Presentation is loading. Please wait.

Presentation is loading. Please wait.

03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy.

Published byCassandra Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy."— Presentation transcript:

1 03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy

2 03/22/10 Motivation HIP leaks identity-related information even though ESP protects the confidentiality of the data-plane In the current version of base exchange (BEX), the identities (HITs and HIs) of communicating partners are transported in plain text An active or passive attacker can eavesdrop a base exchange and track the identities and movement of communicating end-hosts As a consequence, privacy is hindered because the connectivity of a host can be traced securely

3 03/22/10 Solutions for Identity Privacy Ephemeral identities –Thrown away when used once –More overhead to generate new keys –Anonymous authentication Encrypted public keys –Non-anonymous authentication –Requires also emphemeral identities –Requires presharing of public keys Scrambled identities (aka “blind”) –Optimization of the previous approach –Only HITs are preshared

4 03/22/10 The BLIND Extension The proposed solution is based on the BLIND extension from Ylitalo et al The solution attempts to address the privacy issue by scrambling HI(T)s with nonces and exposing the real HI(T)s in the encrypted parts of HIP packets Scrambling of an identity is denoted by a flag The unscrambled HITs have to be known in advance (for full identity protection)

5 03/22/10 Generation of Scrambled HITs Before sending out an I1 packet, an initiator first selects a random number nonce N The initiator generates a scrambled HIT for it by SHA-1 hashing the concatenation of N and its HIT (HIT-I), that is, SHA-1(N, HIT-I) If the identity privacy of the responder has to be protected, the initiator generates a scrambled HIT for the initiator in the same way

6 03/22/10 Next Revision of the Draft Is this work interesting? Should we have a specific use scenario? Location privacy using HIP/ESP Relay? HICCUPS compatibility Analyze BLIND dependency to algo agility Encrypted public keys a better approach? –HIP-capable middleboxes can authenticate at least the ephemeral identities – Midbox throttles throughput or drops the connection

7 Thank you www.huawei.com

Download ppt "03/22/10 draft-zhang-hip-privacy-protection- 00 Dacheng Zhang Miika Komu An Extension of HIP Base Exchange to Support Identity Privacy."

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Establishing Host Identity Protocol Opportunistic Mode with TCP Option draft-lindqvist-hip-opportunistic-01.txt Janne.

Establishing Host Identity Protocol Opportunistic Mode with TCP Option draft-lindqvist-hip-opportunistic-01.txt Janne.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.

IPSec In Depth. Encapsulated Security Payload (ESP) Must encrypt and/or authenticate in each packet Encryption occurs before authentication Authentication.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Security at the Network Layer: IPSec

Security at the Network Layer: IPSec
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.

IKE message flow IKE message flow always consists of a request followed by a response. It is the responsibility of the requester to ensure reliability.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID

1 /12 Pascal URIEN, IETF 72 rd, Monday July 28 th Dublin, Ireland draft-urien-hip-tag-00.txt HIP support for RFID

Similar presentations

Ads by Google