Re: [Int-area] Where/How is the features innovation happening?

Mon, 20 Dec 2021 01:28:11 -0800 

Hello Tom,

The privacy countermeasure for IPv4/IPv6 is interestingly different.
IPv4 usually utilize CGNAT, i.e., M(hosts)-to-N(IPs), where M >> N so that the 
host could remain anonymous
IPv6 usually utilize Temporary address, i.e., 1(host)-to-M(IPs[at least suffix 
level]), where M >> 1 so that the host could remain anonymous.

HOWEVER, I don't feel any approach reaches privacy perfectly, because access 
network have a global perspective on M-to-N or 1-to-M mapping.
For this, it is hard to be convinced that IPv4/6 itself can reach a perfect 
privacy.

Thanks,
Yihao Jia

-----------

I believe CGNAT is better than IPv6 in terms of privacy in addressing.
In fact one might argue that IPv4 provides better privacy and security
than IPv6 in this regard. Temporary addresses are not single use which
means the attacker can correlate addresses from a user between
unrelated flows during the quantum the temporary address is used. When
a user changes their address, the attacker can continue monitoring if
it is signaled that the address changed. Here is a fairly simple
exploit I derived to do that (from
draft-herbert-ipv6-prefix-address-privacy-00).

The exploit is:
      o An attacker creates an "always connected" app that provides some
        seemingly benign service and users download the app.
      o The app includes some sort of persistent identity. For instance,
        this could be an account login.
      o The backend server for the app logs the identity and IP address
        of a user each time they connect
      o When an address change happens, existing connections on the user
        device are disconnected. The app will receive a notification and
        immediately attempt to reconnect using the new source address.
      o The backend server will see the new connection and log the new
        IP address as being associated with the specific user. Thus,
the server has
        a real-time record of users and the IP address they are using.
      o The attacker intercepts packets at some point in the Internet.
        The addresses in the captured packets can be time correlated
        with the server database to deduce identities of parties in
        communications that are unrelated to the app.

The only way I see to mitigate this sort of surveillance is single use
addresses. That is effectively what  CGNAT can provide.

Tom

_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to