Network Working Group | B. Skeen |
Internet-Draft | Boeing Phantom Works |
Intended status: Standards Track | E. King |
Expires: November 3, 2016 | Boeing EO&T IT |
F. Templin, Ed. | |
Boeing Research & Technology | |
May 02, 2016 |
Including Geolocation Information in IPv6 Packet Headers (IPv6 GEO)
draft-skeen-6man-ipv6geo-02.txt
This document provides a specification for including geolocation information in the headers of IPv6 packets (IPv6 GEO). The information is intended to be included in packets for which the location of the source node is to be conveyed via the network to the destination node or nodes.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 3, 2016.
Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Internet Protocol, version 4 (IPv4) [RFC0791] provides limited capabilities for including additional information in the headers of packets. The maximum IPv4 header length is 60 bytes including any IP options, and options are not widely used due to incompatibilities with network middleboxes. On the other hand, Internet Protocol, version 6 (IPv6) [RFC2460] includes an extensible header format whereby additional information can be inserted between the IPv6 header and the transport layer header. These extensions can be included on a per-packet basis, and not necessarily for all packets of the same flow. This document specifies a format for including geolocation information within the headers of individual IPv6 packets (IPv6 GEO).
IPv6 GEO information is included at the discretion of source nodes for the benefit of destination nodes and/or network elements that may need to examine the headers of packets in transit. Legacy destination nodes that do not recognize the IPv6 GEO information must ignore it and process the rest of the packet as if it were not present. The IPv6 specification defines several extension header types, including the Destination Options header. Section 4.6 of [RFC2460] describes conditions under which new information should be encoded as either a new extension header or as a new destination option:
[RFC6564] further states that:
Section 3 of
Our first interpretation of this guidance and the supporting text that follows suggests that, since IPv6 GEO information must be ignored by legacy destination nodes, encoding as a Destination Option is indicated. Further investigation and community input may indicate that a new extension header type is instead warranted. In either case, future versions of this document will adopt the encoding approach indicated by community consensus.
The following terms are defined within the scope of this document:
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. When used in lower case (e.g., must, must not, etc.), these words MUST NOT be interpreted as described in [RFC2119], but are rather interpreted as they would be in common English.
IPv6 forwarding nodes must not discard packets that include the destination options specified herein unless by explicit administrative policy. General forwarding considerations for packets that contain IPv6 options are discussed in [I-D.gont-6man-ipv6-opt-transmit].
Traditionally, a given source node will include a set of identifying criteria that can be used to help determine the relative location of that node on the network. Such criteria include, but are not limited to, IP address, Ethernet MAC addresses, 802.11 or Bluetooth MAC addresses, Wifi and RFID tags, or other user-defined variables that may be specific to a given implementation. However, these variables are often unreliable in determining the physical location of a source node as modern networks are typically implemented with a logical “layer 2” structure without emphasis on the node's physical location. Furthermore, variables such as IP address and Wifi RFID tags are commonly defined by a network administrator and are subject to the implementation criteria of a given network, and therefore are susceptible to error in identifying the location of a given node since there is no common mechanism for associating these criteria to a given physical location. In addition, the proliferation of portable and handheld mobile devices makes it increasingly likely that nodes will at some point change the point of attachment to a given network and will need to be identified and likely authenticated against a set of reliable location-based criteria.
In the absence of location-based authentication criteria, a host will typically be configured to require either local parameters, i.e., username and password, or a strong “two-factor” authentication mechanism, or both. Whereas the merit and applicability of these methods is outside the scope of this document, some implementations require an additional layer of authentication control based on the physical location of a given source node. As a result, a means for identifying the location of the source node based on the geographical coordinates, altitude, timestamp and/or other information is needed.
Numerous use cases can be identified for location-based authentication control that would require the source node to provide its current location to one or more destination node(s). The source node to be geolocated can be defined as any IPv6 GEO node capable of encoding the geolocation data within the IPv6 Destination Options header; for example, an airplane, an automobile, a remote corporate user, a ground soldier, or an unmanned aerial vehicle, to name a few. The destination node can be any IPv6 node that can interpret the IPv6 GEO encoded data contained in the Destination Options header; for example, an authentication server responsible for deriving the geolocation criteria received from the source node and authenticating it against a location-based access policy.
Potential use cases for IPv6 GEO include:
In these cases, the actual implementation of a geolocation authentication layer in a multi-layered security scheme is considered outside the scope of this document. This document seeks to specify a method for including the geolocation data in the IPv6 Destination Options header in order for it to be utilized in the manner specified by a set of given implementation criteria.
In the final analysis, if a subject node that willingly submits itself for surveillance sends only a single IPv6 packet or fragment before falling silent, then any tracking node(s) should be able to determine where the packet came from.
The IPv6 GEO "Type 0" Destination Option is formatted as shown in Figure 1:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Option Type | Opt Data Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | GEO Type | Reserved|T|A|L| LAT/LON Integer Part | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LAT Fraction Part | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LON Fraction Part | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Altitude (bits 0-31) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Altitude (bits 32-63) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (sec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (usec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1: IPv6 GEO Type 0 Destination Option Format
The fields of the option are defined as follows:
In the language of Section 4.2 of [RFC2460], the option has alignment requirement '4n+2' when the 'L' flag is set and '4n' when the 'L' flag is clear. Future specifications may include new IPv6 GEO types to encode alternate formats.
The Latitude (LAT) and Longitude (LON) coordinate values are treated as floating point numbers with 10^-10 precision. LAT values range from 0 degrees at the equator to +90 degress northward and -90 degrees southward. LON values range from 0 degrees at the IERS Reference Meridian [WGS-84] to +180 degrees eastward and -180 degrees westward. The LAT/LON coordinates are then encoded as follows:
where "int()" returns the integer part of the floating point number and "fra()" returns the fractional part of the floating point number. This encoding scheme is similar to one proposed in "Efficient WGS84 (aka GPS) coordinates compression"
IPv6 source hosts MAY insert the IPv6 GEO destination option in any IPv6 packets they send to IPv6 destinations (unicast, multicast or anycast). Any IPv6 packet is eligible, including a minimal packet that includes only an (extended) IPv6 header with the value “No Next Header” in the final “Next Header” field.
If the host inserts the IPv6 GEO destination option, it MUST construct the option using the format specified in Section 5.1 and using the encoding algorithm specified in Section 5.2. The host MUST further ensure that the geolocation information encoded in the option is current and accurate.
IPv6 destinations that do not recognize the IPv6 GEO destination option MUST ignore it and continue to process the IPv6 destination options extension header as though the IPv6 GEO option were not present.
IANA is requested to allocate an IPv6 Option number for the IPv6 GEO Option in the "Destination Options and Hop-by-Hop Options" registry.
Packets with IPv6 GEO options that are sent in the clear without encryption risk exposure of sensitive information to unauthorized eavesdroppers. When location privacy is desired, Internet security protocols (e.g., IPsec [RFC4301], etc.) and/or link layer security SHOULD be used to ensure confidentiality.
A spoofing attack is exposed when a source includes forged IPv6 GEO information that is incorrect for its current location and/or time. Destinations SHOULD therefore authenticate the source of IPv6 packets before accepting any IPv6 GEO information they may include.
User agents MUST NOT send geolocation information to unauthorized correspondents (e.g., Web sites, etc.) without the express permission of the user.
The IETF GEOPRIV working group is chartered to "continue to develop and refine representations of location in Internet protocols, and to analyze the authorization, integrity, and privacy requirements that must be met when these representations of location are created, stored, and used". However, the group is located within the Real-time Applications and Infrastructure area, and as such it is not clear whether the Internet layer approach proposed in this document would fit within the area focus. The GEOPRIV working group has published a BCP on "An Architecture for Location and Location Privacy in Internet Applications" [RFC6280].
A BoF on "Internet-wide Geo-Networking (geonet)" was held at IETF88 in November 2013. A Problem Statement related to the BoF states that: "Internet-based applications use IP addresses to address a node that can be a host, a server or a router. Scenarios and use cases exist where nodes are being addressed using their geographical location instead of their IP address" [I-D.karagiannis-problem-statement-geonetworking]. This BoF was held within the Internet area and concerns geolocation at the Internet layer.
As a result of the geonet BoF, a new working group known as 'Intelligent Transportation Systems (its) is undergoing chartering activities. It is expected that IPv6GEO will be closely related to the its charter.
A prototype implementation has been developed and tested, but not yet available for public release. The prototype implementation uses the Option Type value reserved for experimentation [RFC3692].
The authors greatly appreciate the efforts of Jin Fang, who jointly developed the IPv6 GEO message format and was the primary author of the prototype implementation. We wish Jin the best of success in his future endeavors.
The following individuals are acknowledged for helpful comments and suggestions: Jeff Ahrenholz, Kerry Hu.
[RFC0791] | Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981. |
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997. |
[RFC2460] | Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, December 1998. |
[RFC3692] | Narten, T., "Assigning Experimental and Testing Numbers Considered Useful", BCP 82, RFC 3692, DOI 10.17487/RFC3692, January 2004. |
[RFC6564] | Krishnan, S., Woodyatt, J., Kline, E., Hoagland, J. and M. Bhatia, "A Uniform Format for IPv6 Extension Headers", RFC 6564, DOI 10.17487/RFC6564, April 2012. |