Threat Analysis of the Geopriv Protocol
RFC 3694
Document | Type |
RFC - Informational
(February 2004; No errata)
Updated by RFC 6280
|
|
---|---|---|---|
Authors | John Morris , Jon Peterson , Deirdre Mulligan , Michelle Danley | ||
Last updated | 2013-03-02 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3694 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Ted Hardie | ||
Send notices to | <mankin@psg.com>, <rg+ietf@qualcomm.com>, <anewton@ecotroph.net> |
Network Working Group M. Danley Request for Comments: 3694 D. Mulligan Category: Informational Samuelson Law, Technology & Public Policy Clinic J. Morris Center for Democracy & Technology J. Peterson NeuStar February 2004 Threat Analysis of the Geopriv Protocol Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document provides some analysis of threats against the Geopriv protocol architecture. It focuses on protocol threats, threats that result from the storage of data by entities in the architecture, and threats posed by the abuse of information yielded by Geopriv. Some security properties that meet these threats are enumerated as a reference for Geopriv requirements. Danley, et al. Informational [Page 1] RFC 3694 Threat Analysis of the Geopriv Protocol February 2004 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Habitat of the Geopriv Protocol . . . . . . . . . . . . . . . 3 3. Motivations of Attackers of Geopriv . . . . . . . . . . . . . 4 4. Representative Attacks on Geopriv . . . . . . . . . . . . . . 5 4.1. Protocol Attacks . . . . . . . . . . . . . . . . . . . . 5 4.1.1. Eavesdropping and/or Interception . . . . . . . 5 4.1.2. Identity Spoofing . . . . . . . . . . . . . . . 6 4.1.3. Information Gathering . . . . . . . . . . . . . 7 4.1.4. Denial of Service . . . . . . . . . . . . . . . 8 4.2. Host Attacks . . . . . . . . . . . . . . . . . . . . . . 9 4.2.1. Data Stored at Servers . . . . . . . . . . . . . 9 4.2.2. Data Stored in Devices . . . . . . . . . . . . . 9 4.2.3. Data Stored with the Viewer . . . . . . . . . . 10 4.2.4. Information Contained in Rules . . . . . . . . . 10 4.3. Usage Attacks . . . . . . . . . . . . . . . . . . . . . 11 4.3.1. Threats Posed by Overcollection . . . . . . . . 11 5. Countermeasures for Usage Violations . . . . . . . . . . . . . 12 5.1. Fair Information Practices . . . . . . . . . . . . . . . 12 6. Security Properties of the Geopriv Protocol . . . . . . . . . 13 6.1. Rules as Countermeasures . . . . . . . . . . . . . . . . 13 6.1.1. Rule Maker Should Define Rules . . . . . . . . . 13 6.1.2. Geopriv Should Have Default Rules . . . . . . . 14 6.1.3. Location Recipient Should Not Be Aware of All Rules. . . . . . . . . . . . . . . . . . . . . . 14 6.1.4. Certain Rules Should Travel With the LO . . . . 14 6.2. Protection of Identities . . . . . . . . . . . . . . . . 14 6.2.1. Short-Lived Identifiers May Protect Target's Identity . . . . . . . . . . . . . . . . . . . . 15 6.2.2. Unlinked Pseudonyms May Protect the Location Recipients' Identity . . . . . . . . . . . . . . 15 6.3. Security During Transmission of Data . . . . . . . . . . 15 6.3.1. Rules May Disallow a Certain Frequency of Requests . . . . . . . . . . . . . . . . . . . . 15 6.3.2. Mutual End-Point Authentication . . . . . . . . 16 6.3.3. Data Object Integrity & Confidentiality . . . . 16 6.3.4. Replay Protection . . . . . . . . . . . . . . . 16 7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9. Informative References . . . . . . . . . . . . . . . . . . . . 16 10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18 Danley, et al. Informational [Page 2] RFC 3694 Threat Analysis of the Geopriv Protocol February 2004 1. Introduction The proliferation of location-based services that integrate tracking and navigation capabilities gives rise to significant privacy and security concerns. Such services allow users to identify their own location as well as determine the location of others. In certain peer-to-peer exchanges, device identification takes place automatically within a defined location perimeter, informing peerShow full document text