datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

Threat Analysis of the Geopriv Protocol
RFC 3694

Document type: RFC - Informational (February 2004)
Updated by RFC 6280
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3694 (Informational)
Responsible AD: Ted Hardie
Send notices to: <mankin@psg.com>, <rg+ietf@qualcomm.com>, <anewton@ecotroph.net>

Network Working Group                                          M. Danley
Request for Comments: 3694                                   D. Mulligan
Category: Informational Samuelson Law, Technology & Public Policy Clinic
                                                               J. Morris
                                       Center for Democracy & Technology
                                                             J. Peterson
                                                                 NeuStar
                                                           February 2004

                Threat Analysis of the Geopriv Protocol

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document provides some analysis of threats against the Geopriv
   protocol architecture.  It focuses on protocol threats, threats that
   result from the storage of data by entities in the architecture, and
   threats posed by the abuse of information yielded by Geopriv.  Some
   security properties that meet these threats are enumerated as a
   reference for Geopriv requirements.

Danley, et al.               Informational                      [Page 1]
RFC 3694        Threat Analysis of the Geopriv Protocol    February 2004

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Habitat of the Geopriv Protocol  . . . . . . . . . . . . . . .  3
   3.  Motivations of Attackers of Geopriv  . . . . . . . . . . . . .  4
   4.  Representative Attacks on Geopriv  . . . . . . . . . . . . . .  5
       4.1.  Protocol Attacks . . . . . . . . . . . . . . . . . . . .  5
             4.1.1.  Eavesdropping and/or Interception  . . . . . . .  5
             4.1.2.  Identity Spoofing  . . . . . . . . . . . . . . .  6
             4.1.3.  Information Gathering  . . . . . . . . . . . . .  7
             4.1.4.  Denial of Service  . . . . . . . . . . . . . . .  8
       4.2.  Host Attacks . . . . . . . . . . . . . . . . . . . . . .  9
             4.2.1.  Data Stored at Servers . . . . . . . . . . . . .  9
             4.2.2.  Data Stored in Devices . . . . . . . . . . . . .  9
             4.2.3.  Data Stored with the Viewer  . . . . . . . . . . 10
             4.2.4.  Information Contained in Rules . . . . . . . . . 10
       4.3.  Usage Attacks  . . . . . . . . . . . . . . . . . . . . . 11
             4.3.1.  Threats Posed by Overcollection  . . . . . . . . 11
   5.  Countermeasures for Usage Violations . . . . . . . . . . . . . 12
       5.1.  Fair Information Practices . . . . . . . . . . . . . . . 12
   6.  Security Properties of the Geopriv Protocol  . . . . . . . . . 13
       6.1.  Rules as Countermeasures . . . . . . . . . . . . . . . . 13
             6.1.1.  Rule Maker Should Define Rules . . . . . . . . . 13
             6.1.2.  Geopriv Should Have Default Rules  . . . . . . . 14
             6.1.3.  Location Recipient Should Not Be Aware of All
                     Rules. . . . . . . . . . . . . . . . . . . . . . 14
             6.1.4.  Certain Rules Should Travel With the LO  . . . . 14
       6.2.  Protection of Identities . . . . . . . . . . . . . . . . 14
             6.2.1.  Short-Lived Identifiers May Protect Target's
                     Identity . . . . . . . . . . . . . . . . . . . . 15
             6.2.2.  Unlinked Pseudonyms May Protect the Location
                     Recipients' Identity . . . . . . . . . . . . . . 15
       6.3.  Security During Transmission of Data . . . . . . . . . . 15
             6.3.1.  Rules May Disallow a Certain Frequency of
                     Requests . . . . . . . . . . . . . . . . . . . . 15
             6.3.2.  Mutual End-Point Authentication  . . . . . . . . 16
             6.3.3.  Data Object Integrity & Confidentiality  . . . . 16
             6.3.4.  Replay Protection  . . . . . . . . . . . . . . . 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 16
   9.  Informative References . . . . . . . . . . . . . . . . . . . . 16
   10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17
   11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18

Danley, et al.               Informational                      [Page 2]
RFC 3694        Threat Analysis of the Geopriv Protocol    February 2004

1.  Introduction

   The proliferation of location-based services that integrate tracking
   and navigation capabilities gives rise to significant privacy and

[include full document text]