Abstract
In this paper, we present a security framework that provides identity protection against active and passive attacks for end-points. The framework is based on a two-round-trip authenticated Diffie-Hellman key exchange protocol that identifies the end-points to each other and creates a security association between the peers. The protocol hides the public key based identifiers from attackers and eavesdroppers by blinding the identifiers. We complete the identity protection by offering location privacy with forwarding agents. To our knowledge, our privacy enhanced protocol is the first denial-of-service resistant two-round-trip key exchange protocol that offers identity protection for both communicating peers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Johnson, D., Perkins, C., Arkko, J.: Mobility Support in IPv6. Internet Draft, work in progress (June 2003)
Lamm, S.E., Reed, D.A., Scullin, W.H.: Real-time geographic visualization of world wide web traffic. World Wide Web Journal, The Web After Five Years (Summer 1996)
Perkins, C.: IP Mobility Support. RFC 2002 (1996)
Escudero-Pascual, A.: Privacy in the next generation internet: Data protection in the context of the european union policy. Ph.D. dissertation, Royal Institute of Technology, Stockholm (December 2002), [Online] Available: http://www.imit.kth.se/~aep/PhD/
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ionnadis, J., Keromytis, A., Reingold, O.: Efficient, dos-resistant, secure key exchange for internet protocols. ACM Computer Communications Review (November 2002)
Saltzer, J., Reed, D., Clark, D.: End-To-End Arguments in System Design. ACM Transactions on Computer Systems 2 (November 1984)
Shea, G., Roe, M.: Child-proof Authentication for MIPv6 (CAM). ACM Computer Communications Review 31 (April 2001)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. Internet Draft, work in progress (February 2004)
Nikander, P.: An architecture for authorization and delegation in distributed object-oriented agent systems. Ph.D. dissertation, Helsinki University of Technology, Helsinki (March 1999), [Online] Available: http://www.tml.hut.fi/~pnr/publications/PhDThesis.pdf
Fuller, V., Li, T., Yu, J., Varadhan, K.: Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy. RFC 1519 (September 1993)
Molina-Jimenez, C., Marshall, L.: True anonymity without mixes. In: Proc. IEEE Workshop on Internet Applications 2001, San Jose, CA (July 2001)
Srisuresh, P., Holdrege, M.: IP Network Address Translator (NAT) Terminology and Considerations. RFC 2663 (1999)
Perlman. R.: Understanding IKEv2: Tutorial, and rationale for decisions. Internet Draft, work in progress (February 2003)
Nikander, P., Ylitalo, J., Wall, J.: Integrating Security, Mobility, and Multi-Homing in a HIP Way. In: Proc. Network and Distributed Systems Security Symposium, NDSS 2003, San Diego, CA, February (2003)
Abadi, M.: Private authentication. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 27–40. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ylitalo, J., Nikander, P. (2006). BLIND: A Complete Identity Protection Framework for End-Points. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2004. Lecture Notes in Computer Science, vol 3957. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11861386_18
Download citation
DOI: https://doi.org/10.1007/11861386_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40925-0
Online ISBN: 978-3-540-40926-7
eBook Packages: Computer ScienceComputer Science (R0)