-----BEGIN PGP SIGNED MESSAGE----- FYI, at MobiCom '95, an ACM sponsored conference, an interesting paper entitled, _Untraceability in Mobile Networks_, was presented. The authors of the paper are Didier Samfat, Refik Molva and N. Asokan. For order info contact: acmhelp@acm.org ACM ISBN: 0-89791-814-2 ACM Order Number: 533952 As per the ACM rule, ``Abstracting with credit is permitted,'' I abstract ideas from the paper below. - From the paper's abstract: ``User mobility is a feature that raises many new security-related issues and concerns. One of them is the disclosure of a mobile user's real identity during the authentication process, or other procedures specific to mobile networks. Such disclosure allows an unauthorized third-party to track the mobile user's movements and current whereabouts. Depending on the context, access to any information related to a mobile user's location without his consent can be a serious violation of his privacy.'' The paper, along with other ideas of interest to the Cypherpunk, presents a classification system for arguing about the tradeoff between user authentication, user privacy (with respect to various entities in the network), user billing and user conveniences (such as, ``can others find the mobile user through his home agent?'') in mobile networks. The rest of the paper uses the classification scheme, which really is just a convenience way of mapping all the players in the network to the information they are allowed to ever know about a user that has an expectation of a certain level of privacy. The classification scheme models the following useful information regarding users: the full identity of the user f, the identity of the user's home domain h, and the identity of the user's current remote domain r. The classification scheme has the following players: User U, Home Domain/Authority H, Remote Domain/Authority R, Legitimate Network Entities L, and Eavesdroppers E. They assume U always knows everything about itself, so they ignore it from the discussion. Notice that they model no `GAK (Government Access to Key)' or, in this case, `GAI (Government Access to Identity)' agent. After laying the groundwork, the authors then set about to discuss the matrix of known information, according to their classification system, for various interesting cases: C1: Hiding User Identity from Eavesdroppers; C2: Hiding User Identity from Foreign Authorities; C3: Hiding Relationship Between the User and Authorities; C4: Hiding the Identity of the Home Authority from Foreign Authorities; and C5: Hiding User Behavior from Home Authority. The cases offer more privacy from C1 to C5. See the paper for the exact mapping of C[1-5] to the knowledge matrix involving f, h, r verses H, R, L, E. The authors, quite correctly, label C5 as in direct contrast to the intent of a ``big brother'' principle since ``no entity [other than the user] has any information about the user.'' Attaining C5 in a system would really be the ultimate in user location/action privacy. The authors do not discuss the issue, but it appears to be an open question whether, in light of a conspiracy involving authorities, whether or not C5 could actually be attained for a mobile user in a network. Note: At the other end of the privacy spectrum is the unlist C0 case. This correspond exactly to the classic cellular phone system in that nothing is hidden from eavesdroppers. Every relationship box on the knowledge matrix for case C0 is set to true. Next, the authors address how the levels of privacy affect and are affected by other, non-security related, areas of system requirements. For example, to make the highest levels of privacy work with cross-authority guaranteed billing, some form of anonymous, non-repudiable digital cash might be required. The paper goes on to discuss how GSM, for both voice and packet data users, and CDPD fail to even completely cover the simplist of privacy cases, C1! The authors construct a protocol that provides privacy levels C1 and C2, then enhance the basic algorithm to provide a hybrid privacy level somewhere between C4 and C5 (they do not solve all the privacy problems present when the home and foreign authorities are involved in a conspiracy --- they do, however, worry about foreign authorities involved in a local conspiracy amongst themselves). Finally, the authors give a proof of correctness for the basic algorithm, an evaluation of its performance and compare their design to other possible designs. In sum, this paper is a must read for all Cypherpunk's interested in the topic of untraceability and user identification privacy in mobile networks. To me, the paper appears to extend the state of the art in several directions since it applies Chaum's, and other's, ideas to mobile networks, where some tradeoffs are different from wired, stable networks and some problems are entirely new. As a final aside, none of the authors could be present to give the talk related to the paper, so the advisor of one of the students, Jay Black of the University of Waterloo, gave the talk. He mentioned that he did to not understand why this area of research was important. Apparently, he has never heard the Cypherpunk's privacy message. However, he was quite a good sport about presenting the paper. Later, in the question period --- a guy, later outed as with the U. S. government --- raised the same issue in a more hostile tone. All I can say to the unknown G-Man, ``Are you totally clueless? This is a country that was founded upon the principles of anonymous speech and one's right to privacy. It is about time that the people restore these lost freedoms through technology alone, if possible, or on the political scene, if required.'' Regards, Loren - -- Loren J. Rittle (rittle@comm.mot.com) PGP KeyIDs: 1024/B98B3249 2048/ADCE34A5 Systems Technology Research (IL02/2240) FP1024:6810D8AB3029874DD7065BC52067EAFD Motorola, Inc. FP2048:FDC0292446937F2A240BC07D42763672 (708) 576-7794 Call for verification of fingerprints. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMMVZ+/8de8m5izJJAQFL9AQAhwzqlJK4fnsnCs09XO7Mnhfej1z+eHrQ ALhAVNSYphH1qvLAM4veRr+Af+XoP0QO7s6GXu+IHlR5b0r8Qy9qKw5XeIeGra4d wuqrVngKAd6Pm0G2Gdj6+4ERoNJL9xwIvfswUyMNAai8K+rnqBE9F/yTTRn363T+ dT9CkMq+Wqs= =MP9H -----END PGP SIGNATURE-----