| < draft-thaler-6lo-privacy-considerations-00.txt | draft-thaler-6lo-privacy-considerations-01.txt > | |||
|---|---|---|---|---|
| Network Working Group D. Thaler | Network Working Group D. Thaler | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Informational September 25, 2015 | Intended status: Informational October 2, 2015 | |||
| Expires: March 28, 2016 | Expires: April 4, 2016 | |||
| 6LoWPAN Privacy Considerations | Privacy Considerations for IPv6 over Networks of Resource-Constrained | |||
| draft-thaler-6lo-privacy-considerations-00 | Nodes | |||
| draft-thaler-6lo-privacy-considerations-01 | ||||
| Abstract | Abstract | |||
| This document discusses how a number of privacy threats apply to | This document discusses how a number of privacy threats apply to | |||
| 6LoWPAN technologies, and provides advice to protocol designers on | technologies designed for IPv6 over networks of resource-constrained | |||
| how to address such threats in IPv6-over-foo adaptation layer | nodes, and provides advice to protocol designers on how to address | |||
| specifcations. | such threats in IPv6-over-foo adaptation layer specifcations. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 28, 2016. | This Internet-Draft will expire on April 4, 2016. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2015 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 4, line 32 ¶ | skipping to change at page 4, line 32 ¶ | |||
| If, on the other hand, the devices being scanned for do not implement | If, on the other hand, the devices being scanned for do not implement | |||
| a "stealth mode", but respond with TCP RST or ICMP Echo Reply | a "stealth mode", but respond with TCP RST or ICMP Echo Reply | |||
| packets, then the address scan is not limited by the ICMP unreachable | packets, then the address scan is not limited by the ICMP unreachable | |||
| rate limit in routers, since the attacker can determine the presence | rate limit in routers, since the attacker can determine the presence | |||
| of a host without them. In such cases, more bits of entropy would be | of a host without them. In such cases, more bits of entropy would be | |||
| needed to provide the same level of protection. | needed to provide the same level of protection. | |||
| 3. Potential Approaches | 3. Potential Approaches | |||
| The table below shows the number of bits of entropy currently | The table below shows the number of bits of entropy currently | |||
| available in various 6LoWPAN technologies: | available in various technologies: | |||
| +---------------+--------------------------+--------------------+ | +---------------+--------------------------+--------------------+ | |||
| | Technology | Reference | Bits of Entropy | | | Technology | Reference | Bits of Entropy | | |||
| +---------------+--------------------------+--------------------+ | +---------------+--------------------------+--------------------+ | |||
| | 802.15.4 | [RFC4944] | 16+ or any EUI-64 | | | 802.15.4 | [RFC4944] | 16+ or any EUI-64 | | |||
| | Bluetooth LE | [I-D.ietf-6lo-btle] | 48 | | | Bluetooth LE | [I-D.ietf-6lo-btle] | 48 | | |||
| | DECT ULE | [I-D.ietf-6lo-dect-ule] | 40 or any EUI-48 | | | DECT ULE | [I-D.ietf-6lo-dect-ule] | 40 or any EUI-48 | | |||
| | MS/TP | [I-D.ietf-6lo-6lobac] | 8 or 64 | | | MS/TP | [I-D.ietf-6lo-6lobac] | 8 or 64 | | |||
| | ITU-T G.9959 | [RFC7428] | 8 | | | ITU-T G.9959 | [RFC7428] | 8 | | |||
| | NFC | [I-D.ietf-6lo-nfc] | 6 or ??? | | | NFC | [I-D.ietf-6lo-nfc] | 6 or ??? | | |||
| +---------------+--------------------------+--------------------+ | +---------------+--------------------------+--------------------+ | |||
| 6LoWPAN technologies generally support either IEEE identifiers or so | Such technologies generally support either IEEE identifiers or so | |||
| called "Short Addresses", or both, as link layer addresses. We | called "Short Addresses", or both, as link layer addresses. We | |||
| discuss each in turn. | discuss each in turn. | |||
| 3.1. IEEE-Identifier-Based Addresses | 3.1. IEEE-Identifier-Based Addresses | |||
| Some 6LoWPAN technologies allow the use of IEEE EUI-48 or EUI-64 | Some technologies allow the use of IEEE EUI-48 or EUI-64 identifiers, | |||
| identifiers, or allow using an arbitrary 64-bit identifier. Using | or allow using an arbitrary 64-bit identifier. Using such an | |||
| such an identifier to construct IPv6 addresses makes it easy to use | identifier to construct IPv6 addresses makes it easy to use the | |||
| the normal LOWPAN_IPHC encoding with stateless compression, allowing | normal LOWPAN_IPHC encoding with stateless compression, allowing such | |||
| such IPv6 addresses to be fully elided in common cases. | IPv6 addresses to be fully elided in common cases. | |||
| Interfaces identifiers formed from IEEE identifiers can have | Interfaces identifiers formed from IEEE identifiers can have | |||
| insufficient entropy unless the IEEE identifier itself has sufficient | insufficient entropy unless the IEEE identifier itself has sufficient | |||
| entropy, and enough bits of entropy are carried over into the IPv6 | entropy, and enough bits of entropy are carried over into the IPv6 | |||
| address to sufficiently mitigate the threats. Privacy threats other | address to sufficiently mitigate the threats. Privacy threats other | |||
| than "Correlation over time" can be mitigated using per-network | than "Correlation over time" can be mitigated using per-network | |||
| randomized IEEE identifiers with 46 or more bits of entropy. A | randomized IEEE identifiers with 46 or more bits of entropy. A | |||
| number of such proposals can be found at | number of such proposals can be found at | |||
| <https://mentor.ieee.org/privecsg/documents>, and Section 10.8 of | <https://mentor.ieee.org/privecsg/documents>, and Section 10.8 of | |||
| [BTCorev4.1] specifies one for Bluetooth. Using IPv6 addresses | [BTCorev4.1] specifies one for Bluetooth. Using IPv6 addresses | |||
| End of changes. 7 change blocks. | ||||
| 15 lines changed or deleted | 16 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||