1 Route Optimization and Location Privacy using Tunneling Agents (ROTA) draft-weniger-rota-01 Kilian Weniger, Takashi Aramaki IETF #64, Nov 2005

2 Background „Location privacy is the ability to prevent other parties from learning one's current or past location. In order to get such ability, the mobile node must conceal any relation between its location and the personal identifiable information“ [draft-haddad-momipriv-problem-statement- 02] [draft-ietf-mip6-location-privacy-ps-00] describes IP address location privacy problem in MIPv6 context and identifies two main problems 1.disclosure of CoA to CN 2.revealing HoA to eavesdropper Our draft addresses problem 1 Proposed solutions for this problem –reverse tunneling –HMIPv6

3 Problem definition and scenario Problem –Providing location privacy and optimized routing simultaneously location privacy in terms of hiding location from CN Scenario –Mobile-to-mobile communication (e.g., VoIP) –Both users request location privacy –Both users have different home networks and are away from home MN1MN2 MN1‘s HA MN2‘s HA Fig: Example scenario

4 Reverse tunneling in given scenario Reverse tunneling to HA –CoA is hidden from CN, but –optimized routing cannot be provided MN1MN2 MN1‘s HA MN2‘s HA tunneled data packets non-tunneled data packets Fig: Data path in case of reverse tunneling

5 Reverse tunneling + bootstrapping with local HAs (integrated scenario) –CoA is hidden from CN and optimized routing is provided, but –potential to compromise location privacy since HoA contains location information however, CN would have to know that MN‘s HA is local granularity of location information depends on location of local HA MN1MN2 Fig: Data path in case of reverse tunneling after bootstrapping with local HAs MN1‘s HA (local) Reverse tunneling in given scenario MN2‘s HA (local)

6 HMIPv6 –(L)CoA is hidden from CN and optimized routing can be provided, but –location privacy support is limited, since RCoA is disclosed granularity of location information depends on location of MAP MN1MN2 MN1‘s HA MN2‘s HA MAP HMIPv6 in given scenario Fig: Data path in HMIPv6 route optimization mode

7 Summary –MIPv6 can provide limited support for simultaneous location privacy and optimized routing „location privacy“ in terms of hiding MN‘s location from CN

8 Possible approach for improving location privacy and optimized routing support (Optional) route optimization by reverse tunneling to Tunneling Agents (TA) –TA is outside of home link –TA maintains bindings for HoAs not matching TA prefix –MN‘s home link (and HoA) does not change TA can e.g. be co-located with –MN1‘s HA or MN2‘s HA –local HA or MAP MN1MN2 MN1‘s HA MN2‘s HA/ MN1‘s TA Binding Cache HoA MN1  CoA MN1 (H) Binding Cache HoA MN2  CoA MN2 (H) HoA MN1  CoA MN1 (TA) Fig: Data path in case TA is co-located with MN‘s HA

9 Possible approach for improving location privacy and optimized routing support MN1MN2 MN1‘s HA MN2‘s HA Fig: Data path in case TA is co-located with local HAs/MAPs HA or MAP/ MN1‘s TA Binding Cache HoA MN2  A TA2 (TA) HoA MN1  CoA MN1 (TA) HA or MAP/ MN2‘s TA Binding Cache HoA MN1  A TA1 (TA) HoA MN2  CoA MN2 (TA) (Optional) route optimization by reverse tunneling to Tunneling Agents (TA) –TA is outside of home link –TA maintains bindings for HoAs not matching TA prefix –MN‘s home link (and HoA) does not change TA can e.g. be co-located with –MN1‘s HA or MN2‘s HA –local HA or MAP

10 Questions –Is there interest in improving MIPv6 support for simultaneous location privacy and optimized routing? „location privacy“ in terms of hiding MN‘s location from CN –How to proceed? –Other comments?