Title: Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme
1Prefix-Preserving IP Address AnonymizationMeasur
ement-based Security Evaluation and a
NewCryptography-based Scheme
- Jun Xu, Jinliang Fan, Mostafa Ammar, Sue Moon
- College of Computing
Sprint ATL - Georgia Tech
modified presented by Zihui Ge
2Overview
- Motivation
- IP address anonymization
- prefix-preserving
- Prefix-preserving anonymization
- canonical form
- TCPdpriv
- cryptography-based scheme
- Attacks
- models, analysis, evaluation
1
3Motivation
- Traces collected, to share or not to share?
- client personal privacy?
- commercial confidentiality?
- IP address anonymization
- 1.2.3.4 ? 8.4.3.6
- one to one mapping, consistent
- Prefix relationships among IP addresses?
- important routing performance, clustering of
end-systems - Prefix-preserving anonymization
- 1.2.3.4 ? 8.4.3.6
- 1.2.255.2 ? 8.4.9.6
- preserve prefix correlation among addresses
1
4IP Address Anonymization
- Basic anonymization
- a original 4-byte IP address a a1 a2 a32
- a anonymized IP address aa1a2a32
- F 1-to-1 mapping function aF(a)
- Prefix preserving anonymization
- if a, b share k-bit prefix
- a1b1,a2b2, , akbk, ak1bk1
- then aF(a), bF(b) share k-bit prefix
- a1b1,a2b2, , akbk, ak1bk1
1
5Canonical Form
- Canonical construction of F using a series of fi
- ai ai ? fi-1(a1, a2, , ai-1)
- f0 is a constant
- F is a prefix-preserving anonymization function
- A prefix-preserving anonymization function
necessarily takes this form - Different schemes use different fi
- Visualized as a tree
1
6Visualization Address Space
0
1
0
1
0
1
0100
0111
0101
0110
1000
1011
1001
1010
1100
1111
1101
1110
0000
0011
0001
0010
1
7Visualization Original Address Tree
0
1
0
1
0
1
0100
0101
1000
1011
1111
1110
0000
0001
0010
1
8Visualization Anonymization Function
f0()1
0
1
f1(1)0
f1(0)1
0
1
0
1
f2(0,0)0
Flip
Leaf Node
1
9Visualization Anonymized Address Tree
0
1
0
1
0
1
0100
0101
1000
1011
1111
1110
0000
0001
0010
1
10TCPdpriv
- Sequentially scan IP address
- look up prefix in history table
- randomly choose suffix
- concatenate prefix,suffix update history table
a1a2akak1aK2an
rand(a1a2akak1an)
1
11TCPdpriv
- Sequentially scan IP address
- look up prefix in history table
- randomly choose suffix
- concatenate prefix,suffix update history table
- Mapping is trace-dependent
- Need to maintain a table to track previous
mappings - table size grow over time
- look up cost increase over time
- Unable to process in parallel
1
12New Crytography-Based Algorithm
fi(a1, a2, , ai-1) L(R(P(a1a2ai-1), K))
- deterministic fi function
- trace-independent
- What PRF to use?
- Practical bock ciphers, e.g., AES, can be
modeled as PRP
1
13Attacks on Anonymization Schemes
- Cryptographic attacks
- scheme specific
- vulnerability comes from the specific
construction of fi - TCPdpriv not susceptible
- our scheme provable secure
- Semantic attacks
- common to all schemes
- vulnerability comes from the canonical
construction of F - effectiveness should be measured
1
14Evaluation of Semantic Attacks
- Metrics to measure effect of attacks
- Virtual (but theoretically interesting) attacks
- good measure of the resistance of a specific
trace to semantic attacks in general - good relative reference points for measuring the
effectiveness of practical attacks. - Practical attacks
1
15Metrics to Measure Effect of Attacks
- Measure of attack severity
- U of unknown uncompressed bits
- C of unknown compressed bits
- Ki of addresses with exactly i known most
significant bit
1
16If an address is compromised
1000
1001
0010
0000
0110
0111
1???
1100
1101
1111
0010
000?
C9, U18, K14, K22, K32, K41
1
17Evaluation on Real Traces
- Measure the resistance of a specific trace to
semantic attacks in general - Effect of compromising random address
- Effect of compromising greedily-generated address
1
18Effect of Compromising Random Addresses
1
19Practical Attacks
- Frequency Analysis
- DNS Server Address Tracing
- Others
1
20Conclusions
- Canonical form of constructing prefix-preserving
anonymization function - New cryptography-based scheme
- Framework of measuring the resistance of traces
and the effectiveness of attacks - Implementation
- http//www.cc.gatech.edu/computing/Telecomm/crypto
pan/
1