RFC 3694 (rfc3694) - Page 2 of 18

Threat Analysis of the Geopriv Protocol

Alternative Format: Original Text Document
< Previous
Next >
RFC 3694        Threat Analysis of the Geopriv Protocol    February 2004


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Habitat of the Geopriv Protocol  . . . . . . . . . . . . . . .  3
   3.  Motivations of Attackers of Geopriv  . . . . . . . . . . . . .  4
   4.  Representative Attacks on Geopriv  . . . . . . . . . . . . . .  5
       4.1.  Protocol Attacks . . . . . . . . . . . . . . . . . . . .  5
             4.1.1.  Eavesdropping and/or Interception  . . . . . . .  5
             4.1.2.  Identity Spoofing  . . . . . . . . . . . . . . .  6
             4.1.3.  Information Gathering  . . . . . . . . . . . . .  7
             4.1.4.  Denial of Service  . . . . . . . . . . . . . . .  8
       4.2.  Host Attacks . . . . . . . . . . . . . . . . . . . . . .  9
             4.2.1.  Data Stored at Servers . . . . . . . . . . . . .  9
             4.2.2.  Data Stored in Devices . . . . . . . . . . . . .  9
             4.2.3.  Data Stored with the Viewer  . . . . . . . . . . 10
             4.2.4.  Information Contained in Rules . . . . . . . . . 10
       4.3.  Usage Attacks  . . . . . . . . . . . . . . . . . . . . . 11
             4.3.1.  Threats Posed by Overcollection  . . . . . . . . 11
   5.  Countermeasures for Usage Violations . . . . . . . . . . . . . 12
       5.1.  Fair Information Practices . . . . . . . . . . . . . . . 12
   6.  Security Properties of the Geopriv Protocol  . . . . . . . . . 13
       6.1.  Rules as Countermeasures . . . . . . . . . . . . . . . . 13
             6.1.1.  Rule Maker Should Define Rules . . . . . . . . . 13
             6.1.2.  Geopriv Should Have Default Rules  . . . . . . . 14
             6.1.3.  Location Recipient Should Not Be Aware of All
                     Rules. . . . . . . . . . . . . . . . . . . . . . 14
             6.1.4.  Certain Rules Should Travel With the LO  . . . . 14
       6.2.  Protection of Identities . . . . . . . . . . . . . . . . 14
             6.2.1.  Short-Lived Identifiers May Protect Target's
                     Identity . . . . . . . . . . . . . . . . . . . . 15
             6.2.2.  Unlinked Pseudonyms May Protect the Location
                     Recipients' Identity . . . . . . . . . . . . . . 15
       6.3.  Security During Transmission of Data . . . . . . . . . . 15
             6.3.1.  Rules May Disallow a Certain Frequency of
                     Requests . . . . . . . . . . . . . . . . . . . . 15
             6.3.2.  Mutual End-Point Authentication  . . . . . . . . 16
             6.3.3.  Data Object Integrity & Confidentiality  . . . . 16
             6.3.4.  Replay Protection  . . . . . . . . . . . . . . . 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 16
   9.  Informative References . . . . . . . . . . . . . . . . . . . . 16
   10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 17
   11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 18








Danley, et al.               Informational
< Previous
Next >