IETF Logo Mail Archive

Re: [Ila] [DMM] Fwd: New Version Notification for draft-herbert-ila-mobile-00.txt

Tom Herbert <tom@quantonium.net> Tue, 06 February 2018 06:02 UTC

Return-Path: <tom@quantonium.net>
X-Original-To: ila@ietfa.amsl.com
Delivered-To: ila@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28276126BFD for <ila@ietfa.amsl.com>; Mon, 5 Feb 2018 22:02:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=quantonium-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IBshnmhAc_DT for <ila@ietfa.amsl.com>; Mon, 5 Feb 2018 22:02:13 -0800 (PST)
Received: from mail-wr0-x230.google.com (mail-wr0-x230.google.com [IPv6:2a00:1450:400c:c0c::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84B851200C1 for <ila@ietf.org>; Mon, 5 Feb 2018 22:02:12 -0800 (PST)
Received: by mail-wr0-x230.google.com with SMTP id 41so664592wrc.9 for <ila@ietf.org>; Mon, 05 Feb 2018 22:02:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=jGkrxU2P3aYHfTtaAbGDDSxlQUkuzgdpWyTQYnpHeXg=; b=DR9hBOPpUC88RiDZYzxZ+kIk9fDAhlNufefNzEZRKcNACoMvpu5EnO3llnEQGHTfrf /USGsVKXvzDlqs1HePHQ9dCn4rjAKT0mqcmx6LbzmjobymmJ6UqFYj1sQf4Xw7nTorcd XJsi0UnJEy5A4F7I3rXoCNdIcDl5YR2ri6eCAgxnsB18N5qJaIWl3VKLIQlS1pUAcwQr NeavVOxawYl436anzoh142Sif52aG6fm9GLOTZoNxF4afqPd1bqBf/8JfGXeDoipNX5P vBmpTH1dtPYu46eUh0nXR+sDHZACQ26ryO/3k2tkiO779x6X5NyQPBpriXUV2jH5Ztl3 Z61A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=jGkrxU2P3aYHfTtaAbGDDSxlQUkuzgdpWyTQYnpHeXg=; b=r08wpvYRM6hry7suNKxGrGrizZ/rRsn7IU5nxKPhBo6/x/mXHCeX1qQTkmRTjCbCm8 OGt1VlC5o9buyPVchFbRfHOFwxT5N9kL7hybS4kLWf/SiO10D1+oMsoqOAsIyyJDqxwV nda54NLs2IpzPfSM2R8XupRMojDHDHoOtFo0rBf27bYE7A/monJe/+xiMuW8Q0yobpId 2eod3kOnkmoQdgCCc7xTA4hLLF8RKG4gDSclkoA+txUKZzW8X9rm0Df331sjfjPeprFM fiOeNKv1Wt1zaFegtQVgMJhLpJOTssqOUwiJPbmWC7KIE1cXhhRSCHPjEgbzPIY9arrR dAdg==
X-Gm-Message-State: APf1xPB0Qi5G1R+Te1MlbGGIcpDhaETwhmdUluRw5LTtxHBPkxDS8WZl narSMVQMdX1mGKIs9uBqkEdP0tmmJck/OErjlCOfMg==
X-Google-Smtp-Source: AH8x226LDVe2h8HiImErW+LthunVMJaW+p4suX9izGxPObcKoWOcOub5TRLana3Tz9mxqmoXiHxry9WW6XpKbnOxNbQ=
X-Received: by 10.223.130.234 with SMTP id 97mr1019636wrc.144.1517896930975; Mon, 05 Feb 2018 22:02:10 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.173.66 with HTTP; Mon, 5 Feb 2018 22:02:10 -0800 (PST)
In-Reply-To: <CAKD1Yr14D+8dv=Hj=4c+aQvLVUN1hS9TPST+T0tgpmYAW8ncVg@mail.gmail.com>
References: <151750859755.24445.6929673804211867286.idtracker@ietfa.amsl.com> <CAPDqMerbX4UJ-mK-A-f=im=1h0Yz-52QfWLLgVDkybtSShNp5Q@mail.gmail.com> <CAKD1Yr0Xpi=3mn8VfQ3eRm4ZWWDfYd10e+y3EUcY2rX-FaYbXw@mail.gmail.com> <CAPDqMepxQcDhx2gE3cNtGewaYeYD1Gw+XCxz2U2okBf7kaxFcw@mail.gmail.com> <CAKD1Yr14D+8dv=Hj=4c+aQvLVUN1hS9TPST+T0tgpmYAW8ncVg@mail.gmail.com>
From: Tom Herbert <tom@quantonium.net>
Date: Mon, 05 Feb 2018 22:02:10 -0800
Message-ID: <CAPDqMeq4CN_v6Aycb=jqEAttq+teUaVYpxyn8WL-6rV8jtHQzg@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
Cc: dmm <dmm@ietf.org>, ila@ietf.org
Content-Type: multipart/alternative; boundary="001a114b2dce60761b056484eb42"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ila/nCN2zjYHLdGDF-33u4LJv5D3dE8>
Subject: Re: [Ila] [DMM] Fwd: New Version Notification for draft-herbert-ila-mobile-00.txt
X-BeenThere: ila@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Identifier Locator Addressing <ila.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ila>, <mailto:ila-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ila/>
List-Post: <mailto:ila@ietf.org>
List-Help: <mailto:ila-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ila>, <mailto:ila-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Feb 2018 06:02:15 -0000

On Mon, Feb 5, 2018 at 9:22 PM, Lorenzo Colitti <lorenzo@google.com> wrote:

> On Tue, Feb 6, 2018 at 2:17 PM, Tom Herbert <tom@quantonium.net> wrote:
>
>> Section 8.3 provides the argument that singleton addresses are needed for
>> privacy-sensitive communications. For practicality and probably scaling /64
>> is needed, however for strong privacy singleton addresses would be needed
>> (to avoid resorting to NAT).
>>
>
> You don't need singletons for privacy. You can just assign /64s that
> change over time.
>

Yes, that seems to be the recommendation of RFC4914. However, neither that
RFC nor anyone else that I can tell has been able to quantitatively
describe the relationship between frequency of changing prefix and privacy.
Any statements about this are qualitative in nature. By intuition, it might
be believable that higher frequency should mean better privacy, but nobody
can quantify that. So for a user where privacy is paramount, my example is
a political dissident that is anonymously criticizing their government,
there is no definitive answer to give then when they ask what frequency
they need to ensure their privacy. Besides that, I believe that any
frequency could be defeated with the postulated exploit below (if you see a
flaw in this logic please let me know).

Actually, there is one frequency where the privacy effects can be
qualified: that is to use a different address per connection. This is
effectively what stateful NAT provides and why law enforcement doesn't like
it. With a large enough pool of users behind a NAT, flows sourced form the
same device cannot be correlated by a third party in external network. This
is strong privacy privacy in addressing (properties listed in 8.3). In lieu
of telling the political dissident to find a provider using NAT, assigning
addresses for singe use can provide it. Assigning a /64 to every flow won't
scale, but singleton addresses could.

----

The following exploit is proposed to defeat the privacy goal of periodic
address rotation:


   -

   The attacker creates an “always connected” app that provides some
   seemingly benign service and users download the app.
   -

   The app includes some sort of persistent identity. For instance, this
   could be a login to account.
   -

   The backend server for the app logs the user identity and IP address
   they are using each time they connect.
   -

   When an address change happens, existing connections on the user device
   are disconnected. The app will receive a notification and immediately
   attempt to reconnect using the new source address.
   -

   The backend server will see the new connection and log the new IP
   address as being used by the user.
   -

   Thus, the server has a real-time record of users and the IP address they
   are using.
   -

   The attacker gains access to packet traces taken at some point in the
   Internet. The addresses in the captured packets can be time correlated with
   the server database to deduce the identity of the source of packets for
   flows communications unrelated to the app.

Tom

v2.23.0 | Report a Bug | By Email