Presentation is loading. Please wait.

Presentation is loading. Please wait.

DHCP Anonymity Profile Update

Published byEsa Kapulainen Modified over 6 years ago

Similar presentations

Presentation on theme: "DHCP Anonymity Profile Update"— Presentation transcript:

1 DHCP Anonymity Profile Update
IETF 93, Prague, July 2015 7/23/2015 DHCP Anonymity Profile -- IETF 93

2 Prototype Implementation
Developed by Nick Grifka on test version of Windows 10 (not in the product yet) Implemented both DHCPv4 and DHCPv6 versions Straightforward Implementation choice: do not send Host Name, FQDN Needed variance on DHCPv6 CONFIRM – performance issue Alternate behavior triggered by use of Random MAC Address Additional complexity is modest 7/23/2015 DHCP Anonymity Profile -- IETF 93

3 DHCP Anonymity Profile -- IETF 93
Trials in the wild Tested on 9 different Wi-Fi hot spots in Bellevue / Seattle area Ranged from big brands (ATT Wi-Fi, Google) to cafes and public library Connection (almost) always succeeded One exception: Wi-Fi network did not allow connection using randomized MAC Address. DHCP profile itself did not cause any failure Confirms validity of “No Name” option DHCP servers do not actually need the name of your device Changed draft to “SHOULD avoid sending the host name option.” 7/23/2015 DHCP Anonymity Profile -- IETF 93

4 DHCP Anonymity Profile -- IETF 93
Summary of changes Section 2.6. Using the anonymity profiles, static vs. mobile. Section 3.4. Client Identifier Option, for PPP links Section 3.5. Default to not sending Host Name Section 3.5. If sending Host Name, obfuscate, don’t leak MAC Address Section 4. Prefer Stateless IPV6 address configuration when possible Section 4.1. Allow DHCPv6 CONFIRM when roaming between Access Points 7/23/2015 DHCP Anonymity Profile -- IETF 93

5 DHCP Anonymity Profile -- IETF 93
Next step? Do we need anything more before last call? 7/23/2015 DHCP Anonymity Profile -- IETF 93

6 DHCP Anonymity Profile -- IETF 93
Background slides 7/23/2015 DHCP Anonymity Profile -- IETF 93

7 DHCP Anonymity Profile -- IETF 93
History Presented draft-huitema-dhc-anonymity-profile at IETF 92, Dallas. Revised with Tomek Mrugalski, Suresh Krishnan Adopted by WG. Version 01 published June 30, 2015 Feedback from mailing list, implementation, trials 7/23/2015 DHCP Anonymity Profile -- IETF 93

8 Feedback on DHCPv6 Confirm
Found one issue with DHCPv6 CONFIRM Used when roaming between access points Code has logic to recognize “same network” using Wi-Fi authentication DHCPv6 CONFIRM allows for continuous connectivity, instead of full DISCOVER/REQUEST cycle. Updated draft to allow CONFIRM when roaming between wireless AP in same network. 7/23/2015 DHCP Anonymity Profile -- IETF 93

9 Feedback: different networks, use cases
Some networks do not use “link layer addresses,” users still need privacy: Added text in section 3.4. Client Identifier Option Suggestion: Pick random identifier, unique to current link. Case of “shared allocation” (draft-ietf-dhc-dynamic- shared-v4allocation): Added text in section 2.6. Using the anonymity profiles Distinguish between “stability for static clients” and “privacy for mobile clients” 7/23/2015 DHCP Anonymity Profile -- IETF 93

10 Feedback: don’t leak the random MAC
Previous version suggested constructing an “anonymized host name” as HEX rendering of Random MAC Address. Problem: names leak outside the scope of the link, and leaking MAC Addresses outside of their scope increases the attack surface. Changed the suggested construction to “HEX of Hash(secret, MAC)” 7/23/2015 DHCP Anonymity Profile -- IETF 93

11 Feedback: for DHCPv6, prefer stateless
Feedback expressed during IETF 92, incorporated in draft 00: … When these options enable stateless address configuration hosts using the anonymity profile SHOULD choose it over stateful address configuration… 7/23/2015 DHCP Anonymity Profile -- IETF 93

12 Feedback on DHCPv6 Confirm
Found one issue with DHCPv6 CONFIRM Used when roaming between access points Code has logic to recognize “same network” using Wi-Fi authentication DHCPv6 CONFIRM allows for continuous connectivity, instead of full DISCOVER/REQUEST cycle. Updated draft to allow CONFIRM when roaming between wireless AP in same network. 7/23/2015 DHCP Anonymity Profile -- IETF 93

Download ppt "DHCP Anonymity Profile Update"

Similar presentations

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,

Dynamic Allocation of Shared IPv4 Addresses draft-csf-dhc-dynamic-shared-v4allocation-00 Q. Sun, Y. Cui, I. Farrer, Y. Lee, Q. Sun, M. Boucadair IETF 89,
Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park

Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park
Draft-ietf-dhc-stateless-dhcpv6- renumbering-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.

Draft-ietf-dhc-stateless-dhcpv6- renumbering-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
Weakening Aggregated Traffic of DHCP Discover Messages draft-yang-sunset4-weaken-dhcp-00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile 2012.11 1.

Weakening Aggregated Traffic of DHCP Discover Messages draft-yang-sunset4-weaken-dhcp-00 Tianle Yang, Lianyuan Li, Qiongfang Ma China Mobile
1 DHCP-based Fast Handover protocol NTT Network service systems laboratories 2005. 3. 10 Takeshi Ogawa draft-ogawa-fhopt-00.txt 62nd IETF - Minneapolis.

1 DHCP-based Fast Handover protocol NTT Network service systems laboratories Takeshi Ogawa draft-ogawa-fhopt-00.txt 62nd IETF - Minneapolis.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
1 Behcet Sarikaya Frank Xia July 2010 Flexible DHCPv6 Prefix Delegation in Mobile Networks IETF 78

1 Behcet Sarikaya Frank Xia July 2010 Flexible DHCPv6 Prefix Delegation in Mobile Networks IETF 78
Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.

Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.
Lesson 3 Introduction to Networking Concepts Lesson 3.

Lesson 3 Introduction to Networking Concepts Lesson 3.
Draft-asati-dhc-ipv6-autoconfig-address-tracking 1 IETF 86 Rajiv Asati Dan Wing.

Draft-asati-dhc-ipv6-autoconfig-address-tracking 1 IETF 86 Rajiv Asati Dan Wing.
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.

DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.

Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.
DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan

DNS zone suffix option for DHCPv6 (draft-yan-dhc-dhcpv6-opt-dnszone-01.txt) IETF 61 (Washington, DC) Yinglan Jiang Renxiang Yan
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
1 AutoconfBOF2.PPT / Aug-01-2005 / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)

1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
1 Behcet Sarikaya Frank Xia Ted Lemon July 2011 DHCPv6 Prefix Delegation as IPv6 Migration Tool in Mobile Networks IETF 81

1 Behcet Sarikaya Frank Xia Ted Lemon July 2011 DHCPv6 Prefix Delegation as IPv6 Migration Tool in Mobile Networks IETF 81
1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

Similar presentations

Ads by Google