Threat Analysis of the Geopriv Protocol
RFC 3694
Document Type RFC - Informational (February 2004; No errata)
Updated by RFC 6280
Authors John Morris  , Jon Peterson  , Deirdre Mulligan  , Michelle Danley 
Last updated 2013-03-02
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3694 (Informational)
Action Holders
(None)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Ted Hardie
Send notices to <mankin@psg.com>, <rg+ietf@qualcomm.com>, <anewton@ecotroph.net>
Email authors Email WG IPR 1 References Referenced by Nits 
Network Working Group                                          M. Danley
Request for Comments: 3694                                   D. Mulligan
Category: Informational Samuelson Law, Technology & Public Policy Clinic
                                                               J. Morris
                                       Center for Democracy & Technology
                                                             J. Peterson
                                                                 NeuStar
                                                           February 2004

                Threat Analysis of the Geopriv Protocol

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document provides some analysis of threats against the Geopriv
   protocol architecture.  It focuses on protocol threats, threats that
   result from the storage of data by entities in the architecture, and
   threats posed by the abuse of information yielded by Geopriv.  Some
   security properties that meet these threats are enumerated as a
   reference for Geopriv requirements.

Danley, et al.               Informational                      [Page 1]
RFC 3694        Threat Analysis of the Geopriv Protocol    February 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Habitat of the Geopriv Protocol  . . . . . . . . . . . . . . .  3
   3.  Motivations of Attackers of Geopriv  . . . . . . . . . . . . .  4
   4.  Representative Attacks on Geopriv  . . . . . . . . . . . . . .  5
       4.1.  Protocol Attacks . . . . . . . . . . . . . . . . . . . .  5
             4.1.1.  Eavesdropping and/or Interception  . . . . . . .  5
             4.1.2.  Identity Spoofing  . . . . . . . . . . . . . . .  6
             4.1.3.  Information Gathering  . . . . . . . . . . . . .  7
             4.1.4.  Denial of Service  . . . . . . . . . . . . . . .  8
       4.2.  Host Attacks . . . . . . . . . . . . . . . . . . . . . .  9
             4.2.1.  Data Stored at Servers . . . . . . . . . . . . .  9
             4.2.2.  Data Stored in Devices . . . . . . . . . . . . .  9
             4.2.3.  Data Stored with the Viewer  . . . . . . . . . . 10
             4.2.4.  Information Contained in Rules . . . . . . . . . 10
       4.3.  Usage Attacks  . . . . . . . . . . . . . . . . . . . . . 11
             4.3.1.  Threats Posed by Overcollection  . . . . . . . . 11
   5.  Countermeasures for Usage Violations . . . . . . . . . . . . . 12
       5.1.  Fair Information Practices . . . . . . . . . . . . . . . 12
   6.  Security Properties of the Geopriv Protocol  . . . . . . . . . 13
       6.1.  Rules as Countermeasures . . . . . . . . . . . . . . . . 13
             6.1.1.  Rule Maker Should Define Rules . . . . . . . . . 13
             6.1.2.  Geopriv Should Have Default Rules  . . . . . . . 14
             6.1.3.  Location Recipient Should Not Be Aware of All
                     Rules. . . . . . . . . . . . . . . . . . . . . . 14
             6.1.4.  Certain Rules Should Travel With the LO  . . . . 14
       6.2.  Protection of Identities . . . . . . . . . . . . . . . . 14
             6.2.1.  Short-Lived Identifiers May Protect Target's
                     Identity . . . . . . . . . . . . . . . . . . . . 15
             6.2.2.  Unlinked Pseudonyms May Protect the Location
                     Recipients' Identity . . . . . . . . . . . . . . 15
       6.3.  Security During Transmission of Data . . . . . . . . . . 15
             6.3.1.  Rules May Disallow a Certain Frequency of
                     Requests . . . . . . . . . . . . . . . . . . . . 15
             6.3.2.  Mutual End-Point Authentication  . . . . . . . . 16
             6.3.3.  Data Object Integrity & Confidentiality  . . . . 16
             6.3.4.  Replay Protection  . . . . . . . . . . . . . . . 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 16
   9.  Informative References . . . . . . . . . . . . . . . . . . . . 16
   10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17
   11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18

Danley, et al.               Informational                      [Page 2]
RFC 3694        Threat Analysis of the Geopriv Protocol    February 2004

1.  Introduction

   The proliferation of location-based services that integrate tracking
   and navigation capabilities gives rise to significant privacy and
   security concerns.  Such services allow users to identify their own
   location as well as determine the location of others.  In certain
   peer-to-peer exchanges, device identification takes place
   automatically within a defined location perimeter, informing peer
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools