Hi, YiHao:
0) I am glad that you distilled the complex and elusive privacy /
security tradeoff issues to a very unique and concise perspective.
1) Yes, the IPv4 CG-NAT and IPv6 Temporary address may seem to
provide some privacy protection. However, with the availability of the
computing power, these (and others such as VPN) approaches may be just
ostrich mentality. On the other hand, they provide the perfect excuse
for the government (at least US) to justify for "mass surveillance". For
example, the following is a recent news report which practically defeats
all current "privacy protection" attempts.
https://www.usatoday.com/story/news/2021/12/08/federal-court-upholds-terrorism-conviction-mass-surveillance-case/6440325001/
2) Rather than contradicting efforts, it is time to review whether
any of these schemes such as mapping techniques really is effective for
the perceived "protection". As much of the current science fiction type
crime scene detective novel / movie / TV program hinted, the government
probably has more capability to zero-in on anyone than an ordinary
citizen can imagine, anyway. And, businesses have gathered more
information about us than they will ever admit. Perhaps we should "think
out of the box" by going back to the PSTN days of definitive subscriber
identification systems, so that accordingly we will behave appropriately
on the Internet, and the government will be allowed to only monitor
suspected criminals by filing explicit (although in secret) requests,
case by case, to the court for approval?
Happy Holidays!
Abe (2021-12-22 21:00 EST)
Hello Tom,
The privacy countermeasure for IPv4/IPv6 is interestingly different.
IPv4 usually utilize CGNAT, i.e., M(hosts)-to-N(IPs), where M >> N so that the
host could remain anonymous
IPv6 usually utilize Temporary address, i.e., 1(host)-to-M(IPs[at least suffix
level]), where M >> 1 so that the host could remain anonymous.
HOWEVER, I don't feel any approach reaches privacy perfectly, because access
network have a global perspective on M-to-N or 1-to-M mapping.
For this, it is hard to be convinced that IPv4/6 itself can reach a perfect
privacy.
Thanks,
Yihao Jia
-----------
I believe CGNAT is better than IPv6 in terms of privacy in addressing.
In fact one might argue that IPv4 provides better privacy and security
than IPv6 in this regard. Temporary addresses are not single use which
means the attacker can correlate addresses from a user between
unrelated flows during the quantum the temporary address is used. When
a user changes their address, the attacker can continue monitoring if
it is signaled that the address changed. Here is a fairly simple
exploit I derived to do that (from
draft-herbert-ipv6-prefix-address-privacy-00).
The exploit is:
o An attacker creates an "always connected" app that provides some
seemingly benign service and users download the app.
o The app includes some sort of persistent identity. For instance,
this could be an account login.
o The backend server for the app logs the identity and IP address
of a user each time they connect
o When an address change happens, existing connections on the user
device are disconnected. The app will receive a notification and
immediately attempt to reconnect using the new source address.
o The backend server will see the new connection and log the new
IP address as being associated with the specific user. Thus,
the server has
a real-time record of users and the IP address they are using.
o The attacker intercepts packets at some point in the Internet.
The addresses in the captured packets can be time correlated
with the server database to deduce identities of parties in
communications that are unrelated to the app.
The only way I see to mitigate this sort of surveillance is single use
addresses. That is effectively what CGNAT can provide.
Tom
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
