1. Field of the Invention
The invention relates generally to location privacy in a communication system. More particularly, the invention relates to a mechanism that allows a communicating party to prevent its whereabouts from being deduced by the opposite communicating party. The mechanism is mainly intended for Mobile Internet Protocol (IP) networks.
2. Description of the Related Art
The protocols related to IP networks, such as the Internet, are developed by the Internet Engineering Task Force (IETF). The IETF has also been developing support for mobile IP nodes for both versions of IP (i.e. for IPv4 and IPv6). The main results of this work are the two Mobile IP protocols, Mobile IPv4 (RFC 2002) and Mobile IPv6 (work in progress, assumed to reach RFC status soon).
Mobile IP defines a mechanism by which a mobile node can change its IP address without interrupting any ongoing sessions with communicating peers. When moving across IP subnets, the mobile node obtains a new IP address facilitated by an access router. The mobile node then informs its home agent (HA) and, optionally, also the correspondent node (CN) about the change in the address by sending the new address (so-called care-of address) in a message called Binding Update (BU) to the home agent and optionally also to the correspondent node. The association of the mobile node's permanent home address with the care-of address of the mobile node is termed binding.
Based on the Binding Update, the correspondent node and possible eavesdroppers may deduce, with certain accuracy, the geographic location of the mobile node. For protecting its privacy, the mobile node can control the sending of the Binding Updates, so that less trusted correspondent nodes will not be given the chance to obtain the location information. The current proposal (draft-ietf-mobileip-ipv6-23, Mobility Support in IPv6, May 2003) states that “a mobile node may also choose to keep its topological location private from certain correspondent nodes, and thus need not initiate the correspondent registration.” The correspondent registration is a process during which a Binding Update is sent to the correspondent node, causing a binding for the mobile node to be registered at the correspondent node. However, the problem related to this is that the mobile node does not really have sufficient information for the decision on whether or not to initiate the correspondent binding procedure.
Typically, the IP address and the related DNS (Domain Name System) name are the only identities of the correspondent node that the mobile node is aware of. The usability of these identities for verifying the identity of the correspondent node is, however, questionable for the following reasons. First, the IPv6 address is a 128-bit string and thus too hard to memorize for a human user. An identifier that is hard to memorize easily makes the user dubious about the trustworthiness of the correspondent node, and when dubious the user tends to omit the correspondent registration, in which case the routing between the two nodes remains unoptimized. This, in turn, causes overhead in the network. Second, the DNS is not a part of the MIPv6 architecture or trust model. Third, DNS data integrity cannot be trusted in today's Internet. The extensions to the Domain Name System, which are described in RFC 2535, try to improve the situation, but these extensions have not been taken into real use. Fourth, the correspondent node does not necessarily have a DNS name at all. This is the situation when a mobile correspondent node is away from its home network, for example.