Referring to the RFC3041, and based on the comments given below i think in order to protect a mobile network, we can use the these approaches ; Prevention and Detection. The prevention approach consists in reducing the risk of threats by insuring that users respect the rules of usage of the network services. A well known mechanism is authentication based on shared secrets. In this section, we propose one-way authentication protocol into which user anonymity and untraceability are embedded based on both the secret-key certificate and the algebraic structure of the error-correcting code. Through issuing the secret-key certificate to each mobile subscriber, the key management problem of the authentication server can be eliminated even though the symmetric-key encryption is employed. (I read this proposal from an article related to authentication for mobile network).
Referring to section 2.4, I agree with your proposal of using the pseudo-random sequence of interface identifiers via an MD5 hash. RFC1948 suggests the use of source IP address, destination IP address, source port and destination port, plus an additional random secret key. This data should be hashed using a shortcut function to generate random and unique sequence numbers for every unique connection. Failing to account for this can lead to improper conclusions when analyzing TCP generators with respect to ISN predictability. However, my concern is that this could create packet overhead. Note: I'm a student who is still getting acquainted with IPV6. So would appreciate any feedback on my comments above. Thanks. Regards, M.Mognesvari -----Original Message----- From: Mauro Tortonesi [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 10:47 PM To: Pekka Savola Cc: Steve Deering; Thomas Narten; Joe Baptista; [EMAIL PROTECTED] Subject: Re: IPv6 Interview Questions and critic On Fri, 30 Aug 2002, Pekka Savola wrote: > Whether RFC3041 is too complex mechanism for some of the needs is a > different thing though. I think "randomizing" your MAC address once and > for all (or every time your computer restarts or whatever) should be > enough for most. this bootstap randomization of the MAC address without RFC3041 network layer addresses does not solve the problem of untraceability for mobile hosts. maybe an eavesdropper (that could be anywhere along the communication path) would not be able to find out the real hardware address of the interface of your host, but he will be able to trace the movements of your host with a little effort. -- Aequam memento rebus in arduis servare mentem... Mauro Tortonesi [EMAIL PROTECTED] [EMAIL PROTECTED] Ferrara Linux User Group http://www.ferrara.linux.it Project6 - IPv6 for Linux http://project6.ferrara.linux.it -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
