scalability of geopriv ls gli project toshiharu kurisu...
TRANSCRIPT
Scalability of Geopriv LSGLI Project
http://www.gli.jpToshiharu Kurisu [email protected] Watanabe [email protected] Takeuchi [email protected]
Hideki Sunahara [email protected] Fumio Teraoka [email protected]
GLI Project http://www.gli.jp 2
Problem Statement
• In Geopriv WG, it does not seem that there are discussion about the scalability of LS.
• How about Internet ITS?• In Japan, there are at least 70,000,000 car
s.– Probe System
• Do you think that Geopriv Architecture can work well under such a situation?
GLI Project http://www.gli.jp 3
Problem Statement
• Huge numbers of various nodes will exist and be managed by one Location Server.– The system MUST scale !!– But functions for Privacy Rules defined in Geopriv Re
quirements does not seem to scale.
• Is there anyone who is implementing system based on Geopriv Requirements?– How many LGs do you assume?– What do you think about scalability?
GLI Project http://www.gli.jp 4
Geopriv Requirements
LocationGenerator
LocationServer
LocationRecipient
RuleHolder
Apply rules
registerquery
answer
Rule Maker
If huge numbers of LGs & LRs exist,High frequency registrations & queries may come.In such a situation, applying rules to each queryburdens LS.
LocationGeneratorLocation
GeneratorLocation
GeneratorLocation
GeneratorLocation
GeneratorLocation
GeneratorLocation
GeneratorLocation
GeneratorLocation
Generator
GLI Project http://www.gli.jp 5
Relation between Privacy & Scalability
• There is a tradeoff between Privacy Protection and System Scalability.
• What is the minimum Privacy Protection to achieve LS’s scalability?
• Could we ask the Geopriv WG to take on:– to define the minimum privacy protection to achieve s
calability for Geopriv using protocol guideline, and– to submit GLI using protocol as an experimental RFC
as an example of using protocol that focuses on scalability?
GLI Project http://www.gli.jp 6
Our minimum privacy protection policy
• GLI defines that the minimum privacy protection policy is anonymity.– to hide the real ID– to avoid tracking– to hide the location information to the third
party.
GLI Project http://www.gli.jp 7
GLI system (1)• A system on the Internet that manages the latest
location information of mobile nodes in all over the world.
• Assumptions of using case:– Huge Numbers of LGs exist.– e.g., Internet ITS – probe system. at least 70,000,000 cars exist in Japan.
• Requirements– Scalability
• tolerate to huge numbers of frequent registrations and queries
– Privacy Protection.
GLI Project http://www.gli.jp 8
GLI system (2)scalability & privacy protection
• How to achieve scalability– Distributed management like DNS.– One server is estimated to be able to manage
2,000,000 nodes.• How to protect privacy systematically.
– Privacy protection policy “You can get my location info. if you are credible.”
• hiding the real ID, avoiding tracking, and avoiding to get location info. by the third party.
– GLI system introduces Hashed ID (HID) as mobile node’s ID.
• HID can be generated by only the credible party.• HID changes periodically.
GLI Project http://www.gli.jp 9
Comparison with Geopriv Requirements (RFC3693)
• Privacy Rules– Some Privacy Rules are realized by HID of GLI system.
• Only credible Location Recipient can specify a mobile node by its HID.
• Unlinked Pseudonyms: not link to REAL ID• Target can control the range to open Target's position with
keeping anonymity.– But GLI system has no Rule Maker & Rule Holder.
• Every Location Recipient can receive HID and location information of mobile nodes.
• GLI cannot realize flexible privacy protect like Privacy Rules.• Because GLI system focuses on system scalability.
GLI Project http://www.gli.jp 10
Comparison with Geopriv Reauirement(RFC3693)
Registrationclient
GLIServers
(Registration,HID, Area)
Look-upClient
RuleHolder
LocationGenerator Location
Server
LocationRecipient
Apply rules
registerquery
answer
AuthenticationEncrypted Path
IPsec
Rule Maker
HID
Target can control the range to open Target's position with keeping anonymity
Integrity & Confidentiality
GLI Project http://www.gli.jp 11
Summary
• Our contribution to Geopriv WG– Bring up the relation between Privacy Protection & Sc
alability.– Show GLI as an example of geopriv using protocol– Define items related to scalability in the guideline
• Our GOAL– Submit GLI using protocol draft as an experimental R
FC as an example of using protocol that focuses on scalability.