| Internet-Draft | Terminal Identity Authentication Based o | February 2024 |
| Guan, et al. | Expires 29 August 2024 | [Page] |
Privacy and accountability are currently significant concerns on the internet. Privacy generally implies untraceable sources. Effective verification methods inherently raise privacy concerns when confirming a user's identity. To prevent extensive modifications to current network protocols and the introduction of new identifiers, we propose an IPv6 based address label terminal identity authentication mechanism. This mechanism facilitates user identity verification, ensuring privacy protection, security, and efficient auditing. Additionally, this document outlines the implementation of address label authentication in the IPv6 extension header.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 4 August 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The identity authentication mechanism, relying on address labels, utilizes the user's multi-dimensional attributes. It designs a unified user identity and employs a distributed consensus infrastructure for consensus and management. The user identity is anonymized and embedded in the data packet to ensure secure data transmission. The cross-domain receiving end verifies the authenticity and trustworthiness of the terminal identity through the dynamic label authentication mechanism.¶
The address label identifies the identity of different terminals. The address label serves as an identifier, created by initializing the multidimensional attribute table of the terminal and encrypting it using a symmetric key. The length of the address label depends on the length of the encryption algorithm. A section of the address label will be incorporated into the IPv6 address, serving as a communication identifier. The remaining part will accompany the data packet to the next hop. At the subsequent hop, the device will utilize this information to acquire the complete address label.¶
Given the aforementioned reasons, we employ address label extension headers to transmit terminal identity for authentication and scrutiny within the network. We make full use of the IPv6 address space to establish a robust connection among terminal identity, address, and data. This allows address labels to withstand diverse attacks like tampering, replay, and forgery.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
The ALE extension header is encapsulated in the Hop-by-Hop Options header. The (outer) protocol header (IPv6, or Extension) that immediately precedes the ALE header contain the value 0 in its Next Header field[RFC5871] (see IANA web page at http://www.iana.org/assignments/protocol-numbers). Figure 1 illustrates the basic format of the ALE header[RFC6564] [RFC7045].¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Header | Length | Opt Type | Opt Data Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | EEA Type | IPC Type | Reserve | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // Extra Encrypted Address(variable) // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ // Integrity Protection Code(variable) // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Extra Encrypted Auth field (EEA) represents a partial value derived from the encryption of identity information using a symmetric key.¶
The initial 64 bits of the encryption result will be inserted into the trailing 64 bits of the IPv6 packet source address (referred to as the Implicit Identifier IID). The remaining portion will be stored in the EEA field, ensuring data authenticity and the inviolability of identity information.¶
The length of this field MAY vary depending on the selected encryption algorithm. The data requiring encryption encompasses the anonymous identity, timestamp, and serial number of the terminal. The verifier must decrypt these outcomes to authenticate the identity.¶
The encryption algorithm type used is represented by the first four bits of the Encryption Type field, and specific values refer to Table 1:¶
| EEA Type field | Encryption Algorithm | EEA Length/bits |
|---|---|---|
| 0 | Reserve | |
| 1 | SM4 | 64 |
| 2 | AES128 | 64 |
| 3 | AES256 | 192 |
| 4 | DES | 64 |
| 5 | 3DES | 64 |
Values not listed in the table are considered reserved values.¶
The Identity Protection Code field (IPC) is a hash result containing partial identity information of the terminal and the complete transport layer data.¶
The IPC field guarantees data integrity during transmission. The data subject to hash verification encompasses the IPv6 source address, destination address, EEA, anonymous terminal identity AID, timestamp, serial number, and the transport layer data (including transport layer headers) of the message. In the verification process, the identical hash operation is applied to these data, and subsequently, the IPC is compared. Transmission correctness is confirmed only when the two match; otherwise, this packet should be discarded.¶
Different hash algorithms MAY result in different lengths of IPC. We use the last 4 bits of the Encryption Type field to represent the current hash algorithm being used, and specific values refer to Table 2:¶
| IPC Type field | Encryption Algorithm | EEA Length/bits |
|---|---|---|
| 0 | Reserve | |
| 1 | SHA256 | 256 |
| 2 | SHA384 | 384 |
| 3 | SHA512 | 512 |
| 4 | MD5 | 128 |
Values not listed in the table are considered reserved values.¶
The process description for the terminal identity authentication based on address label will be based on the following assumptions:¶
This document describes a protocol process that includes a Source AS and a Destination AS, both of which contain a Border Router for packet forwarding, and each of which contains a User/Host. The network environment is illustrated in the figure 2 below:¶
+---------------------+ +---------------------+ | Source AS | | Destination AS | | | | | | +--------------+ | | +--------------+ | | | User/Host | | | | User/Host | | | | | | | | | | | +--------------+ | | +--------------+ | | | | | | | | | | | | | | +--------------+ | Internet | +--------------+ | | | Border | |<--------------->| | Border | | | | Router | | | | Router | | | | | | | | | | | +--------------+ | | +--------------+ | +---------------------+ +---------------------+
Each packet sent from the source host MUST insert the extension header described above and encrypt the Anonymous Identifier (AID) of its own IPv6 address using a symmetric key. The first 64 bits of the encrypted result are used as the IID(implicit Identifier) of the address, while the remaining bits are used as the EEA in the extension header. By following these steps, the non-linkability between the sender and receiver is improved to counter third-party observers on the same LAN segment and maintain anonymity.¶
To ensure that there are no errors during data transmission, we also use IPC fields as a means of verifying data correctness. We use specific hash algorithms to calculate the checksum of partial terminal identity information and all transport layer data. In addition, the original checksum check of the transport layer is also retained. But due to the modification of the IPv6 address, the checksum of the transport layer MAY need to be recalculated.¶
For outgoing packets, when the border router of the source AS receives an outgoing packet, it uses the corresponding symmetric key to decrypt the IID and EEA of the address, thereby obtaining the original AID. Next, the border router calculates the IPC using the IP header and payload and then compares it with the IPC in the packet to verify the integrity of the packet. If the verification fails, the border router discards the packet. Otherwise, it uses the corresponding symmetric key shared with the destination AS to re-encrypt the AID and forwards the packet.¶
For incoming packets, when the border router of the destination AS receives an incoming packet, it requests and reproduces the symmetric key of the terminal from the domain server based on the information in the packet extension header, and decrypts the address label to verify it. If the verification is successful, it encrypts the original source address's AID using the symmetric key and forwards the packet.¶
According to [HBH-OPTIONS-PROCESSING] and [PROC-HBH-OPT-HEADER], nodes lacking support for the current protocol MAY experience packet loss.¶
The packets forwarded by the border router are received by the User/Host in the destination AS, which decrypts the AID of the source address with its own symmetric key, and verifies the real source address of the host with which it communicates. Similarly, the host needs to verify the correctness of data transmission through IPC field.¶
Through the above steps, the protocol in this document can guarantee that only verified packets can leave the source AS and successfully reach the destination host.¶
This section contains security considerations for the protocol described in this document.¶
All random values in the protocol and symmetric key MUST be generated using a cryptographically secure source of randomness [RFC4086].¶
Attackers can track and identify the sender's activity patterns and history by using the source address in network traffic to conduct tracking attacks. In the network environment, the source address is usually a fixed or stable identifier, such as an IP address, a MAC address, or other types of identifiers. These identifiers can be collected and correlated by attackers to construct the sender's activity patterns and history.¶
This document protocol ensures that the sender can hide their identity from the source AS, the transit ASes, the destination AS, and even the receiver, making it difficult for the source address information in network traffic to be exposed or identified. This is because the attacker does not know the symmetric key of the AS, so they cannot decrypt IDD and EEA to obtain user identifiers and extract user identities, thus fully protecting the sender's privacy and security.¶
However, it is important to note that this document protocol does not maintain sender anonymity for observers in the LAN segment because they already know the identity (link layer address) of the sender.¶
Unlinkability in this document refers to the ability of the sender's different actions or activities to be uncorrelated. This way, the sender can prevent their actions or activity from being linked by adversaries or other third parties, thereby avoiding the leakage of their information or intentions.¶
Through this protocol, adversaries cannot obtain more information about the source correlation of traffic by observing any number of flows from the same Autonomous System (AS). The source correlation of traffic refers to the possibility of two flows coming from the same sender. The meaning of traffic here is the same for the sender and receiver as it is in traditional networks, but it is different for other devices and observers in the network. This is because the protocol in this document changes the source or destination address.¶
In the network environment, adversaries may invade hosts in the same LAN segment as the sender and obtain clues about the sender's identity, which leads to a decrease in sender-receiver unlinkability. When the sender sends a data packet, the invaded host in the LAN segment can know the source and destination addresses. However, in this document protocol, since the sender encrypts the AID of the destination address in each data packet, the invaded host cannot know the true destination address.¶
Integrity protection ensures that the information in the extended header has not been tampered with or modified during packet transmission.¶
In this document protocol, if an adversary sends packets with incorrect IPCs, the border router will concatenate and decrypt the IID and EEA in the packet and calculate a new IPC using SN, timestamps, and other data. If the new IPC calculated by the border router does not match the one in the packet header, the border router identifies the packet as bogus and discards it. Through the above analysis, data packets that do not pass the IPC integrity check in this protocol will not be forwarded, thus ensuring data integrity.¶
IANA is asked to assign the Option Type in the "Destination Options and Hop-by-Hop Options" subregistry of the "Internet Protocol Version 6 (IPv6) Parameters" registry as follows:¶
| Hex Value | Binary Value | Description | Reference | ||
|---|---|---|---|---|---|
| act | chg | rest | |||
| 0xf3 | 11 | 1 | 10011 | Address Label | This document |