Re: [Mobopts] Review of draft-irtf-mobopts-location-privacy-solutions-06

"QIU Ying" <qiuying@i2r.a-star.edu.sg> Wed, 07 November 2007 11:22 UTC

Return-path: <mobopts-bounces@irtf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpizV-00089c-0k; Wed, 07 Nov 2007 06:22:37 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpizS-00087m-1B for mobopts@irtf.org; Wed, 07 Nov 2007 06:22:34 -0500
Received: from rodin.i2r.a-star.edu.sg ([192.122.139.27]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IpizK-0003bZ-3H for mobopts@irtf.org; Wed, 07 Nov 2007 06:22:34 -0500
Received: from rodin.i2r.a-star.edu.sg (unknown [127.0.0.1]) by IMSA (Postfix) with ESMTP id E46D413B6CB; Wed, 7 Nov 2007 19:21:04 +0800 (SGT)
Received: from mailfe01.teak.local.net (unknown [192.122.134.9]) by rodin.i2r.a-star.edu.sg (Postfix) with ESMTP id D4F2E13B665; Wed, 7 Nov 2007 19:21:04 +0800 (SGT)
Received: from precision5570 ([192.168.137.163]) by mailfe01.teak.local.net with Microsoft SMTPSVC(6.0.3790.1830); Wed, 7 Nov 2007 19:21:27 +0800
Message-ID: <0d6f01c82130$2c8d8c80$a389a8c0@precision5570>
From: "QIU Ying" <qiuying@i2r.a-star.edu.sg>
To: <mobopts@irtf.org>, "Vijay Devarapalli" <vijay.devarapalli@azairenet.com>
References: <C35630AE.1D18C%rajeev.koodli@nokia.com>
Subject: Re: [Mobopts] Review of draft-irtf-mobopts-location-privacy-solutions-06
Date: Wed, 7 Nov 2007 19:20:16 +0800
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-OriginalArrivalTime: 07 Nov 2007 11:21:27.0982 (UTC) FILETIME=[56E16CE0:01C82130]
X-Spam-Score: -96.5 (---------------------------------------------------)
X-Scan-Signature: 848ed35f2a4fc0638fa89629cb640f48
Cc: Fan Zhao <fanzhao@marvell.com>
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
Errors-To: mobopts-bounces@irtf.org

Hi, Vijay

Thanks for your reviewing this draft. As per your 5 comments on section 5, 
below is my reply.


1. I am not sure why section 5 is needed at all.

R:  The target of the solution in section 4 is to hide MN's HoA from 
eavesdroppers. The solution uses the original RR procedure. So the CN could 
always bind the real HoA and CoA. It implies that CN can always track the MN 
movement.  Moreover an eavesdropper on path HA-CN can know at least that the 
MN is outside of home network by capturing the HoTI message.

Contrastively, the solution in section 5 tries to hide its real HoA from 
everyone, even from the CN.

2. There is absolutely no need to generate a pseudo home address with the 
home agent. The MN can always use ESP in tunnel mode for MIPv6 signaling 
messages and hide the home address from the access link.

R:  The pseudo home address is not generated for the home agent. It ensures 
that the RR procedure can be processed as usual and that not reveal real 
HoA.

3. Section 5 also does not take into account scenarios where there might not 
be a shared key between the MN and the HA.

R: All of our proposals are focused on IP layer. In this case, all of the 
session keys have been established and shared already. The process of 
establishing the session keys on the upper layer, such as IKE, which is 
beyond our scope.

4. It also does not account for scenarios where the home agent allocates a 
home address for the mobile node as part of MIPv6 bootstrapping.

R: Again, the purpose of these solutions is to protect the location privacy 
in IP layer. No matter how to allocate the home addresses, either stateful 
or stateless, the roles of home address in IP layer are the same - to 
identify the mobile nodes.  Therefore, how to allocate home address does not 
affect the solution.

5.  I suggest removing sections 5.1, 5.2 and 5.3.

R: As above reasons, the answer is definitely NO :-)


Regards and Thanks
Qiu Ying



----- Original Message ----- 
From: "Rajeev Koodli" <rajeev.koodli@nokia.com>
To: "QIU Ying" <qiuying@i2r.a-star.edu.sg>sg>; "Fan Zhao" <fanzhao@marvell.com>
Sent: Wednesday, November 07, 2007 6:54 AM
Subject: FW: [Mobopts] Review of 
draft-irtf-mobopts-location-privacy-solutions-06


>
> Qiu Ying and Fan,
>
> I hope you can answer Vijay's questions about Section 5.
>
> Thanks,
>
> -Rajeev
> -- 
> http://people.nokia.net/~rajeev
>
>
>
> ------ Forwarded Message
> From: ext Vijay Devarapalli <vijay.devarapalli@azairenet.com>
> Date: Mon, 05 Nov 2007 14:28:33 -0800
> To: <mobopts@irtf.org>rg>, QIU Ying <qiuying@i2r.a-star.edu.sg>sg>, Fan Zhao
> <fanzhao@marvell.com>
> Subject: [Mobopts] Review of
> draft-irtf-mobopts-location-privacy-solutions-06
>
> Hello,
>
> I reviewed the draft. It still needs a lot of work.
>
> Section 4.1
> -----------
> Section 4.1 is not making sense to me. The pseudo home address
> changes every time return routability is run. It also changes
> every time the CoA changes. Why does it have to change so often?
>
> Isn't one pseudo home address per session with a correspondent
> node sufficient?
>
> Shouldn't the following be?
>
>>   privacy keygen token = First (64, Kcn(Home Init Cookie | nonce | 2))
>
> privacy keygen token = First (64, HMAC_SHA1(Kcn, (Home Init Cookie |
>                                     nonce | 2))
>
>>    When a correspondent node receives a Binding Update with a new
>>    destination option carrying the pseudo home address, it must first
>>    compute Kpm as above.
>
> You probably meant "a destination option carrying a new pseudo home
> address". The home address destination option is always present in
> the BU.
>
>>    The computation is similar to how it would
>>    compute Kbm, except that the privacy keygen token is computed with
>>    the home address set to all zeros.
>
> Earlier in section 4.1, the computation of privacy keygen token is
> shown as
>
>    privacy keygen token = First (64, Kcn(Home Init Cookie | nonce | 2))
>
> The home address is not used in this computation. So why is the home
> address set to all zeros?
>
>> The correspondent node then
>>    stores the nonce indices, and Kbm itself.  It may also send a normal
>>    Binding Acknowledgment to the mobile node.
>
> Wouldn't this defeat the purpose? The CN should include the pseudo
> home address in the routing header in the binding ack. What does
> "normal Binding Acknowledgment" mean?
>
>>    The privacy management key Kpm can be the same as the binding
>>    management key Kbm and the mobile node generates the pseudo home
>>    address as follows:
>>
>>       pseudo home address = Enc(Kpm, home address)
>>
>>       Where Enc(.) is a symmetric key encryption algorithm, for example,
>>       AES.
>
> hmm... You would need to pick *an* encryption algorithm and convey
> the same to the CN. How would both ends pick the same algorithm
> otherwise?
>
> Section 5
> ---------
> I am not sure why section 5 is needed at all. There is absolutely
> no need to generate a pseudo home address with the home agent. The
> MN can always use ESP in tunnel mode for MIPv6 signaling messages
> and hide the home address from the access link. I suggest removing
> sections 5.1, 5.2 and 5.3.
>
> Section 5 also does not take into account scenarios where there
> might not be a shared key between the MN and the HA. It also does
> not account for scenarios where the home agent allocates a home
> address for the mobile node as part of MIPv6 bootstrapping.
>
> I stopped reviewing here. :)
>
> Vijay
>
>
>
> _______________________________________________
> Mobopts mailing list
> Mobopts@irtf.org
> https://www1.ietf.org/mailman/listinfo/mobopts
>
> ------ End of Forwarded Message
> 


------------ Institute For Infocomm Research - Disclaimer -------------This email is confidential and may be privileged.  If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.--------------------------------------------------------

_______________________________________________
Mobopts mailing list
Mobopts@irtf.org
https://www1.ietf.org/mailman/listinfo/mobopts