On the Design of Fast Prefix-Preserving IP Address Anonymization Scheme

  • Qianli Zhang
  • Jilong Wang
  • Xing Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4861)


Traffic traces are generally anonymized before used in analysis. Prefix-preserving anonymization is often used to avoid privacy issues as well as preserve prefix relationship after anonymization. To facilitate research on real time high speed network traffic, address anonymization algorithm should be fast and consistent. In this paper, the bit string based algorithm and the embedded bit string algorithm will be introduced. Bit string based algorithm uses precomputed bit string to improve the anonymization performance. Instead of only using the LSB of each Rijndael output, the embedded bit string algorithm will take advantage of the full size Rijndael output to anonymize several bits at the same time. The implementation can be downloaded from


Block Cipher Cache Size Random Input Cache Line Block Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    McGregor, T., Braun, H., Brown, J.: The NLANR network analysis infrastructure. IEEE Communications Magazine 38(5), 122–128 (2000)CrossRefGoogle Scholar
  3. 3.
    The Internet traffic archive (April 2000),
  4. 4.
    Patarin, S., Makpangou, M., Pandora, M.: A flexible network monitoring platform. In: Proceedings of the 2000 USENIX Annual Technical Conference (June 2000)Google Scholar
  5. 5.
    Peuhkuri, M.: A Method to Compress and Anonymize Packet Traces. SIGCOMM IMW  (2001)Google Scholar
  6. 6.
    Pang, R., Paxson, V.: A high-level programming environment for packet trace anonymization and transformation. SIGCOMM (2003)Google Scholar
  7. 7.
    Krishnamurthy, B., Wang, J.: On network-ware clustering of web clients. In: SIGCOMM (2000)Google Scholar
  8. 8.
    Minshall, G.: TCPdpriv Command Manual (1996)Google Scholar
  9. 9.
    Cho, K., Mitsuya, K., Kato, A.: Traffic data repository at the wide project. In: Proceedings of USENIX 2000 Annual Technical Conference: FREENIX Track, San Diego, CA (June 2000)Google Scholar
  10. 10.
    Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: On the design and performance of prefix-preserving IP traffic trace anonymization. In: SIGCOMM IMW (2001) Google Scholar
  11. 11.
    Xu, J., Fan, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization: measurement based security evaluation and a new cryptography-based scheme. In: ICNP (2002)Google Scholar
  12. 12.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael, Tech. Rep., Computer Security Resource Center, National Institute of Standards and Technology (February 2001),
  13. 13.
    Beyls, K., D’Hollander, E.: Reuse distance-based cache hint selection. In: Proccedings of the 8th International Euro-Par Conference (August 2002)Google Scholar
  14. 14.
    Jenkins, B.: ISAAC: a fast cryptographic random number generator,
  15. 15.
    Pudovkina, M.: A known plaintext attack on the ISAAC keystream generator,
  16. 16.
    Krawczyk, H., Bellare, M., Canetti, R.: RFC 2104: HMAC: Keyed-Hashing for Message Authentication (February 1997)Google Scholar
  17. 17.
    Ylonen, T.: Thoughts on how to mount an attack on tpcpdriv’s ”-50” option, in TCPpdpriv source distribution (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Qianli Zhang
    • 1
  • Jilong Wang
    • 1
  • Xing Li
    • 1
  1. 1.CERNET Center, Tsinghua UniversityChina

Personalised recommendations