SlideShare ist ein Scribd-Unternehmen logo

Zuniga-Privacy-ECSG-update

B
Brandon Height

This document provides an update on the activities of the IEEE 802 EC Privacy Recommendation Study Group. It discusses the group's scope, lifetime, and plans to conduct Wi-Fi privacy experiments at IETF and IEEE meetings. It proposes a PAR and CSD for a new IEEE recommended practice on privacy considerations for 802 protocols. The group plans to submit the PAR for pre-circulation and continue its privacy experiments to help inform the development of the recommended practice.

1 von 23
Downloaden Sie, um offline zu lesen
1 IEEE  802  EC     Privacy  Recommenda5on  Study  Group     Update  to  IESG/IAB/IEEE802-­‐EC     @  Jan  2015  Exec  teleconference   2015-­‐01-­‐21   Juan  Carlos  Zuniga,  InterDigital  Labs   (EC  SG  Chair)    
2 ToC   •  IEEE  802  Privacy  EC  SG  Status   •  IETF91  Wi-­‐Fi  Privacy  Experiment     •  Proposed  PAR  to  IEEE  802   •  Plans  and  upcoming  mee5ngs   –  IEEE  802  Plenary  network  trial   –  IETF92  network  trial   •  Q&A  
3 IEEE  802  EC  Privacy  SG   •  Scope   The  IEEE  802  Execu-ve  Commi3ee  (EC)  Privacy  Recommenda-on   SG  will  study  privacy  issues  related  to  IEEE  802  technologies  and   consider  the  need  for  a  recommended  prac-ce  applicable  to  IEEE   802  protocols.  If  such  a  need  is  iden-fied,  the  SG  will  determine   whether  the  IEEE  802  criteria  for  standards  development  (CSD)   support  the  ini-a-on  of  a  project  and,  if  so,  it  will  prepare  a  PAR   for  considera-on  by  the  IEEE  802  Execu-ve  Commi3ee.     •  Life5me   Study  Group  (SG)  Created  at  July  2014  IEEE  802  plenary.   Currently   chartered   to   run   un5l   IEEE   802   Plenary   mee5ng   in   March  2015  (Berlin,  Germany),  with  an  expecta5on  of  renewal   through  July  2015.    
4 IETF91  Wi-­‐Fi  Privacy  Experiment    
5 5 Wi-­‐Fi  Privacy  Trial  at  IETF  and  IEEE  Mee5ngs   •  Opt-­‐in  trial  at  IETF  and  IEEE  mee5ngs  networks  to  assess   performance  and  implica5ons  of  user’s  MAC  address   randomiza5on   •  First  experiment  at  IETF91,  coordinated  between  Privacy  EC   SG  par5cipants  and  IETF  NOC  team   •  Looked  at  poten5al  issues  related  to:   –  DHCP  pools   –  States  in  network  switches   –  MAC  address  collisions   –  ARP/ND   –  IPv6  addressing   –  Security  infrstructure  
6 Trial  setup   •  WLAN address randomization scripts developed and provided for 3 different OSes: –  Microsoft Windows (tested on Windows 7) –  Apple Mac OS X (tested on Version 10.10, alias Yosemite) –  GNU Linux (tested on Debian testing/unstable, Ubuntu 13.10, and Fedora 20) •  Probes on DHCP and wireless network infrastructure https://www.ietf.org/registration/MeetingWiki/wiki/91privacy
7 Par5cipants’  sta5s5cs   •  Participation increased significantly throughout the week –  Around 3x at the end of the week (Mon-Thu) •  OS distribution: 7% 53% 40% Windows Mac OS X Linux
8 DHCP  logs   •  685 Local MACs seen during the week –  631 Local MACs were seen on the trial’s WLAN network –  125 Local MACs were also seen on regular IETF WLAN networks •  Estimating between 50 and 100 people participated in the trial –  Results based on the number of non-Local MAC seen on the trial’s WLAN and other metrics (e.g., # different IP addresses allocated and DHCP hostnames provided) –  Method for better keeping track the number of participants should be provided in the future (e.g., use of IEEE 802.1X access setup)
9 Experiment's  next  steps   •  Preparing a “wish list” with IETF NOC and SG members –  Logged information: we are working on potential additional logs that would help us getting more precise information –  Access setup: use IEEE 802.1X to easily track participation –  Increased frequency poll of logs at the routers (netdisco) –  Decrease DHCP lease time for Local MACs –  Make a more detailed study of collision effects under different scenarios •  Need to increase participation –  Prepare address randomization tools for more platforms/OSes, including mobile ones (e.g. Android)
10 Privacy  Recommenda5on  PAR/CSD  Proposal   https://mentor.ieee.org/privecsg/dcn/15/privecsg-15-0004-01-0000- privacy-recommendation-par-csd-proposal.pptx
11 Title   •  IEEE Recommended Practice for Information technology-- Telecommunications and information exchange between systems-- Local and metropolitan area networks: •  Privacy considerations for IEEE 802 Protocols.
12 Scope  of  the  Project   •  This document specifies a privacy threat model for IEEE 802 protocols and provides general recommendations for protocol developers and implementers on how to protect against privacy threats.
13 Purpose   •  The recommended practice document will provide recommendations to address privacy threats applicable to link layer technologies, including threats such as Surveillance, Monitoring, Stored Data Compromise, Intrusion, Misattribution, Correlation, Identification, Secondary Use, Disclosure and Exclusion.
14 Need   •  In order to address recent concerns about Internet privacy, SDOs such as IETF, W3C and IEEE 802 need to take action. •  Some of the technologies developed in IEEE 802 play a major role in Internet connectivity, and certain threats are applicable specifically to link layer technologies. •  IEEE 802 has been collaborating with IETF in many fronts and the need to develop privacy guidelines in IEEE 802 has been identified as one new area for collaboration between the two organizations. •  This document will provide recommendations on how to consider privacy as part of protocol design and implementation.
15 Stakeholders   •  Developers, providers, and users of services, content and equipment for wired and wireless network connectivity using IEEE 802 protocols. This includes software developers, networking IC developers, bridge and NIC vendors, service providers and users.
16 Broad  Market  Poten5al   •  Each proposed IEEE 802 LMSC standard shall have broad market potential. At a minimum, address the following areas: –  a) Broad sets of applicability. –  b) Multiple vendors and numerous users. •  New social networks and applications are being used across multiple networks and devices. These developments bring enormous economic and social value to individuals and to society as a whole. However, such value may not be fully achieved without successfully addressing the growing privacy threat. •  Users are increasingly aware of privacy issues. According to GSMA (Mobile Privacy Principles), “A critical factor for the sustainable development of this eco-system is a robust and effective framework for the protection of privacy, where users can continue to have confidence and trust in Internet technologies, applications and services.” Privacy has also been identified as a key feature for Internet service providers, network providers and device manufacturers, as recent industry announcements show. •  Most Internet connections make use of a technology developed in IEEE 802 (e.g. IEEE 802.3, 802.1 and 802.11), and some companies have already started implementing privacy features on top of IEEE 802 protocols. Providing privacy features is already seen as a business advantage. This recommendation will mitigate the risk of privacy threats on IEEE 802 technologies and will foster continued growth of deployment of IEEE 802 technologies for communication devices.
17 Technical  Feasibility   •  Each proposed IEEE 802 LMSC standard shall provide evidence that the project is technically feasible within the time frame of the project. At a minimum, address the following items to demonstrate technical feasibility: –  a) Demonstrated system feasibility. –  b) Proven similar technology via testing, modeling, simulation, etc. •  The recommended practice will define recommendations that can be followed by protocol designers and implementers to improve privacy. Hence, no specific technical changes will be specified. •  [Editor’s note: Some experiments have been carried out and technical reports of these experiments can be published, for instance as Informational RFCs.]
18 Group’s  plans  and  upcoming  mee5ngs
19 PAR  Plans   •  Considering submitting the PAR/CSD for pre-circulation in order to get comments from all 802 WGs at the March meeting. •  New PAR to be hosted by an existing WG/ TG or a new WG/TG – Currently considering 802.1
20 Privacy  EC  SG  Plans   •  Considering  doing  the  MAC  trial  experiment  at   both  IEEE  802  and  IETF  mee5ngs   –  IEEE  802  Plenary  mee5ng  in  Berlin,  Germany     • 8-­‐13  March  2015   –  IETF  92  mee5ng  in  Dallas,  TX,  USA     • 23-­‐27  March  2015   •  Verilan  will  be  providing  networking  facili5es   for  both  sites  
21 Upcoming  EC  SG  mee5ngs   •  4  February  2015,  (10:00  AM  ET),  Teleconference   –  Poten5al  PAR/CSD  submission   •  25  February  2015,  (10:00  AM  ET),  Teleconference   •  8-­‐13  March  2015,  IEEE  802  Plenary  mee5ng  in   Berlin,  Germany   •  (Other  mee5ngs  and  teleconferences  TBD,  if  SG  is   renewed)  
22 Resources   •  EC  SG  Web  Page   –  hkp://www.ieee802.org/PrivRecsg/     •  Mailing  list  (reflector)   –  stds-802-privacy@listserv.ieee.org   •  Mentor  (document  repository)   –  hkps://mentor.ieee.org/privecsg/documents     •  RFC  6973  -­‐  Privacy  Considera5ons  for  Internet   Protocols   –  hkp://tools.iem.org/html/rfc6973    
23 Further  thoughts  on  Recommended  Prac5ces   documents   •  How  to  enforce  privacy  recommenda5ons  on   future  protocol  standards  in  prac5ce?   –  Security  sec5on?   –  Privacy-­‐specific  sec5on?   –  Expert  review?   –  Other?  

Empfohlen

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPNIC
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800David Sweigert
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
Tech 2 Tech - security
Tech 2 Tech - securityTech 2 Tech - security
Tech 2 Tech - securityJisc
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 

Empfohlen

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...APNIC
 
APrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPrIGF 2015: Security and the Internet of Things
APrIGF 2015: Security and the Internet of ThingsAPNIC
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800Power Grid Identity Management addressed with NIST 1-800
Power Grid Identity Management addressed with NIST 1-800David Sweigert
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
IPv6 Development in ITB 2013
IPv6 Development in ITB 2013IPv6 Development in ITB 2013
IPv6 Development in ITB 2013Affan Basalamah
 
Tech 2 Tech - security
Tech 2 Tech - securityTech 2 Tech - security
Tech 2 Tech - securityJisc
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
Topics in Networking for project and thesis
Topics in Networking for project and thesisTopics in Networking for project and thesis
Topics in Networking for project and thesisTechsparks
 
Networking Research Projects Help
Networking Research Projects Help Networking Research Projects Help
Networking Research Projects Help Network Simulation Tools
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Revolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT HarmonizationRevolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT HarmonizationSadatulla Zishan
 
dsapps_products_web
dsapps_products_webdsapps_products_web
dsapps_products_webSesh Raj
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSmart Grid Interoperability Panel
 
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...Ed Dodds
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger
 
Jacquelyn Franklin Resume
Jacquelyn Franklin ResumeJacquelyn Franklin Resume
Jacquelyn Franklin ResumeJacquelyn Franklin
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
MARNEW at IETF 94
MARNEW at IETF 94MARNEW at IETF 94
MARNEW at IETF 94Natasha Rooney
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
Wireshark and Its Application
Wireshark and Its ApplicationWireshark and Its Application
Wireshark and Its ApplicationMd. Abdul Awal
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
ION Belgrade - IETF Update
ION Belgrade - IETF UpdateION Belgrade - IETF Update
ION Belgrade - IETF UpdateDeploy360 Programme (Internet Society)
 
ION Malta - IETF Update
ION Malta - IETF UpdateION Malta - IETF Update
ION Malta - IETF UpdateDeploy360 Programme (Internet Society)
 

Weitere ähnliche Inhalte

Was ist angesagt?

Topics in Networking for project and thesis
Topics in Networking for project and thesisTopics in Networking for project and thesis
Topics in Networking for project and thesisTechsparks
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practiceteam-WIBU
 
Revolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT HarmonizationRevolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT HarmonizationSadatulla Zishan
 
dsapps_products_web
dsapps_products_webdsapps_products_web
dsapps_products_webSesh Raj
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...Ed Dodds
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworksBrozaa
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Jisc
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationJavier Tallón
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprUlf Mattsson
 
Wireshark and Its Application
Wireshark and Its ApplicationWireshark and Its Application
Wireshark and Its ApplicationMd. Abdul Awal
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 

Was ist angesagt? (20)

Topics in Networking for project and thesis
Topics in Networking for project and thesisTopics in Networking for project and thesis
Topics in Networking for project and thesis
 
Networking Research Projects Help
Networking Research Projects Help Networking Research Projects Help
Networking Research Projects Help
 
Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3Michael Zaytsev-resume-Verint-2013-v3
Michael Zaytsev-resume-Verint-2013-v3
 
IIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in PracticeIIoT Endpoint Security – The Model in Practice
IIoT Endpoint Security – The Model in Practice
 
Revolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT HarmonizationRevolutionizing I4.0 Security and IT/OT Harmonization
Revolutionizing I4.0 Security and IT/OT Harmonization
 
dsapps_products_web
dsapps_products_webdsapps_products_web
dsapps_products_web
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 
Securing Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy SectorSecuring Networked Infrastructure for the Energy Sector
Securing Networked Infrastructure for the Energy Sector
 
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
Creating a Climate for Innovation on Internet2 - Eric Boyd Senior Director, S...
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Defending the campus juniper nerworks
Defending the campus juniper nerworksDefending the campus juniper nerworks
Defending the campus juniper nerworks
 
Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44Greenbone vulnerability assessment - Networkshop44
Greenbone vulnerability assessment - Networkshop44
 
Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers" Defcon 18 "Hacking Electronic Door Access Controllers"
Defcon 18 "Hacking Electronic Door Access Controllers"
 
Jacquelyn Franklin Resume
Jacquelyn Franklin ResumeJacquelyn Franklin Resume
Jacquelyn Franklin Resume
 
jtsec Arqus Alliance presentation
jtsec Arqus Alliance presentationjtsec Arqus Alliance presentation
jtsec Arqus Alliance presentation
 
MARNEW at IETF 94
MARNEW at IETF 94MARNEW at IETF 94
MARNEW at IETF 94
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdprIsaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
 
Wireshark and Its Application
Wireshark and Its ApplicationWireshark and Its Application
Wireshark and Its Application
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 

Ähnlich wie Zuniga-Privacy-ECSG-update

Janet Network R&D Innovation - HEAnet / Juniper Innovation Day
Janet Network R&D Innovation - HEAnet / Juniper Innovation DayJanet Network R&D Innovation - HEAnet / Juniper Innovation Day
Janet Network R&D Innovation - HEAnet / Juniper Innovation DayMartin Hamilton
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalSyam Madanapalli
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdfAmitH42
 
Lecture 01 {Introduction}.pptx
Lecture 01 {Introduction}.pptxLecture 01 {Introduction}.pptx
Lecture 01 {Introduction}.pptxSurendraBasnet6
 
ITU-T Study Group 11 Introduction
ITU-T Study Group 11 IntroductionITU-T Study Group 11 Introduction
ITU-T Study Group 11 IntroductionITU
 
15CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 315CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 3Syed Mustafa
 
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP Project
 
ch2-What are Connections?
ch2-What are Connections?ch2-What are Connections?
ch2-What are Connections?ssuser06ea42
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017Jian-Hong Pan
 
01-01-2017 This section will lay out the implementation plan o.docx
01-01-2017 This section will lay out the implementation plan o.docx01-01-2017 This section will lay out the implementation plan o.docx
01-01-2017 This section will lay out the implementation plan o.docxhoney725342
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationNikolay Milovanov
 

Ähnlich wie Zuniga-Privacy-ECSG-update (20)

ION Belgrade - IETF Update
ION Belgrade - IETF UpdateION Belgrade - IETF Update
ION Belgrade - IETF Update
 
ION Malta - IETF Update
ION Malta - IETF UpdateION Malta - IETF Update
ION Malta - IETF Update
 
ION Islamabad - What's Happening at the IETF?
ION Islamabad - What's Happening at the IETF?ION Islamabad - What's Happening at the IETF?
ION Islamabad - What's Happening at the IETF?
 
ION Costa Rica - About the IETF and How to Get Involved
ION Costa Rica - About the IETF and How to Get InvolvedION Costa Rica - About the IETF and How to Get Involved
ION Costa Rica - About the IETF and How to Get Involved
 
Janet Network R&D Innovation - HEAnet / Juniper Innovation Day
Janet Network R&D Innovation - HEAnet / Juniper Innovation DayJanet Network R&D Innovation - HEAnet / Juniper Innovation Day
Janet Network R&D Innovation - HEAnet / Juniper Innovation Day
 
IoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR ProposalIoT Security Assessment - IEEE PAR Proposal
IoT Security Assessment - IEEE PAR Proposal
 
IOT_module_3.pdf
IOT_module_3.pdfIOT_module_3.pdf
IOT_module_3.pdf
 
ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?ION Durban - What's Happening at the IETF?
ION Durban - What's Happening at the IETF?
 
Lecture 01 {Introduction}.pptx
Lecture 01 {Introduction}.pptxLecture 01 {Introduction}.pptx
Lecture 01 {Introduction}.pptx
 
tip oopt pse-summit2017
tip oopt pse-summit2017tip oopt pse-summit2017
tip oopt pse-summit2017
 
ITU-T Study Group 11 Introduction
ITU-T Study Group 11 IntroductionITU-T Study Group 11 Introduction
ITU-T Study Group 11 Introduction
 
SDN-based Inter-Cloud Federation for OF@TEIN
SDN-based Inter-Cloud Federation for OF@TEINSDN-based Inter-Cloud Federation for OF@TEIN
SDN-based Inter-Cloud Federation for OF@TEIN
 
15CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 315CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 3
 
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) MeetingRECAP at ETSI Experiential Network Intelligence (ENI) Meeting
RECAP at ETSI Experiential Network Intelligence (ENI) Meeting
 
ch2-What are Connections?
ch2-What are Connections?ch2-What are Connections?
ch2-What are Connections?
 
The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017The Considerations for Internet of Things @ 2017
The Considerations for Internet of Things @ 2017
 
01-01-2017 This section will lay out the implementation plan o.docx
01-01-2017 This section will lay out the implementation plan o.docx01-01-2017 This section will lay out the implementation plan o.docx
01-01-2017 This section will lay out the implementation plan o.docx
 
SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1SDI to IP 2110 Transition Part 1
SDI to IP 2110 Transition Part 1
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
 
6 osi vimp
6 osi vimp6 osi vimp
6 osi vimp
 

Zuniga-Privacy-ECSG-update

  • 1. 1 IEEE  802  EC     Privacy  Recommenda5on  Study  Group     Update  to  IESG/IAB/IEEE802-­‐EC     @  Jan  2015  Exec  teleconference   2015-­‐01-­‐21   Juan  Carlos  Zuniga,  InterDigital  Labs   (EC  SG  Chair)    
  • 2. 2 ToC   •  IEEE  802  Privacy  EC  SG  Status   •  IETF91  Wi-­‐Fi  Privacy  Experiment     •  Proposed  PAR  to  IEEE  802   •  Plans  and  upcoming  mee5ngs   –  IEEE  802  Plenary  network  trial   –  IETF92  network  trial   •  Q&A  
  • 3. 3 IEEE  802  EC  Privacy  SG   •  Scope   The  IEEE  802  Execu-ve  Commi3ee  (EC)  Privacy  Recommenda-on   SG  will  study  privacy  issues  related  to  IEEE  802  technologies  and   consider  the  need  for  a  recommended  prac-ce  applicable  to  IEEE   802  protocols.  If  such  a  need  is  iden-fied,  the  SG  will  determine   whether  the  IEEE  802  criteria  for  standards  development  (CSD)   support  the  ini-a-on  of  a  project  and,  if  so,  it  will  prepare  a  PAR   for  considera-on  by  the  IEEE  802  Execu-ve  Commi3ee.     •  Life5me   Study  Group  (SG)  Created  at  July  2014  IEEE  802  plenary.   Currently   chartered   to   run   un5l   IEEE   802   Plenary   mee5ng   in   March  2015  (Berlin,  Germany),  with  an  expecta5on  of  renewal   through  July  2015.    
  • 4. 4 IETF91  Wi-­‐Fi  Privacy  Experiment    
  • 5. 5 5 Wi-­‐Fi  Privacy  Trial  at  IETF  and  IEEE  Mee5ngs   •  Opt-­‐in  trial  at  IETF  and  IEEE  mee5ngs  networks  to  assess   performance  and  implica5ons  of  user’s  MAC  address   randomiza5on   •  First  experiment  at  IETF91,  coordinated  between  Privacy  EC   SG  par5cipants  and  IETF  NOC  team   •  Looked  at  poten5al  issues  related  to:   –  DHCP  pools   –  States  in  network  switches   –  MAC  address  collisions   –  ARP/ND   –  IPv6  addressing   –  Security  infrstructure  
  • 6. 6 Trial  setup   •  WLAN address randomization scripts developed and provided for 3 different OSes: –  Microsoft Windows (tested on Windows 7) –  Apple Mac OS X (tested on Version 10.10, alias Yosemite) –  GNU Linux (tested on Debian testing/unstable, Ubuntu 13.10, and Fedora 20) •  Probes on DHCP and wireless network infrastructure https://www.ietf.org/registration/MeetingWiki/wiki/91privacy
  • 7. 7 Par5cipants’  sta5s5cs   •  Participation increased significantly throughout the week –  Around 3x at the end of the week (Mon-Thu) •  OS distribution: 7% 53% 40% Windows Mac OS X Linux
  • 8. 8 DHCP  logs   •  685 Local MACs seen during the week –  631 Local MACs were seen on the trial’s WLAN network –  125 Local MACs were also seen on regular IETF WLAN networks •  Estimating between 50 and 100 people participated in the trial –  Results based on the number of non-Local MAC seen on the trial’s WLAN and other metrics (e.g., # different IP addresses allocated and DHCP hostnames provided) –  Method for better keeping track the number of participants should be provided in the future (e.g., use of IEEE 802.1X access setup)
  • 9. 9 Experiment's  next  steps   •  Preparing a “wish list” with IETF NOC and SG members –  Logged information: we are working on potential additional logs that would help us getting more precise information –  Access setup: use IEEE 802.1X to easily track participation –  Increased frequency poll of logs at the routers (netdisco) –  Decrease DHCP lease time for Local MACs –  Make a more detailed study of collision effects under different scenarios •  Need to increase participation –  Prepare address randomization tools for more platforms/OSes, including mobile ones (e.g. Android)
  • 10. 10 Privacy  Recommenda5on  PAR/CSD  Proposal   https://mentor.ieee.org/privecsg/dcn/15/privecsg-15-0004-01-0000- privacy-recommendation-par-csd-proposal.pptx
  • 11. 11 Title   •  IEEE Recommended Practice for Information technology-- Telecommunications and information exchange between systems-- Local and metropolitan area networks: •  Privacy considerations for IEEE 802 Protocols.
  • 12. 12 Scope  of  the  Project   •  This document specifies a privacy threat model for IEEE 802 protocols and provides general recommendations for protocol developers and implementers on how to protect against privacy threats.
  • 13. 13 Purpose   •  The recommended practice document will provide recommendations to address privacy threats applicable to link layer technologies, including threats such as Surveillance, Monitoring, Stored Data Compromise, Intrusion, Misattribution, Correlation, Identification, Secondary Use, Disclosure and Exclusion.
  • 14. 14 Need   •  In order to address recent concerns about Internet privacy, SDOs such as IETF, W3C and IEEE 802 need to take action. •  Some of the technologies developed in IEEE 802 play a major role in Internet connectivity, and certain threats are applicable specifically to link layer technologies. •  IEEE 802 has been collaborating with IETF in many fronts and the need to develop privacy guidelines in IEEE 802 has been identified as one new area for collaboration between the two organizations. •  This document will provide recommendations on how to consider privacy as part of protocol design and implementation.
  • 15. 15 Stakeholders   •  Developers, providers, and users of services, content and equipment for wired and wireless network connectivity using IEEE 802 protocols. This includes software developers, networking IC developers, bridge and NIC vendors, service providers and users.
  • 16. 16 Broad  Market  Poten5al   •  Each proposed IEEE 802 LMSC standard shall have broad market potential. At a minimum, address the following areas: –  a) Broad sets of applicability. –  b) Multiple vendors and numerous users. •  New social networks and applications are being used across multiple networks and devices. These developments bring enormous economic and social value to individuals and to society as a whole. However, such value may not be fully achieved without successfully addressing the growing privacy threat. •  Users are increasingly aware of privacy issues. According to GSMA (Mobile Privacy Principles), “A critical factor for the sustainable development of this eco-system is a robust and effective framework for the protection of privacy, where users can continue to have confidence and trust in Internet technologies, applications and services.” Privacy has also been identified as a key feature for Internet service providers, network providers and device manufacturers, as recent industry announcements show. •  Most Internet connections make use of a technology developed in IEEE 802 (e.g. IEEE 802.3, 802.1 and 802.11), and some companies have already started implementing privacy features on top of IEEE 802 protocols. Providing privacy features is already seen as a business advantage. This recommendation will mitigate the risk of privacy threats on IEEE 802 technologies and will foster continued growth of deployment of IEEE 802 technologies for communication devices.
  • 17. 17 Technical  Feasibility   •  Each proposed IEEE 802 LMSC standard shall provide evidence that the project is technically feasible within the time frame of the project. At a minimum, address the following items to demonstrate technical feasibility: –  a) Demonstrated system feasibility. –  b) Proven similar technology via testing, modeling, simulation, etc. •  The recommended practice will define recommendations that can be followed by protocol designers and implementers to improve privacy. Hence, no specific technical changes will be specified. •  [Editor’s note: Some experiments have been carried out and technical reports of these experiments can be published, for instance as Informational RFCs.]
  • 18. 18 Group’s  plans  and  upcoming  mee5ngs
  • 19. 19 PAR  Plans   •  Considering submitting the PAR/CSD for pre-circulation in order to get comments from all 802 WGs at the March meeting. •  New PAR to be hosted by an existing WG/ TG or a new WG/TG – Currently considering 802.1
  • 20. 20 Privacy  EC  SG  Plans   •  Considering  doing  the  MAC  trial  experiment  at   both  IEEE  802  and  IETF  mee5ngs   –  IEEE  802  Plenary  mee5ng  in  Berlin,  Germany     • 8-­‐13  March  2015   –  IETF  92  mee5ng  in  Dallas,  TX,  USA     • 23-­‐27  March  2015   •  Verilan  will  be  providing  networking  facili5es   for  both  sites  
  • 21. 21 Upcoming  EC  SG  mee5ngs   •  4  February  2015,  (10:00  AM  ET),  Teleconference   –  Poten5al  PAR/CSD  submission   •  25  February  2015,  (10:00  AM  ET),  Teleconference   •  8-­‐13  March  2015,  IEEE  802  Plenary  mee5ng  in   Berlin,  Germany   •  (Other  mee5ngs  and  teleconferences  TBD,  if  SG  is   renewed)  
  • 22. 22 Resources   •  EC  SG  Web  Page   –  hkp://www.ieee802.org/PrivRecsg/     •  Mailing  list  (reflector)   –  stds-802-privacy@listserv.ieee.org   •  Mentor  (document  repository)   –  hkps://mentor.ieee.org/privecsg/documents     •  RFC  6973  -­‐  Privacy  Considera5ons  for  Internet   Protocols   –  hkp://tools.iem.org/html/rfc6973    
  • 23. 23 Further  thoughts  on  Recommended  Prac5ces   documents   •  How  to  enforce  privacy  recommenda5ons  on   future  protocol  standards  in  prac5ce?   –  Security  sec5on?   –  Privacy-­‐specific  sec5on?   –  Expert  review?   –  Other?