IETF Logo Mail Archive

Re: Address privacy

Gyan Mishra <hayabusagsm@gmail.com> Tue, 28 January 2020 16:53 UTC

Return-Path: <hayabusagsm@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08BAF12003E for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 08:53:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EOY_jmsfo3ca for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 08:53:54 -0800 (PST)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD175120020 for <ipv6@ietf.org>; Tue, 28 Jan 2020 08:53:54 -0800 (PST)
Received: by mail-io1-xd32.google.com with SMTP id n11so15063786iom.9 for <ipv6@ietf.org>; Tue, 28 Jan 2020 08:53:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2Os0juDAbygDXrXaPQ/n20pBe0tW8NGwasoojb6WP2Q=; b=FeuffM4o2QYnu1Byprp0njiLNuXqr1O6YFQzdP6Invt4AbNWUEC1yW2ai6SByHqqPx mNJnEzIvgUiFF4YEEGwekmEQX9h/ml3U1C5DHcIntLdzvtVc2uFHSLFj0JJy2oEHM/sx c7WJ1k6dgvSAMPMjwoVxGnhyxx0Ii2r5yb14rz30qDHVlWxsjxXJ+GrKn4Zw4cI0SOIa KbPDst4kAv4B5H7/IAMIK6n3y7f161RU908UQtE/1/AjeYhlE1IxgG7qLajeB/By/T/6 iQMZFKwFk2JYFe9Jhg28KEcyTM+GsF+IZWuN8pbSm++i3n0bDOXhdD+SNjTuhwNXUbS3 DlaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2Os0juDAbygDXrXaPQ/n20pBe0tW8NGwasoojb6WP2Q=; b=JTxwJjixDsUHm2Z4BTbbhA6oxF0u62vdnyNyf/FPD+022k/SM9+SSN8qRDpF+EJELX pRzFcuFBLur6XHQZuC3viZJr11s5BGsmnKrmHbdIPThnZu80VVh/FpqlbpbECr6k/QjP 9SDd2WV1N61wx1gqFOVfCeDCcUOiKdEFWSikyOqizdiaN+UWoeaij5Xc5LAPZxkolVw3 kavdbCL8TbVzx/bLm5SqppipAc/ZogI86kgfUCH5EpPSGkHVTnKcWRJWgdg+H2STBrU3 66b7mByl4PzHfNvRnbiDY31kEQ3TG3XuVcLaa5zaWDLZoe3Ytmth5qQxE5x/m+so2lXH S8tQ==
X-Gm-Message-State: APjAAAXFjG6VJuRE+IHeZhOcW71fTgcBwECn/5Dnd1SdlH5zot/A7TkN jLDX1D5Kw7bDE7WFQqHCZXGjWUX+kWUNxtsnmIysLYld
X-Google-Smtp-Source: APXvYqwZ4shJN0UOLUL5YJwE/HGtNmI/MxrLl0z+nrnc3VAt1sMaZ7+MHgUTWlT9RKnWE65FisLJchV50F10Yh8QUpU=
X-Received: by 2002:a05:6602:3:: with SMTP id b3mr18038987ioa.205.1580230433843; Tue, 28 Jan 2020 08:53:53 -0800 (PST)
MIME-Version: 1.0
References: <b606d8b0-b83d-1926-1cea-8165a1800c20@si6networks.com> <DB9D43C2-BE65-4DC0-AE25-E62E27569E90@gmail.com> <cfa3183b-76c3-a504-aba7-673d6d904f9b@si6networks.com>
In-Reply-To: <cfa3183b-76c3-a504-aba7-673d6d904f9b@si6networks.com>
From: Gyan Mishra <hayabusagsm@gmail.com>
Date: Tue, 28 Jan 2020 11:53:43 -0500
Message-ID: <CABNhwV1JnbcKvMdR2m0mHpgSQpU061VFYkft4FWp109X3Kw77w@mail.gmail.com>
Subject: Re: Address privacy
To: Fernando Gont <fgont@si6networks.com>
Cc: 6man WG <ipv6@ietf.org>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000ac2c9e059d3611c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/uTVHdBejRt1yyXWyJVGNM-driDA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 16:53:57 -0000

On Tue, Jan 28, 2020 at 11:12 AM Fernando Gont <fgont@si6networks.com>
wrote:

> On 28/1/20 04:31, Gyan Mishra wrote:
> >
> >
> > Sent from my iPhone
> >
> >> On Jan 27, 2020, at 8:36 PM, Fernando Gont <fgont@si6networks.com>
> wrote:
> >>
> >> On 26/1/20 21:05, Gyan Mishra wrote:
> >>> On Sun, Jan 26, 2020 at 5:00 PM Brian E Carpenter
> >>> <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>>
> wrote:
> >> [....]
> >>> 1.  End user privacy on mobile device connected at home or
> >>> 2.  End user privacy within an enterprise- non existent as IT
> >>> security and availability for mission critical applications -IPv6
> >>> stability and tracking ability is the primary objective.
> >>> Happy medium achieved:
> >>> For both scenarios following RFC 4941 disabling the temporary address
> >>> and keeping the modified EUI-64 random IID - provides both privacy
> >>> with MD5 randomized IID - and with the IID only changing with
> >>> mobility when you receive an new RA for SLAAC with mobility from a
> >>> different subnet which is what we want from and IT stability
> >>> perspective.  If you reboot with permanent storage as most devices
> >>> have the IID does not change as long as the prefix is the same.
> >>
> >> Not sure what you mean. THe algorithm that windows was using for
> >> stable addresses was rfc4941 without regeneration. SO essentially they
> >> generate a random number, and use it instead of the mac address.
> >>
> >> The resulting IIDs have all the same privacy issues as traditional
> >> slaac addresses, except that they cannot be address-scanned because
> >> they don't follow any patterns.
> >>
> > Gyan> See Microsoft link below stating that windows follows RFC 4941 and
> > supports random IID for incoming connections and regeneration of
> > temporary addresses for outgoing connections.
> >
> >
> http://download.microsoft.com/download/F/D/F/FDF4CF55-5FDE-4CFF-8539-3662BB5EB7A0/TD13Basel2-43.pptx
> >
> > Beginning with Windows Vista and Windows Server 2008, a randomized
> > method is utilized to determine the Interface ID instead of EUI-64
>
> That's better that EUI-64, but still bad. Windows employs constant IIDs,
> that allow host tracking across networks.
>
> Gyan> Windows does employ the privacy extension for rolling temporary
> address which addresses anonymity by using the temporary address for
> outgoing connections and the stable random IID for incoming connections.
> In RFC 4941 the analogy is given that use of stable IID for incoming
> connections is analogous to publishing your phone number in the white pages
> and using the temporary address for outgoing connections is analogous to
> caller id block.
>
> {...]
> >
> > Are you aware of this vulnerability with RFC 4941 privacy algorithm and
> > why OS vendors started using random numbers versus the privacy
> > algorithm, which maybe why Microsoft started doing the same - using
> > random number.
>
> You are mixing things up.

  Gyan>  Please read the link for RIPE below regarding the RFC 4941 privacy
algorithm vulnerability.  Both links state the vulnerability with the
existing algorithm.

>
>
> Microsoft started using randomized IIDs because there was no alternative
> to MAC-based IIDs (such as RFC7217). So tey were proactive, and did
> something to mitigate address scanning attacks.



>     Gyan> Understood.  As stated above from the links below Microsoft and
other OS vendors moved to using their own random number generator schema
due to the RFC 4941 algorithm vulnerability for both the interface IID and
temporary address privacy extension.

>
> Temporary addresses are unrelated with stable addresses. They are about
> mitigating activity correlation over time.
>
> Understood.  I am on the same page as you.  Just want to be clear that as
> you are aware that Microsoft implemented both the “stable” interface random
> IID

   for incoming connections and the privacy     extension temporary rolling
address for outgoing connections.

>
> >
> >
> https://labs.ripe.net/Members/johanna_ullrich/ipv6-addresses-security-and-privacy
> >
>
> This is all fixed in rfc4941bis. In fact, Johanna reviewed rfc4941bis,
> IIRC.
>
>
>
> > Here is another article that talks about RFC 4941 privacy algorithm
> > vulnerabilities.
> >
> >
> https://publications.sba-research.org/publications/Ullrich2015Privacy.pdf
> >
> > Do you think we should start this algorithm vulnerability in RFC 4941bis
> > draft?
>
> I don't think that would be of much use for this I-D. We could add a
> note such as:
> "This document addresses a number of flaws discovered in RFC4931
> [references], and formally obsoletes RFC4941."
>
> At the end of the day, it's always better to give copius credit than to
> offer half baked explanations.
>
> I've just realized that the ref to Johanna's paper was lost when we
> switched from  to rfc4941bis.
>
> FWIW, the ref is:
>     [RAID2015]
>                Ullrich, J. and E. Weippl, "Privacy is Not an Option:
>                Attacking the IPv6 Privacy Extension",  International
>                Symposium on Recent Advances in Intrusion Detection
>                (RAID), 2015, <https://www.sba-research.org/wp-
>                content/uploads/publications/Ullrich2015Privacy.pdf>.
>


   Gyan> So you will get the text language updates into the current version
of 4941bis that was dropped from Johanna’s paper.  I will stand down on
adding updates to GitHub asked by Ole as we are on the same page now, and
you will be updating.

>
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> --

Gyan  Mishra

Network Engineering & Technology

Verizon

Silver Spring, MD 20904

Phone: 301 502-1347

Email: gyan.s.mishra@verizon.com

v2.23.0 | Report a Bug | By Email