Enhancing Privacy with Shared Pseudo Random Sequences
Protecting users’ privacy is essential for turning networks and services into trustworthy friends. Many privacy enhancing techniques, such as anonymous e-cash and mix-nets, have been proposed to make users more comfortable in their network usage. These techniques, in turn, usually rely on very basic security mechanisms, e.g., confidentiality protection, for their realization. But these mechanisms are also used for other security related reasons.
In this paper, we make some new observations on how security can degrade privacy. For example, using security as a component of an advanced privacy enhancing technique may not have the effect we expect; i.e., too careless application of security may defeat the assumed privacy gains. In particular, introducing new identifiers may make it easier to track users. This effect is especially harmful to mobile users. Even in cases when privacy is not the main driver for the use of security, we believe that identifiers require special attention in some circumstances.
We propose a mechanism, which we call to allow the communicating parties to continuously change the identifiers they use, without any signalling and without adverse affects on realibility or security.
KeywordsPseudo Random Sequence Extensible Authentication Protocol Hash Chain Enhance Privacy Acknowledgement Number
Unable to display preview. Download preview PDF.
- 1.Aboba, B., Beadles, M.: The Network Access Identifier. RFC 2486, IETF (January 1999)Google Scholar
- 2.Arkko, J., Haverinen, H.: Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). Internet Draft draft-arkko-pppext-eap-aka-15.txt (Work In Progress), IETF (December 2004)Google Scholar
- 4.Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. RFC 3775, IETF (June 2004)Google Scholar
- 5.Haverinen, H., Salowey, J.: Extensible Authentication Protocol Method for GSM Subscriber Identity Modules (EAP-SIM). Internet Draft draft-haverinen-pppext-eap-sim-16.txt (Work In Progress), IETF (December 2004)Google Scholar
- 6.Josefsson, S., Palekar, A., Simon, D., Zorn, G.: Protected EAP Protocol (PEAP). Internet Draft draft-josefsson-pppext-eap-tls-eap-07.txt (Work In Progress), IETF (October 2003)Google Scholar
- 7.Kaufman, C. (ed.): Internet Key Exchange (IKEv2) Protocol. Internet Draft draft-ietf-ipsec-ikev2-14.txt (Work In Progress), IETF (May 2004)Google Scholar
- 8.Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol RFC 2401, IETF (November 1998)Google Scholar
- 9.Koodli, R., Devarapalli, V., Flinck, H., Perkins, C.: Solutions for IP Address Location Privacy in the presence of IP Mobility. Internet Drafy draft-koodli-mip6-location-privacy-solutions-00.txt (Work in Progress), IETF (February 2005)Google Scholar
- 10.Narten, T., Draves, R.: Privacy Extensions for Stateless Address Autoconfiguration in IPv6 RFC 3041, IETF (January 2001)Google Scholar
- 12.European Telecommunications Standards Institute. Digital cellular telecommunication system (Phase 2); Security related network functions. GSM Technical Specification GSM 03.20 (ETS 300 534) (August 1997)Google Scholar