Abstract
There is a growing concern with preventing unauthorized agents from discovering the geographical location of Internet users, a kind of security called location privacy. The typical deployments of IPv6 in mobile networks allow a correspondent host and any passive eavesdroppers to infer the user’s rough geographical location from the IPv6 address. We present a scheme called Cryptographically Protected Prefixes (CPP), to address this problem at the level of IPv6 addressing and forwarding. CPP randomizes the address space of a defined topological region (privacy domain), thereby making it infeasible to infer location information from an IP address. CPP can be deployed incrementally. We present an adversary model and show that CPP is secure within the model. We have implemented CPP as a pre-processing step within the forwarding algorithm in the FreeBSD 4.8 kernel. Our performance testing indicates that CPP pre-processing results in a 40–50 percent overhead for packet forwarding in privacy domain routers. The additional end to end per packet delay is roughly 20 to 60 microseconds.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ackerman, L., Kempf, J., Miki, T.: Wireless Location Privacy: Current State of U.S. Law and Policy. In: Proceedings of the Workshop on Privacy, Washington DC (2003)
Berthold, O., Federrath, H., Kospell, S.: Web Mixes: A System for Anonymous and Unobservable Internet Access. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 115. Springer, Heidelberg (2001)
Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24 (1981)
Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: IEEE Symposium on Security and Privacy, pp. 2–15 (2003)
Deering, S., Hinden, R.: Internet Protocol Version 6 (IPv6) Specification. RFC 2460 (1998)
Hinden, R., Deering, S.: Internet Protocol Version 6 (IPv6) Addressing Architecture. RFC 3513 (2003)
Hinden, R., Deering, S., Nordmark, E.: IPv6 Global Unicast Address Format. Internet draft (work in progress)
Droms, R. (ed.): Dynamic Host Configuration Protocol for IPv6 (DHCPv6). Internet Draft (work in progress)
Dijkstra, E.: A Note on Two Problems in Connection with Graphs. Numerische Mathematic 1, 269–271 (1969)
Escudero, A., Hedenfalk, M., Heselius, P.: Flying Freedom: Location Privacy in Mobile Interworking. Proceedings of INET (2001)
Freedman, M., Morris, R.: Tarzan: A Peer-to-Peer Anonymizing Network Layer. CCS (2002)
Goldberg, I.: A Pseudonymous Communications Infrastructure for the Internet. PhD dissertation, University of California, Berkeley (2000)
Gulcu, C., Tsudik, G.: Mixing E-mail with Babel. Network and Distributed Systems Security Conference, 2–16 (1996)
IAB, IESG.: IAB/IESG Recommendations on IPv6 Address Allocations to Sites. RFC 3177 (2001)
Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. Internet draft (work in progress)
Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (1998)
Moy, J.T.: OSPF: Anatomy of an Internet Routing Protocol, p. 345. Addison Wesley, Reading (1998)
Narten, T., Nordmark, E., Simpson, W.: Neighbor Discovery for IP Version 6 (IPv6). RFC 2461 (1998)
National Institute of Standard and Technology.: Specification for the Advanced Encryption Standard (AES). FIPS 197 (2001)
Reiter, M., Rubin, A.: Crowds: Anonymity for Web Transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)
Rosen, E., Rekhter, Y.: BGP/MPLS VPNs. RFC 2547 (1999)
Soliman, H., Castelluccia, C., El-Malki, K., Bellier, L.: Hierarchical Mobile IPv6 mobility management (HMIPv6). Internet draft (work in progress)
Song, R., Korba, L.: Review of Network-based Approaches for Privacy. In: 14th Annual Canadian Technology Security Symposium (2002)
Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous Connections and Onion Routing. In: IEEE Symposium on Security and Privacy, pp. 44–54. IEEE CS Press, Los Alamitos (1997)
Thomson, S., Narten, T.: IPv6 Stateless Address Autoconfiguration RFC 2462 (1998)
Warrior, J., McHenry, E., McGee, K.: They Know Where You Are. IEEE Spectrum 50(7), 20–25 (2003)
Yabusaki, M., Hirata, S., Ihara, T., Kawakami, H.: IP2 Mobility Management. NTT DoCoMo Technical Journal 4(4), 16–22 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Trostle, J., Matsuoka, H., Tariq, M.M.B., Kempf, J., Kawahara, T., Jain, R. (2005). Cryptographically Protected Prefixes for Location Privacy in IPv6. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_10
Download citation
DOI: https://doi.org/10.1007/11423409_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26203-9
Online ISBN: 978-3-540-31960-3
eBook Packages: Computer ScienceComputer Science (R0)