Abstract
In our search for anonymization solutions for passive measurement data in the context of the LOBSTER passive network monitoring project, we discovered attacks against two initially promising candidates for IP address anonymization. We present a suite of three algorithms employing packet injection and frequency analysis, which can compromise individual addresses protected with prefix-preserving anonymization in multilinear time. We present two algorithms to counter our attacks. These methods support gradual release of topological information, as required by some applications. We also introduce an algorithm that strengthens some hash-based anonymization methods.
Keywords
- Hash Function
- Block Cipher
- Destination Address
- Binary Search Tree
- IPv4 Address
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Preview
Unable to display preview. Download preview PDF.
References
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4 (1981)
Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity - A proposal for terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 1. Springer, Heidelberg (2001)
Biskup, J., Flegel, U.: On pseudonymization of audit data for intrusion detection. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 161. Springer, Heidelberg (2001)
Sobirey, M., Fischer-Hübner, S., Rannenberg, K.: Pseudonymous audit for privacy enhanced intrusion detection. In: SEC, pp. 151–163 (1997)
Peuhkuri, M.: A method to compress and anonymize packet traces. In: Internet Measurement Workshop, San Francisco, California, USA, pp. 257–261 (2001)
Xu, J., Fan, J., Ammar, M., Moon, S.B.: On the design and performance of prefix-preserving ip traffic trace anonymization. In: Proceedings of the ACM SIGCOMM Internet Measurement Workshop 2001 (2001)
Xu, J., Fan, J., Ammar, M., Moon, S.B.: Prefix-preserving ip address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: ICNP 2002 (2002)
Menezes, A.J., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Slagell, A., Wang, J., Yurick, W.: Network log anonymization: Application of Crypto-PAn to Cisco Netflows. In: IEEE Workshop on Secure Knowledge Management (SKM) (2004)
Raymond, J.-F.: Traffic analysis: Protocols, attacks, design issues, and open problems. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, p. 10. Springer, Heidelberg (2001)
Forte, D.: Using tcpdump and sanitize for system security. Login 26 (2001)
Cho, K., Mitsuya, K., Kato, A.: Traffic data repository at the WIDE project. In: Proceedings of FREENIX Track: 2000 USENIX Annual Technical Conference, pp. 263–270 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brekne, T., Årnes, A., Øslebø, A. (2006). Anonymization of IP Traffic Monitoring Data: Attacks on Two Prefix-Preserving Anonymization Schemes and Some Proposed Remedies. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_12
Download citation
DOI: https://doi.org/10.1007/11767831_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34745-3
Online ISBN: 978-3-540-34746-0
eBook Packages: Computer ScienceComputer Science (R0)