belongs to. According to [1], the definition of location 3
Home Agent Home Network MIX Network Internet Mobile Anchor Point Carrier IP Network Figure 2: Location hiding with MIX network Correspondent Node privacy also assumes that no third-party, or eavesdropper, should be able to intercept who the communicating parties are. Both issues, mentioned above are also addressed in the MIX technique which provides sender and receiver unlinkability. Below, an attempt is made to apply the MIX technique for location privacy protection. The analysis is based on the simplified network depicted in Fig. 3, where only 3 MIXes are used for simplicity. First, the address binding should be protected to guarantee that neither the MN nor HA know the location of each other and their relationship. Thus, the care-of address (return address) should be untraceable. The untraceability is managed as follows [5]. The MN sends encrypted care-of address to the HA. Based on the MIX technique developed by D. Chaum, the untreacable return address (care-of address) is: URA = A 1, K 1 (R 1, A 2, K 2 (R 2, A 3, K 3 (R 3, care-ofaddress))) where A i is the address of the MIX i, K i stands for the public key of the MIX i, and R i is the random string used by the MIX i. In this case, the HA stores the URA instead of the implicit care-of address. Since the MIX technique ignores the repeats of messages 1, the URA can be used once. To support 1 This functionality is used to prevent reply attacks. 4
MIX network MIX 3 MIX 2 MIX 1 Home Agent Figure 3: Simplified Network continuous contact with the MN, new URA should be sent to HA after each transmission. When the corresponding node tries to connect to the MN via HA, say sending CN request message, the HA has only the address of the first MIX, A 1, from URA and no other routing information is available. The HA sends the following set towards the MN : {URA, CN request }. The CN request is the symmetric encryption trough the MIXes based on the R i : CNR = R 3 (R 2 (R 1 (CN request ))) where CNR is the encoded message that also is the output of the last MIX (the care-of address is also decrypted by the last MIX). When the MN receives CNR, it decrypts the message with the stored R i. Another problem arises when the MN moves from one attachment point to another. As mentioned in Section 2, all packets arriving at the previous care-of address should be tunnelled to the MN s current care-of address. One admissible solution could be to transmit a set of the care-of addresses that the MN could use. In order to store this set, the hash function H can be used [6]. The HA stores the hash value h of the transmitted set, i.e. h = H(URA), and the URA. The hash function is often used in cryptography. Its most valuable properties are: The input can be of any length The output has a fixed length Relatively easy to compute for any given input value Is collision-free It should however be noted that there can be one potential security problem with seamless roaming. When the MN moves from one foreign network to another, for some time there could be wireless communication as is shown in Fig. 4. Although important in its own rights, this issue will not be considered in this report. The reader can refer to the project entitled Security and Availability for Wireless Communication for further details. 5
Base Station Figure 4: on the move 4 Conclusions In this report the the MIX technology was used to guarantee the untraceability of sender and receiver when the mobility support is necessary. The care-of address of the mobile node is encrypted by the MIX cascade and transmitted to the home agent where the encryption is stored and used in case if the request is received from the correspondent node. This approach ensures that the local mobile node address is not known to the home network. Additionally, it was noticed that the route optimization functionality should be avoided if the location privacy is of interest. Generally, care should be exercised when using the route optimization, as the correspondent node has a direct path to the mobile node. A cascade of MIXes was used to increase the reliability of the system 2. If not all MIXes are attacked, the system with a MIX cascade can safeguard the traffic analysis. 2 Proper implementation and trustworthy of a single MIX can assure untraceability of the sender and receiver. 6
References [1] A. Escudero, Anonymous and Untraceable Communications: Location Privacy in Mobile Internetworking, May 2001 [2] Privacy in IPv6 Project, Project Plan, http://2g1319.ssvl.kth.se/ csd2002- ipv6privacy/documents/index.htm, 2002 [3] D. B. Johnson, C. Perkins, Mobility Support in IPv6, http://www.ietf.org/internetdrafts/draft-ietf-mobileip-ipv6-16.txt, 2002 [4] J. Bound, M. Carney, C. Perkins, R. Droms(ed.), Dynamic Host Configuration Protocol for IPv6 (DHCPv6), http://autoconf.krv6.net/doc/draft/draft-ietf-dhc-dhcpv6-17.txt, 2001 [5] D. Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms, http://world.std.com/ franl/crypto/chaum-acm-1981.html, 1981 [6] C. Kaufman, R. Perlman, M. Speciner, Network Security. Private Communication in a Public World, Prentice-Hall, Inc., 1995 7