DHCP Anonymity Profile Update

Slides:



Advertisements
Similar presentations
Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Advertisements

Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park
Draft-ietf-dhc-stateless-dhcpv6- renumbering-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
Weakening Aggregated Traffic of DHCP Discover Messages draft-yang-sunset4-weaken-dhcp-00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile
1 DHCP-based Fast Handover protocol NTT Network service systems laboratories Takeshi Ogawa draft-ogawa-fhopt-00.txt 62nd IETF - Minneapolis.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
1 Behcet Sarikaya Frank Xia July 2010 Flexible DHCPv6 Prefix Delegation in Mobile Networks IETF 78
Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.
Lesson 3 Introduction to Networking Concepts Lesson 3.
Draft-asati-dhc-ipv6-autoconfig-address-tracking 1 IETF 86 Rajiv Asati Dan Wing.
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.
DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
1 Behcet Sarikaya Frank Xia Ted Lemon July 2011 DHCPv6 Prefix Delegation as IPv6 Migration Tool in Mobile Networks IETF 81
1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.
DHC WG IETF 55, 11/18/ /18/2002IETF 552 Agenda Administrivia, agenda bashingRalph Droms Use of IPsec for Securing DHCPv4 Messages Exchanged Between.
George Tsirtsis “BURP Requirements behind draft-ietf-dhc-aaa-ra-00.txt”
An OLSR implementation, experience, and future design issues.
Exposing Source IP Address Type Requirements with DHCPv6 D. Moses, A. Yegin draft-moses-dmm-dhcp-ondemand-mobility-00.
DHCP Option for Proxy Server Vijayabhaskar A K DHC WG IETF 59 Seoul.
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
IMPLEMENTING DHCP Chapter 1
IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.
DHCP Option for Configuring IPv6-in-IPv4 Tunnels DHC WG – 59 th IETF S. Daniel Park
Public 4over6: WGLC feedback Peng Wu IETF84. Feedback from WGLC Relationship with stateless 4-over-6 solutions? Different primary targets and application.
IPv4 over IEEE IP CS draft-ietf-16ng-ipv4-over-802-dot-16-ipcs-03 Samita Chakrabarti IP Infusion Syam Madanapalli Ordyn Technologies Daniel Park.
DHCPv6bis update DHC WG, IETF90 draft-dhcwg-dhc-dhcpv6bis-02 Andrew Yourtchenko, Bernie Volz, Marcin Siodelski, Michael Richardson, Sheng Jiang, Ted Lemon,
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
DHCPv4/v6 Proxy IETF 67 DHC WG -- San Diego, USA 5-10 Nov draft-sarikaya-dhc-proxyagent-00.txt.
DHCP options for PAA Status report of draft-ietf-dhc-paa-option-01.txt Lionel Morand IETF-65, Dallas.
IETF-53-IPv6 WG- Cellular host draft 1 Minimum IPv6 Functionality for a Cellular Host Jari Arkko Peter Hedman Gerben Kuijpers Hesham Soliman John Loughney.
IETF-89 (London) DHC WG Meeting Monday, March 3, GMT IETF-89 DHC WG1 Last Updated: 02/27/ EST.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
DHCP Privacy Considerations Tomek Mrugalski IETF90, Toronto IETF-90 DHC WG1.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
CHAPTER 10: DHCP Routing & Switching. Objectives 10.0 Introduction 10.1 Dynamic Host Configuration Protocol v Dynamic Host Configuration Protocol.
Dhc WG 3/2/2004, IETF 59, Seoul. 3/2/2004dhc WG - IETF 59, Seoul2 Agenda Administrivia, Agenda bashing Ralph Droms 05 minutes DHCP Option for Proxy Server.
MPLS-TP Next-Hop Ethernet Addressing draft-fbb-mpls-tp-ethernet-addressing-00 Dan Stewart Matthew
Ip addressing: dhcp & dns
Instructor Materials Chapter 4: Network Addressing
Discussion on DHCPv6 Routing Configuration
Instructor Materials Chapter 6 Building a Home Network
PANA Issues and Resolutions
Unified IPv4-in-IPv6 Softwire CPE: Focus on DHCP IETF 87-Berlin, July 2013 M. Boucadair & I. Farrer.
While deploying DHCPv6 at CERN…
Lionel Morand DHCP options for PAA Lionel Morand
Chapter 10: DHCP Routing & Switching Chapter 10: DHCP
Experience with MAC Address Randomization in Windows 10
Introduction to Computers
DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers
draft-ietf-geopriv-lbyr-requirements-02 status update
Radius Attribute for MAP draft-jiang-softwire-map-radius-03
Link Layer Addresses Assignment Mechanism for DHCPv6
P802.11aq Waiver Request Additional Information
Allocating IP Addressing by Using Dynamic Host Configuration Protocol
Ip addressing: dhcp & dns
Network Addressing.
Qin Wu Zhen Cao Yang Shi Baohong He
What’s New In WatchGuard Wi-Fi Cloud v8.6
IETF-104 (Prague) DHC WG Next steps
MIF DHCPv6 Route Option Update
Link Layer Addresses Assignment Mechanism for DHCPv6
Presentation transcript:

DHCP Anonymity Profile Update IETF 93, Prague, July 2015 7/23/2015 DHCP Anonymity Profile -- IETF 93

Prototype Implementation Developed by Nick Grifka on test version of Windows 10 (not in the product yet) Implemented both DHCPv4 and DHCPv6 versions Straightforward Implementation choice: do not send Host Name, FQDN Needed variance on DHCPv6 CONFIRM – performance issue Alternate behavior triggered by use of Random MAC Address Additional complexity is modest 7/23/2015 DHCP Anonymity Profile -- IETF 93

DHCP Anonymity Profile -- IETF 93 Trials in the wild Tested on 9 different Wi-Fi hot spots in Bellevue / Seattle area Ranged from big brands (ATT Wi-Fi, Google) to cafes and public library Connection (almost) always succeeded One exception: Wi-Fi network did not allow connection using randomized MAC Address. DHCP profile itself did not cause any failure Confirms validity of “No Name” option DHCP servers do not actually need the name of your device Changed draft to “SHOULD avoid sending the host name option.” 7/23/2015 DHCP Anonymity Profile -- IETF 93

DHCP Anonymity Profile -- IETF 93 Summary of changes Section 2.6. Using the anonymity profiles, static vs. mobile. Section 3.4. Client Identifier Option, for PPP links Section 3.5. Default to not sending Host Name Section 3.5. If sending Host Name, obfuscate, don’t leak MAC Address Section 4. Prefer Stateless IPV6 address configuration when possible Section 4.1. Allow DHCPv6 CONFIRM when roaming between Access Points 7/23/2015 DHCP Anonymity Profile -- IETF 93

DHCP Anonymity Profile -- IETF 93 Next step? Do we need anything more before last call? 7/23/2015 DHCP Anonymity Profile -- IETF 93

DHCP Anonymity Profile -- IETF 93 Background slides 7/23/2015 DHCP Anonymity Profile -- IETF 93

DHCP Anonymity Profile -- IETF 93 History Presented draft-huitema-dhc-anonymity-profile at IETF 92, Dallas. Revised with Tomek Mrugalski, Suresh Krishnan Adopted by WG. Version 01 published June 30, 2015 Feedback from mailing list, implementation, trials 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback on DHCPv6 Confirm Found one issue with DHCPv6 CONFIRM Used when roaming between access points Code has logic to recognize “same network” using Wi-Fi authentication DHCPv6 CONFIRM allows for continuous connectivity, instead of full DISCOVER/REQUEST cycle. Updated draft to allow CONFIRM when roaming between wireless AP in same network. 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback: different networks, use cases Some networks do not use “link layer addresses,” users still need privacy: Added text in section 3.4. Client Identifier Option Suggestion: Pick random identifier, unique to current link. Case of “shared allocation” (draft-ietf-dhc-dynamic- shared-v4allocation): Added text in section 2.6. Using the anonymity profiles Distinguish between “stability for static clients” and “privacy for mobile clients” 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback: don’t leak the random MAC Previous version suggested constructing an “anonymized host name” as HEX rendering of Random MAC Address. Problem: names leak outside the scope of the link, and leaking MAC Addresses outside of their scope increases the attack surface. Changed the suggested construction to “HEX of Hash(secret, MAC)” 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback: for DHCPv6, prefer stateless Feedback expressed during IETF 92, incorporated in draft 00: … When these options enable stateless address configuration hosts using the anonymity profile SHOULD choose it over stateful address configuration… 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback on DHCPv6 Confirm Found one issue with DHCPv6 CONFIRM Used when roaming between access points Code has logic to recognize “same network” using Wi-Fi authentication DHCPv6 CONFIRM allows for continuous connectivity, instead of full DISCOVER/REQUEST cycle. Updated draft to allow CONFIRM when roaming between wireless AP in same network. 7/23/2015 DHCP Anonymity Profile -- IETF 93

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.